Azure AD Connect Health
Azure AD Connect Health is a tool that allows the administrator to monitor infrastructure AD On Premise. Until now several tools was provides the administrator (Scom – System Center Operation Manager-, event log,…)
It is now possible to conduct surveillance through Azure AD Connect Health. This can very quickly see performance alerts or sync error… You can also monitor your infrastructure ADFS (Active Directory Federation Service) 2.0 and 3.0.
Prerequisites
- Have a subscription azure ad premium
- Install agent in target server (https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health-agent-install/)
- Enabled ADFS if you want monitoring ADFS (https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health-agent-install/#installing-the-azure-ad-connect-health-agent-for-ad-fs)
- Outbound connectivity to following end points
- https://management.azure.com
- *.blob.core.windows.net
- *.queue.core.windows.net
- *.servicebus.windows.net – Port: 5671
- https://*.adhybridhealth.azure.com/
- https://*.table.core.windows.net/
- https://policykeyservice.dc.ad.msft.net/
- https://login.windows.net
- https://login.microsoftonline.com
- https://secure.aadcdn.microsoftonline-p.com
- TCP/UDP port 80
- TCP/UDP port 443
- TCP/UDP port 5671
Azure AD Connect Health
It is necessary as a first step to connect to the portal azure. Click new and then locate Azure AD Connect Health
In the Marketplace window, click Azure AD Connect Health and then in the right pane, click Create.
Select the desired Active Directory, and then click Pin to dashboard if you want to have a shortcut on the dashboard. Finally click Create
A new icon is present in the Dashboard…
In the window that appears, click on Quick start to initiate the feature. Get Tools, select the desired agent:
- Download Azure AD Connect for ADFS in order to monitor the State of health of the ADFS servers
- Download Azure AD Connect (configures agent for sync) for the State of the synchronization between domain controller (ADDS) and Azure Active Directory
In our case, it is necessary to download the Azure AD Connect tool (configures agent for sync).
My Domain controller execute Windows Server 2016 TP5, after you download the Azure Ad Connect tool I proceeded to install on this server. After installation, a Wizard starts. Accept the license and then click continue in the Welcome to Azure AD Connect window.In the next window, click on Customize in order to perform a custom installation.
In the next window, it is possible to proceed to the Setup customization (using a base sql,…) and then click install. In the login window, select the password synchronization option, and then click Next. Enter your credentials for the administrator account azure (login / password) and then click Next. Perform the same operation for the account active directory (ADDS).
In order to allow better granularity, filtering will be operated by a security group. Thus it is necessary that the account be member of the group to be synchronized in Azure AD. Click next in the window filtering by domain or organizational unit without making a change. In the filter the users and devices window, select the radio synchronization button and enter the name of the group. Validate by clicking on resolution. Finally click Next.
Validate the various windows that follow without modification. It is now possible from the portal Azure track the status of synchronization between the two directories.