Federation server discovery
Microsoft.ActiveDirectoryFederationServices.2016.FederationServerDiscovery (Discovery)
Knowledge Base article:
Element properties:
Object Discovery Details:
Member Modules:
Source Code:
<Discovery ID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerDiscovery" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerSeed" ConfirmDelivery="false" Remotable="true" Priority="Normal">
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="Version"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="SqlConnectionString"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="Mode"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="Role"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="PerformanceCounterName"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="EventLogLevel"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="ServerName"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServer" PropertyID="ADFSEventLog"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TrustManagement">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TrustManagement" PropertyID="TrustMonitoringInterval"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.WIDSync">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.WIDSync" PropertyID="WIDSyncInterval"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.WIDSync" PropertyID="LastSyncTime"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.CertificateManagement">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.CertificateManagement" PropertyID="CertRolloverInterval"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.Authentication">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.Authentication" PropertyID="STSIdentifier"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.Authentication" PropertyID="ArtifactServiceEnabled"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.Authentication" PropertyID="SQLAttributeStores"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.Authentication" PropertyID="LDAPAttributeStores"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.Authentication" PropertyID="CustomAttributeStores"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance" PropertyID="RelyingParties"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance" PropertyID="TokenSigningCertThumbprint"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance" PropertyID="ClaimsProviders"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance" PropertyID="TokenDecryptionCertThumbprint"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.ArtifactService">
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationService">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationService" PropertyID="GroupName"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.ActiveDirectoryFederationServices2016">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices.2016.ActiveDirectoryFederationServices2016" PropertyID="ADFSKey"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices.2016.OnPremisesDeviceRegistrationService"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsTrustManagement"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsWIDSync"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsCertificateManagement"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.AuthenticationHostsTokenIssuance"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.AuthenticationHostsTokenAcceptance"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.AuthenticationHostsArtifactService"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsAuthentication"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.ActiveDirectoryFederationServices2016ContainsFederationService"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServiceContainsFederationServer"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsOnPremisesDeviceRegistrationService"/>
</DiscoveryTypes>
<DataSource ID="PSScript" TypeID="System!System.CommandExecuterDiscoveryDataSource">
<IntervalSeconds>14400</IntervalSeconds>
<ApplicationName>%windir%\system32\windowspowershell\v1.0\powershell.exe</ApplicationName>
<WorkingDirectory/>
<CommandLine>-Command "Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force;.\FederationServerDiscovery.ps1 '$Target/Id$' '$MPElement$' '$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$'</CommandLine>
<SecureInput/>
<TimeoutSeconds>1800</TimeoutSeconds>
<RequireOutput>true</RequireOutput>
<Files>
<File>
<Name>FederationServerDiscovery.ps1</Name>
<Contents><Script>function GetAttributeStoreConnections([string] $attributeStoreType)
{
$connections = ""
$stores = ( Get-ADFSAttributeStore | where-object { $_.StoreClassification -eq $attributeStoreType } )
Write-Host $stores
$firstTime = 1;
foreach ( $store in $stores )
{
if ($store -ne $null)
{
if ( $firstTime -eq 0 )
{
$connections += ","
}
else
{
$firstTime = 0
}
$connections += $store.Configuration["connection"]
}
}
return $connections
}
function GetLogMessageHeader([string] $guid, [int] $index)
{
$messageHeader = "GUID: " + $guid + " index " + $index
return $messageHeader
}
$target = $args[0]
$element = $args[1]
$targetComputer = $args[2]
$guid=[Guid]::NewGuid()
$indexMessage=0
$scomAPI = new-object -comObject "MOM.ScriptAPI"
$discoveryData = $scomAPI.CreateDiscoveryData(0, $element, $target)
try
{
$scomAPI.LogScriptEvent("param0: target: $target", 998, 4, $targetComputer )
$scomAPI.LogScriptEvent("param1: element: $element", 998, 4, $targetComputer )
$scomAPI.LogScriptEvent("param2: target name: $targetComputer", 998, 4, $targetComputer )
