#Get information about the system Get-AdfsSystemInformation #Get information about the AD FS farm deployment Get-AdfsServerConfiguration #Perform health checks Test-AdfsServerHealth | ft Name,Result -AutoSize #Get only the tests that failed Test-AdfsServerHealth | where {$_.Result -eq "Fail"} | fl #Synthetic transaction to request a token with windows integrated authentication against the Azure Active Directory Relying Party Test-AdfsServerToken -federationServer fs.yourdomain.com -appliesTo urn:federation:MicrosoftOnline #Synthetic transaction to request a token with username/password credential against the Azure Active Directory Relying Party Test-AdfsServerToken -federationServer fs.yourdomain.com -appliesTo urn:federation:MicrosoftOnline -credential (Get-Credential) #output the claims in the powershell pipeline $token = [Xml](Test-AdfsServerToken -federationServer localhost -appliesTo urn:federation:MicrosoftOnline) $token.Envelope.Body.RequestSecurityTokenResponse.RequestedSecurityToken.Assertion.AttributeStatement.Attribute | ft #get the events based on a activity ID Get-AdfsServerTrace -activityId $activityId #get the events based on a activity ID, save as HTML file Get-AdfsServerTrace -activityId $activityId -outHtmlFile .\Report.htm
#Get information about the system Get-AdfsSystemInformation #Get information about the AD FS farm deployment Get-AdfsServerConfiguration #Perform health checks Test-AdfsServerHealth | ft Name,Result -AutoSize #Get only the tests that failed Test-AdfsServerHealth | where {$_.Result -eq "Fail"} | fl #Synthetic transaction to request a token with windows integrated authentication against the Azure Active Directory Relying Party Test-AdfsServerToken -federationServer fs.yourdomain.com -appliesTo urn:federation:MicrosoftOnline #Synthetic transaction to request a token with username/password credential against the Azure Active Directory Relying Party Test-AdfsServerToken -federationServer fs.yourdomain.com -appliesTo urn:federation:MicrosoftOnline -credential (Get-Credential) #output the claims in the powershell pipeline $token = [Xml](Test-AdfsServerToken -federationServer localhost -appliesTo urn:federation:MicrosoftOnline) $token.Envelope.Body.RequestSecurityTokenResponse.RequestedSecurityToken.Assertion.AttributeStatement.Attribute | ft #get the events based on a activity ID Get-AdfsServerTrace -activityId $activityId #get the events based on a activity ID, save as HTML file Get-AdfsServerTrace -activityId $activityId -outHtmlFile .\Report.htm
Name Result Detail ---- ------ ------ IsAdfsRunning Pass IsWidRunning Pass PingFederationMetadata Pass CheckCertificatesAvailable Pass CheckCertificatesPrivateKey Pass CheckAdfsSslBindings Pass CheckCertificatesKeyUsage Fail Certificate Usage: Token-Decrypting... CheckCertificatesExpired Pass CheckCertificatesAboutToExpire Pass CheckCertificatesSslSelfSigned Pass CheckCertificatesAvailable-Secondary Pass CheckCertificatesPrivateKey-Secondary Pass CheckAdfsSslBindings-Secondary Pass CheckCertificatesKeyUsage-Secondary Pass CheckCertificatesExpired-Secondary Pass CheckCertificatesAboutToExpire-Secondary Pass CheckCRLAccess-Service-Communications Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-Token-Decrypting Pass Thumbprint: 01FDA170570651C73AACC8599423310C9935E9D1... CheckCRLAccess-Token-Signing Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckFarmDNSHostResolution Pass CheckDuplicateSPN Pass Found SPN in object: CN=fssvc,CN=Users,DC=adfsonpremV2,DC=info TestServiceAccountProperties Pass TestAppPoolIDMatchesServiceID NotRun Test only to be run on ADFS 2.0 TestComputerNameEqFarmName Pass TestSSLUsingADFSPort NotRun Test only to be run on ADFS 2.0 Machine TestSSLCertSubjectContainsADFSFarmName Pass TestAdfsRequestToken Pass Token Received: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" x... CheckOffice365Endpoints Fail Lync related endpoint are not configured properly, extranet users can experienc... TestADFSO365RelyingParty Pass
Name Result Detail ---- ------ ------ IsAdfsRunning Pass IsWidRunning Pass PingFederationMetadata Pass CheckCertificatesAvailable Pass CheckCertificatesPrivateKey Pass CheckAdfsSslBindings Pass CheckCertificatesKeyUsage Fail Certificate Usage: Token-Decrypting... CheckCertificatesExpired Pass CheckCertificatesAboutToExpire Pass CheckCertificatesSslSelfSigned Pass CheckCertificatesAvailable-Secondary Pass CheckCertificatesPrivateKey-Secondary Pass CheckAdfsSslBindings-Secondary Pass CheckCertificatesKeyUsage-Secondary Pass CheckCertificatesExpired-Secondary Pass CheckCertificatesAboutToExpire-Secondary Pass CheckCRLAccess-Service-Communications Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-Token-Decrypting Pass Thumbprint: 01FDA170570651C73AACC8599423310C9935E9D1... CheckCRLAccess-Token-Signing Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckCRLAccess-SSL Pass Thumbprint: F31F254C7A5BC1DAD35CD9843C6F12F5F5FB7ADB... CheckFarmDNSHostResolution Pass CheckDuplicateSPN Pass Found SPN in object: CN=fssvc,CN=Users,DC=adfsonpremV2,DC=info TestServiceAccountProperties Pass TestAppPoolIDMatchesServiceID NotRun Test only to be run on ADFS 2.0 TestComputerNameEqFarmName Pass TestSSLUsingADFSPort NotRun Test only to be run on ADFS 2.0 Machine TestSSLCertSubjectContainsADFSFarmName Pass TestAdfsRequestToken Pass Token Received: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" x... CheckOffice365Endpoints Fail Lync related endpoint are not configured properly, extranet users can experienc... TestADFSO365RelyingParty Pass