Federation server discovery
Microsoft.ActiveDirectoryFederationServices20.FederationServerDiscovery (Discovery)
Element properties:
Object Discovery Details:
Member Modules:
Source Code:
<Discovery ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerDiscovery" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.FederationServerSeed" ConfirmDelivery="false" Remotable="true" Priority="Normal">
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="Version"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="SqlConnectionString"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="Mode"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="Role"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="PerformanceCounterName"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="EventLogLevel"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="ServerName"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServer" PropertyID="ADFSEventLog"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.TrustManagement">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.TrustManagement" PropertyID="TrustMonitoringInterval"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.WIDSync">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.WIDSync" PropertyID="WIDSyncInterval"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.WIDSync" PropertyID="LastSyncTime"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.Websites">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Websites" PropertyID="FedPassiveWebsiteURL"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Websites" PropertyID="FedPassiveWebsitePort"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Websites" PropertyID="WSTrustEndpoint"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Websites" PropertyID="SAMLEndpoint"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.CertificateManagement">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.CertificateManagement" PropertyID="CertRolloverInterval"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.Authentication">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Authentication" PropertyID="STSIdentifier"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Authentication" PropertyID="ArtifactServiceEnabled"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Authentication" PropertyID="SQLAttributeStores"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Authentication" PropertyID="LDAPAttributeStores"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.Authentication" PropertyID="CustomAttributeStores"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.TokenIssuance">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.TokenIssuance" PropertyID="RelyingParties"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.TokenIssuance" PropertyID="TokenSigningCertThumbprint"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.TokenAcceptance">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.TokenAcceptance" PropertyID="ClaimsProviders"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.TokenAcceptance" PropertyID="TokenDecryptionCertThumbprint"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.ArtifactService">
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationService">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationService" PropertyID="GroupName"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20" PropertyID="ADFSKey"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsTrustManagement"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsWIDSync"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsCertificateManagement"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.AuthenticationHostsTokenIssuance"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.AuthenticationHostsTokenAcceptance"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.AuthenticationHostsArtifactService"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsWebSites"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsAuthentication"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20ContainsFederationService"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServiceContainsFederationServer"/>
</DiscoveryTypes>
<DataSource ID="PSScript" TypeID="System!System.CommandExecuterDiscoveryDataSource">
<IntervalSeconds>43200</IntervalSeconds>
<ApplicationName>%windir%\system32\windowspowershell\v1.0\powershell.exe</ApplicationName>
<WorkingDirectory/>
<CommandLine>-Command "Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force;.\FederationServerDiscovery.ps1 '$Target/Id$' '$MPElement$' '$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$'</CommandLine>
<SecureInput/>
<TimeoutSeconds>1800</TimeoutSeconds>
<RequireOutput>true</RequireOutput>
<Files>
<File>
<Name>FederationServerDiscovery.ps1</Name>
<Contents><Script>
function GetAttributeStoreConnections([string] $attributeStoreType)
{
$connections = ""
$stores = ( Get-ADFSAttributeStore | where-object {$_.StoreClassification -eq $attributeStoreType} )
Write-Host $stores
$firstTime = 1;
foreach ( $store in $stores )
{
if ($store -ne $null)
{
if ( $firstTime -eq 0 )
{
$connections += ","
}
else
{
$firstTime = 0
}
$connections += $store.Configuration["connection"]
}
}
return $connections
}
$target = $args[0]
$element = $args[1]
$targetComputer = $args[2]
$scomAPI = new-object -comObject "MOM.ScriptAPI"
$discoveryData = $scomAPI.CreateDiscoveryData(0, $element, $target)
$scomAPI.LogScriptEvent("Beginning FederationServer discovery", 100, 4, $targetComputer )
#Get product version
$serviceWMIObject = (get-wmiobject -query "select * from win32_service where name='adfssrv'")
$servicePath = $serviceWMIObject.PathName
$serviceVersion = (get-item $servicePath).VersionInfo.ProductVersion
$isServiceRunning = $serviceWMIObject.Started
$isADFS20 = [System.Environment]::OSVersion.Version.Major -lt 6 -or [System.Environment]::OSVersion.Version.Minor -lt 2
if ($isADFS20)
{
add-pssnapin microsoft.adfs.powershell
}
else
{
Import-Module adfs
}
$stsWMIObject = (Get-WmiObject -Namespace root\ADFS -Class SecurityTokenService)
$sqlConnectionString = $stsWMIObject.ConfigurationDatabaseConnectionString
[System.Data.SqlClient.SqlConnectionStringBuilder] $sqlConnectionBuilder = new-object System.Data.SqlClient.SqlConnectionStringBuilder $sqlConnectionString