$scomAPI.LogScriptEvent("param2: target: $[Security.Principal.WindowsIdentity]::GetCurrent().Name", 998, 4, $targetComputer )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Beginning FederationServer discovery", 100, 4, $targetComputer )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Called using path $($MyInvocation.InvocationName)", 999, 4, $targetComputer )
#Get product version
$serviceWMIObject = (get-wmiobject -query "select * from win32_service where name='adfssrv'")
$servicePath = $serviceWMIObject.PathName
$serviceVersion = (get-item $servicePath).VersionInfo.ProductVersion
$isServiceRunning = $serviceWMIObject.Started
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Service Is Running: $isServiceRunning", 999, 4, $targetComputer )
Import-Module adfs
$stsWMIObject = (Get-WmiObject -Namespace root\ADFS -Class SecurityTokenService)
$sqlConnectionString = $stsWMIObject.ConfigurationDatabaseConnectionString
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText ADFS connection string:$sqlConnectionString", 999, 4, $targetComputer )
[System.Data.SqlClient.SqlConnectionStringBuilder] $sqlConnectionBuilder = new-object System.Data.SqlClient.SqlConnectionStringBuilder $sqlConnectionString
#connection string for Blue
$isWID = [StringComparer]::OrdinalIgnoreCase.Equals( $sqlConnectionBuilder.DataSource, 'np:\\.\pipe\microsoft##wid\tsql\query');
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Is this wid? $isWID", 999, 4, $targetComputer )
$adfsSyncProperties = Get-ADFSSyncProperties
$isPrimary = [StringComparer]::OrdinalIgnoreCase.Equals($adfsSyncProperties.Role, 'PrimaryComputer')
$isSecondary = [StringComparer]::OrdinalIgnoreCase.Equals($adfsSyncProperties.Role , 'SecondaryComputer')
$canMineInfo = ($isPrimary -or (-not $isWID))
if($canMineInfo )
{
$adfsProperties = Get-ADFSProperties
$hostName = $adfsProperties.HostName
}
else
{
$hostName = $adfsSyncProperties.PrimaryComputerName
}
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Captured properties", 999, 4, $targetComputer )
####AD FS
$adfsInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.ActiveDirectoryFederationServices2016']$")
$adfsInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.ActiveDirectoryFederationServices2016']/ADFSKey$", "AD FS")
$adfsInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "AD FS")
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Discovered ADFS root instance", 999, 4, $targetComputer )
$discoveryData.AddInstance($adfsInstance)
####FederationService
$federationServersInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationService']$")
$federationServersInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationService']/GroupName$", $hostName)
$federationServersInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $hostName)
$discoveryData.AddInstance($federationServersInstance)
$temp_HostName = $hostName
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Discovered FederationServiceFarm. Host=$temp_HostName", 999, 4, $targetComputer )
#Add relationship
$adfsContainsFederationService = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.ActiveDirectoryFederationServices2016ContainsFederationService']$")
$adfsContainsFederationService.Source = $adfsInstance
$adfsContainsFederationService.Target = $federationServersInstance
$discoveryData.AddInstance( $adfsContainsFederationService )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Added relationship instance: $adfsContainsFederationService", 999, 4, $targetComputer )
####FederationServer
$federationServerInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']$")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$federationServerInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/Version$", $serviceVersion)
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/SqlConnectionString$", $sqlConnectionString)
if ($isWID)
{
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/Mode$", "WID")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/Role$", $adfsSyncProperties.Role)
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText The role is WID", 999, 4, $targetComputer )
}
else
{
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/Mode$", "SQL")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/Role$", "")
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText The role is SQL", 999, 4, $targetComputer )
}
if($canMineInfo)
{
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/EventLogLevel$", [String]::Join(",", $adfsProperties.LogLevel) )
}
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/PerformanceCounterName$", "AD FS")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ADFSEventLog$", "AD FS/Admin")
$discoveryData.AddInstance($federationServerInstance)
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Federation server instance added: $federationServerInstance", 999, 4, $targetComputer )
#Add relationship
$federationServersContainsFederationServer = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServiceContainsFederationServer']$")
$federationServersContainsFederationServer.Source = $federationServersInstance
$federationServersContainsFederationServer.Target = $federationServerInstance
$discoveryData.AddInstance( $federationServersContainsFederationServer )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Instance added to the relationship: $federationServersContainsFederationServer", 999, 4, $targetComputer )
if ( $isServiceRunning )
{
if ( $canMineInfo )
{
$certificates = Get-ADFSCertificate
$adfsEndpoints = Get-ADFSEndpoint
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - Discovering trust management", 999, 4, $targetComputer )
$trustMgmtInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TrustManagement']$")
$trustMgmtInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$trustMgmtInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$trustMgmtInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Trust management")
$trustMgmtInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TrustManagement']/TrustMonitoringInterval$", $adfsProperties.MonitoringInterval )
#Add instance
$discoveryData.AddInstance( $trustMgmtInstance )
#Add relationship
$fsHostsTrustMgmt = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsTrustManagement']$")
$fsHostsTrustMgmt.Source = $federationServerInstance
$fsHostsTrustMgmt.Target = $trustMgmtInstance
$discoveryData.AddInstance( $fsHostsTrustMgmt )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - trust management discovered", 999, 4, $targetComputer )
}
####WIDSync
if ( $isWID )
{
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - starting wid sync discovery", 999, 4, $targetComputer )
$widSyncInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.WIDSync']$")
$widSyncInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$widSyncInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$widSyncInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "WID sync")
if ( $isSecondary )
{
$widSyncInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.WIDSync']/WIDSyncInterval$", $adfsSyncProperties.PollDuration )
$widSyncInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.WIDSync']/LastSyncTime$", "" )
}
#Add instance
$discoveryData.AddInstance( $widSyncInstance )
#Add relationship
$fsHostsWIDSync = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsWIDSync']$")
$fsHostsWIDSync.Source = $federationServerInstance
$fsHostsWIDSync.Target = $widSyncInstance
$discoveryData.AddInstance( $fsHostsWIDSync )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - wid sync discovery completed", 999, 4, $targetComputer )
}
####Certificate management
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - starting cert management discovery", 999, 4, $targetComputer )
$certMgmtInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.CertificateManagement']$")
$certMgmtInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$certMgmtInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
if($canMineInfo )
{
$certMgmtInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.CertificateManagement']/CertRolloverInterval$", $adfsProperties.CertificateRolloverInterval )
}
$certMgmtInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Certificate management")
#Add instance
$discoveryData.AddInstance( $certMgmtInstance )
#Add relationship
$fsHostsCertMgmt = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsCertificateManagement']$")
$fsHostsCertMgmt.Source = $federationServerInstance
$fsHostsCertMgmt.Target = $certMgmtInstance
$discoveryData.AddInstance( $fsHostsCertMgmt )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - cert management discovery completed", 999, 4, $targetComputer )
####Authentication
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - starting authentication discovery", 999, 4, $targetComputer )
$authInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.Authentication']$")
$authInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$authInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$authInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Authentication")
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.Authentication']/STSIdentifier$", $hostName )
if($canMineInfo)
{
$samlArtResolutionEndpointEnabled = ( $adfsEndpoints | where-object {$_.Protocol -eq "SAML-ArtifactResolution"} ).Enabled
$oauthEndpointEnabled = ( $adfsEndpoints | where-object {$_.Protocol -eq "OAuth"} ).Enabled
$artSvcEnabled = $samlArtResolutionEndpointEnabled -Or $adfsProperties.PreventTokenReplays -Or $oauthEndpointEnabled
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.Authentication']/ArtifactServiceEnabled$", $artSvcEnabled )
$ldapConnections = GetAttributeStoreConnections("LDAP")
$sqlConnections = GetAttributeStoreConnections("SQL")
#Custom attribute store names
$adfsCustomStores = ( Get-ADFSAttributeStore | where-object {$_.StoreClassification -eq "Custom"} )
$customClassNames = ""
$firstTime = 1;
foreach ( $store in $adfsCustomStores )
{
if ( $firstTime -eq 0 )
{
$customClassNames += ","
}
else
{
$firstTime = 0
}
$customClassNames += $store.StoreTypeQualifiedName
}
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.Authentication']/LDAPAttributeStores$", $ldapConnections )
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.Authentication']/SQLAttributeStores$", $sqlConnections )
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.Authentication']/CustomAttributeStores$", $customClassNames )
}
#Add instance
$discoveryData.AddInstance( $authInstance )
#Add relationship
$fsHostsAuth = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsAuthentication']$")
$fsHostsAuth.Source = $federationServerInstance
$fsHostsAuth.Target = $authInstance
$discoveryData.AddInstance( $fsHostsAuth )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - authentication discovery completed", 999, 4, $targetComputer )
####TokenIssuance
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - starting token issuance discovery", 999, 4, $targetComputer )
$tokenIssuanceInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance']$")
#$tokenIssuanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.Authentication']/STSIdentifier$", $hostName )
$tokenIssuanceInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$tokenIssuanceInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
if($canMineInfo )
{
$adfsRelyingParties = Get-ADFSRelyingPartyTrust
$relyingParties = ""
$firstTime = 1
foreach ( $rp in $adfsRelyingParties )
{