if ($isADFS20)
{
$isWID = [StringComparer]::OrdinalIgnoreCase.Equals( $sqlConnectionBuilder.DataSource, '\\.\pipe\mssql$microsoft##ssee\sql\query');
}
else
{
$isWID = [StringComparer]::OrdinalIgnoreCase.Equals( $sqlConnectionBuilder.DataSource, '\\.\pipe\Microsoft##WID\tsql\query');
}
$adfsSyncProperties = Get-ADFSSyncProperties
$adfsProperties = Get-ADFSProperties
####AD FS
$adfsInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20']$")
$adfsInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20']/ADFSKey$", "AD FS")
$adfsInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "AD FS")
$discoveryData.AddInstance($adfsInstance)
####FederationService
$federationServersInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationService']$")
$federationServersInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationService']/GroupName$", $adfsProperties.HostName)
$federationServersInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Federation service")
$discoveryData.AddInstance($federationServersInstance)
#Add relationship
$adfsContainsFederationService = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20ContainsFederationService']$")
$adfsContainsFederationService.Source = $adfsInstance
$adfsContainsFederationService.Target = $federationServersInstance
$discoveryData.AddInstance( $adfsContainsFederationService )
####FederationServer
$federationServerInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']$")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$federationServerInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/Version$", $serviceVersion)
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/SqlConnectionString$", $sqlConnectionString)
if ($isWID)
{
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/Mode$", "WID")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/Role$", $adfsSyncProperties.Role)
}
else
{
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/Mode$", "SQL")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/Role$", "")
}
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/EventLogLevel$", [String]::Join(",", $adfsProperties.LogLevel) )
if ($isADFS20)
{
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/PerformanceCounterName$", "AD FS 2.0")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ADFSEventLog$", "AD FS 2.0/Admin")
}
else
{
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/PerformanceCounterName$", "AD FS")
$federationServerInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ADFSEventLog$", "AD FS/Admin")
}
$discoveryData.AddInstance($federationServerInstance)
#Add relationship
$federationServersContainsFederationServer = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServiceContainsFederationServer']$")
$federationServersContainsFederationServer.Source = $federationServersInstance
$federationServersContainsFederationServer.Target = $federationServerInstance
$discoveryData.AddInstance( $federationServersContainsFederationServer )
if ( $isServiceRunning )
{
$certificates = Get-ADFSCertificate
$adfsEndpoints = Get-ADFSEndpoint
####TrustManagement
if ( ( -not $isWID ) -or ( $isWID -and ( $adfsSyncProperties.Role -eq "PrimaryComputer" ) ) )
{
$trustMgmtInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TrustManagement']$")
$trustMgmtInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$trustMgmtInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$trustMgmtInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Trust management")
$trustMgmtInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TrustManagement']/TrustMonitoringInterval$", $adfsProperties.MonitoringInterval )
#Add instance
$discoveryData.AddInstance( $trustMgmtInstance )
#Add relationship
$fsHostsTrustMgmt = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsTrustManagement']$")
$fsHostsTrustMgmt.Source = $federationServerInstance
$fsHostsTrustMgmt.Target = $trustMgmtInstance
$discoveryData.AddInstance( $fsHostsTrustMgmt )
}
####WIDSync
if ( $isWID )
{
$widSyncInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.WIDSync']$")
$widSyncInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$widSyncInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$widSyncInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "WID sync")
if ( $adfsSyncProperties.Role -ne "PrimaryComputer" )
{
$widSyncInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.WIDSync']/WIDSyncInterval$", $adfsSyncProperties.PollDuration )
$widSyncInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.WIDSync']/LastSyncTime$", "" )
}
#Add instance
$discoveryData.AddInstance( $widSyncInstance )
#Add relationship
$fsHostsWIDSync = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsWIDSync']$")
$fsHostsWIDSync.Source = $federationServerInstance
$fsHostsWIDSync.Target = $widSyncInstance
$discoveryData.AddInstance( $fsHostsWIDSync )
}
####WebSites
$webSitesInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Websites']$")
$webSitesInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$webSitesInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$fedPassiveURL = "https://" + $adfsProperties.HostName + $adfsProperties.FederationPassiveAddress
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Websites']/FedPassiveWebsiteURL$", $fedPassiveURL )
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Websites']/FedPassiveWebsitePort$", $adfsProperties.HttpsPort )
$wsTrustEp = [string]::Format("net.tcp://localhost:{0}/adfs/services/trusttcp/windows", $adfsProperties.NetTcpPort)
$samlEp = [string]::Format("net.tcp://localhost:{0}/samlprotocol", $adfsProperties.NetTcpPort)
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Websites']/WSTrustEndpoint$", $wsTrustEp )
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Websites']/SAMLEndpoint$", $samlEp )
$webSitesInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Web sites")
#Add instance
$discoveryData.AddInstance( $webSitesInstance )
#Add relationship
$fsHostsWebsites = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsWebSites']$")
$fsHostsWebsites.Source = $federationServerInstance
$fsHostsWebsites.Target = $webSitesInstance
$discoveryData.AddInstance( $fsHostsWebsites )
####Certificate management
$certMgmtInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.CertificateManagement']$")
$certMgmtInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$certMgmtInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$certMgmtInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.CertificateManagement']/CertRolloverInterval$", $adfsProperties.CertificateRolloverInterval )
$certMgmtInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Certificate management")
#Add instance
$discoveryData.AddInstance( $certMgmtInstance )
#Add relationship
$fsHostsCertMgmt = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsCertificateManagement']$")
$fsHostsCertMgmt.Source = $federationServerInstance
$fsHostsCertMgmt.Target = $certMgmtInstance
$discoveryData.AddInstance( $fsHostsCertMgmt )
####Authentication
$authInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']$")
$authInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$authInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$authInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Authentication")
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']/STSIdentifier$", $adfsProperties.HostName )
$artSvcEnabled = ( $adfsEndpoints | where-object {$_.Protocol -eq "SAML-ArtifactResolution"} ).Enabled
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']/ArtifactServiceEnabled$", $artSvcEnabled )
$ldapConnections = GetAttributeStoreConnections("LDAP")
$sqlConnections = GetAttributeStoreConnections("SQL")
#Custom attribute store names
$adfsCustomStores = ( Get-ADFSAttributeStore | where-object {$_.StoreClassification -eq "Custom"} )
$customClassNames = ""
$firstTime = 1;
foreach ( $store in $adfsCustomStores )
{
if ( $firstTime -eq 0 )
{
$customClassNames += ","
}
else
{
$firstTime = 0
}
$customClassNames += $store.StoreTypeQualifiedName
}
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']/LDAPAttributeStores$", $ldapConnections )
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']/SQLAttributeStores$", $sqlConnections )
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']/CustomAttributeStores$", $customClassNames )
#Add instance
$discoveryData.AddInstance( $authInstance )
#Add relationship
$fsHostsAuth = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerHostsAuthentication']$")
$fsHostsAuth.Source = $federationServerInstance
$fsHostsAuth.Target = $authInstance
$discoveryData.AddInstance( $fsHostsAuth )
####TokenIssuance
$tokenIssuanceInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TokenIssuance']$")
#$tokenIssuanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']/STSIdentifier$", $adfsProperties.HostName )
$tokenIssuanceInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$tokenIssuanceInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$adfsRelyingParties = Get-ADFSRelyingPartyTrust
$relyingParties = ""
$firstTime = 1
foreach ( $rp in $adfsRelyingParties )
{
foreach ($rpId in $rp.Identifier)
{
if ( $firstTime -eq 0 )
{
$relyingParties += ","
}
else
{
$firstTime = 0
}
$relyingParties += $rpId
}
}
$tokenIssuanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TokenIssuance']/RelyingParties$", $relyingParties )
$signingCert = ( $certificates | where-object {$_.CertificateType -eq "Token-Signing"} ).Thumbprint
$tokenIssuanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TokenIssuance']/TokenSigningCertThumbprint$", $signingCert )
$tokenIssuanceInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Token issuance")
#Add instance
$discoveryData.AddInstance( $tokenIssuanceInstance )
#Add relationship
$authHostsTokenIssuance = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.AuthenticationHostsTokenIssuance']$")
$authHostsTokenIssuance.Source = $authInstance
$authHostsTokenIssuance.Target = $tokenIssuanceInstance
$discoveryData.AddInstance( $authHostsTokenIssuance )
####TokenAcceptance
$tokenAcceptanceInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TokenAcceptance']$")
$tokenAcceptanceInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$tokenAcceptanceInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$tokenAcceptanceInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Token acceptance")
$adfsClaimsProviders = Get-ADFSClaimsProviderTrust
$claimsProviders = ""
$firstTime = 1
foreach ( $cp in $adfsClaimsProviders )
{
if ( $firstTime -eq 0 )
{
$claimsProviders += ","
}
else
{
$firstTime = 0
}
$claimsProviders += $cp.Identifier
}
$tokenAcceptanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TokenAcceptance']/ClaimsProviders$", $claimsProviders )
$decryptingCert = ( $certificates | where-object {$_.CertificateType -eq "Token-Decrypting"} ).Thumbprint
$tokenAcceptanceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.TokenAcceptance']/TokenDecryptionCertThumbprint$", $decryptingCert )
#Add instance
$discoveryData.AddInstance( $tokenAcceptanceInstance )
#Add relationship
$authHostsTokenAcceptance = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.AuthenticationHostsTokenAcceptance']$")
$authHostsTokenAcceptance.Source = $authInstance
$authHostsTokenAcceptance.Target = $tokenAcceptanceInstance
$discoveryData.AddInstance( $authHostsTokenAcceptance )
####ArtifactService
if ( $artSvcEnabled )
{
$artifactServiceInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.ArtifactService']$")
#$artifactServiceInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.Authentication']/STSIdentifier$", $adfsProperties.HostName )
$artifactServiceInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServer']/ServerName$", $targetComputer)
$artifactServiceInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$artifactServiceInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Artifact service")
#Add instance
$discoveryData.AddInstance( $artifactServiceInstance )
#Add relationship
$authHostsArtifactService = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.AuthenticationHostsArtifactService']$")
$authHostsArtifactService.Source = $authInstance
$authHostsArtifactService.Target = $artifactServiceInstance
$discoveryData.AddInstance( $authHostsArtifactService )
}
}
$scomAPI.LogScriptEvent("End of FederationServer discovery", 101, 4, "" )
$scomAPI.Return($discoveryData)
</Script></Contents>
</File>
</Files>
</DataSource>
</Discovery>
Home
ENU