foreach ($rpId in $rp.Identifier)
{
if ( $firstTime -eq 0 )
{
$relyingParties += ","
}
else
{
$firstTime = 0
}
$relyingParties += $rpId
}
}
$tokenIssuanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance']/RelyingParties$", $relyingParties )
$signingCert = ( $certificates | where-object {($_.CertificateType -eq "Token-Signing") -and ($_.IsPrimary)} ).Thumbprint
$tokenIssuanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TokenIssuance']/TokenSigningCertThumbprint$", $signingCert )
$tokenIssuanceInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Token issuance")
}
#Add instance
$discoveryData.AddInstance( $tokenIssuanceInstance )
#Add relationship
$authHostsTokenIssuance = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.AuthenticationHostsTokenIssuance']$")
$authHostsTokenIssuance.Source = $authInstance
$authHostsTokenIssuance.Target = $tokenIssuanceInstance
$discoveryData.AddInstance( $authHostsTokenIssuance )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - token issuance discovery completed", 999, 4, $targetComputer )
####TokenAcceptance
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - starting token acceptance discovery", 999, 4, $targetComputer )
$tokenAcceptanceInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance']$")
$tokenAcceptanceInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$tokenAcceptanceInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$tokenAcceptanceInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Token acceptance")
if($canMineInfo )
{
$adfsClaimsProviders = Get-ADFSClaimsProviderTrust
$claimsProviders = ""
$firstTime = 1
foreach ( $cp in $adfsClaimsProviders )
{
if ( $firstTime -eq 0 )
{
$claimsProviders += ","
}
else
{
$firstTime = 0
}
$claimsProviders += $cp.Identifier
}
$tokenAcceptanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance']/ClaimsProviders$", $claimsProviders )
$decryptingCert = ( $certificates | where-object {($_.CertificateType -eq "Token-Decrypting") -and ($_.IsPrimary)} ).Thumbprint
$tokenAcceptanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.TokenAcceptance']/TokenDecryptionCertThumbprint$", $decryptingCert )
}
#Add instance
$discoveryData.AddInstance( $tokenAcceptanceInstance )
#Add relationship
$authHostsTokenAcceptance = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.AuthenticationHostsTokenAcceptance']$")
$authHostsTokenAcceptance.Source = $authInstance
$authHostsTokenAcceptance.Target = $tokenAcceptanceInstance
$discoveryData.AddInstance( $authHostsTokenAcceptance )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - token acceptance discovery completed", 999, 4, $targetComputer )
####ArtifactService
if ( $artSvcEnabled )
{
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - starting artifact service discovery", 999, 4, $targetComputer )
$artifactServiceInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.ArtifactService']$")
$artifactServiceInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$artifactServiceInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$artifactServiceInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Artifact service")
#Add instance
$discoveryData.AddInstance( $artifactServiceInstance )
#Add relationship
$authHostsArtifactService = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.AuthenticationHostsArtifactService']$")
$authHostsArtifactService.Source = $authInstance
$authHostsArtifactService.Target = $artifactServiceInstance
$discoveryData.AddInstance( $authHostsArtifactService )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - artifact service discovery completed", 999, 4, $targetComputer )
}
####OnPremisesDeviceRegistrationService
$drsEnabled = $false
$drsSvc = gwmi -Class Win32_Service -Property StartMode -Filter "Name='drs'"
#if the service is enabled, then it is a monitoring target
if (($drsSvc -ne $null) -and ($drsSvc.StartMode -eq "Auto"))
{
$drsEnabled = $true
}
#TODO: If the drs is enabled in some nodes, but not in others, that is something worth surfacing, but I don't
#seem to have the optics to do this.
if ($drsEnabled)
{
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - starting drs discovery", 999, 4, $targetComputer )
#Create the instance
$drsInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.OnPremisesDeviceRegistrationService']$")
$drsInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServer']/ServerName$", $targetComputer)
$drsInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$drsInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "On premises DRS")
$discoveryData.AddInstance( $drsInstance )
$fsHostsDrs = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices.2016.FederationServerHostsOnPremisesDeviceRegistrationService']$")
$fsHostsDrs.Source = $federationServerInstance
$fsHostsDrs.Target = $drsInstance
$discoveryData.AddInstance( $fsHostsDrs )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText - drs discovery completed", 999, 4, $targetComputer )
}
}
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText Data to be returned: $discoveryData", 999, 4, "" )
$headerText = GetLogMessageHeader($guid, $indexMessage++)
$scomAPI.LogScriptEvent("$headerText End of FederationServer discovery", 101, 4, "" )
$scomAPI.Return($discoveryData)
}
catch [System.Exception]
{
$Description = $_.Exception.ToString()
$ErrNumber = $_.Exception.ErrorCode
$scomAPI.LogScriptEvent("Exception found $SCRIPT_NAME - $Description",101,4,"")
if ($_.Exception.InnerException -ne $null)
{
$innerDescription = $_.Exception.InnerException.ToString()
$scomAPI.LogScriptEvent("Inner exception found $SCRIPT_NAME - $innerDescription",101,4,"")
}
}
</Script></Contents>
</File>
</Files>
</DataSource>
</Discovery>
Home
ENU