Federation server proxy discovery
Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyDiscovery (Discovery)
Element properties:
Object Discovery Details:
Member Modules:
Source Code:
<Discovery ID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyDiscovery" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxySeed" ConfirmDelivery="false" Remotable="true" Priority="Normal">
<Category>Discovery</Category>
<DiscoveryTypes>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy" PropertyID="Version"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy" PropertyID="FederationServiceName"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy" PropertyID="HTTPProxyServer"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy" PropertyID="PerformanceCounterName"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy" PropertyID="ServerName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites" PropertyID="FedPassiveWebsiteURL"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites" PropertyID="FedPassiveWebsitePort"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites" PropertyID="WSTrustEndpoint"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites" PropertyID="SAMLEndpoint"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyAuthentication">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyAuthentication" PropertyID="FedMetadataEndpoint"/>
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyAuthentication" PropertyID="MEXEndpoint"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxies">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxies" PropertyID="GroupName"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryClass TypeID="Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20">
<Property TypeID="Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20" PropertyID="ADFSKey"/>
<Property TypeID="System!System.Entity" PropertyID="DisplayName"/>
</DiscoveryClass>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyHostsWebSites"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyHostsAuthentication"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.FederationServerProxiesContainsFederationServerProxy"/>
<DiscoveryRelationship TypeID="Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20ContainsFederationServerProxies"/>
</DiscoveryTypes>
<DataSource ID="DS" TypeID="System!System.CommandExecuterDiscoveryDataSource">
<IntervalSeconds>43200</IntervalSeconds>
<ApplicationName>%windir%\system32\windowspowershell\v1.0\powershell.exe</ApplicationName>
<WorkingDirectory/>
<CommandLine>-Command "Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force;.\FederationServerProxyDiscovery.ps1 '$Target/Id$' '$MPElement$' '$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$'</CommandLine>
<SecureInput/>
<TimeoutSeconds>1800</TimeoutSeconds>
<RequireOutput>true</RequireOutput>
<Files>
<File>
<Name>FederationServerProxyDiscovery.ps1</Name>
<Contents><Script>
function GetNodeFromConfig($vDir, [string] $xpath, $nsmgr)
{
$config = ($vDir.path + "\web.config")
$cpNode = $null
if ([System.IO.File]::Exists($config))
{
[System.Xml.XmlDocument] $xd = new-object System.Xml.XmlDocument
$xd.load( $config )
$cpNode = $xd.SelectSingleNode($xpath,$nsmgr)
}
return $cpNode
}
function GetFedPassiveVDir()
{
$fpVDir = $null
$vDir = $vDirs | where {$_.name.EndsWith( "/adfs/ls" )}
if (-not(($vDir -eq $null)))
{
$fpVDir = $vDir
}
else
{
foreach ($vDir in $vDirs)
{
$temp = GetNodeFromConfig $vDir "configuration/microsoft.identityServer.web" $null
if (-not(($temp -eq $null)))
{
$fpVDir = $vDir
break;
}
}
}
return $fpVDir
}
$target = $args[0]
$element = $args[1]
$targetComputer = $args[2]
#Get all VDir properties
$vDirs = Get-WmiObject -namespace root/MicrosoftIISV2 -class IISWebVirtualDirSetting
#Get product version
$serviceWMIObject = (get-wmiobject -query "select * from win32_service where name='adfssrv'")
$servicePath = $serviceWMIObject.PathName
$serviceVersion = (get-item $servicePath).VersionInfo.ProductVersion
$isServiceRunning = $serviceWMIObject.Started
$isADFS20 = [System.Environment]::OSVersion.Version.Major -lt 6 -or [System.Environment]::OSVersion.Version.Minor -lt 2
$proxyWMIObject = (Get-WmiObject -Namespace root\ADFS -Class ProxyService)
$scomAPI = new-object -comObject "MOM.ScriptAPI"
$discoveryData = $scomAPI.CreateDiscoveryData(0, $element, $target)
$scomAPI.LogScriptEvent("FederationServerProxy Discovery start", 100, 4, $targetComputer )
####AD FS
$adfsInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20']$")
$adfsInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "AD FS")
$adfsInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20']/ADFSKey$", "AD FS")
$discoveryData.AddInstance($adfsInstance)
####FederationServerProxies
$federationProxiesInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxies']$")
$federationProxiesInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxies']/GroupName$", "Default")
$federationProxiesInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", "Federation Server Proxies")
$discoveryData.AddInstance($federationProxiesInstance)
#Add relationship
$adfsContainsFederationServerProxies = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.ActiveDirectoryFederationServices20ContainsFederationServerProxies']$")
$adfsContainsFederationServerProxies.Source = $adfsInstance
$adfsContainsFederationServerProxies.Target = $federationProxiesInstance
$discoveryData.AddInstance( $adfsContainsFederationServerProxies )
####FederationServerProxy
$federationProxyInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']$")
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/ServerName$", $targetComputer)
$federationProxyInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$federationProxyInstance.AddProperty("$MPElement[Name='System!System.Entity']/DisplayName$", $targetComputer)
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/Version$", $serviceVersion)
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/FederationServiceName$", $proxyWMIObject.HostName )
if ($isADFS20)
{
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/ADFSEventLog$", "AD FS 2.0/Admin")
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/PerformanceCounterName$", "AD FS 2.0 Proxy")
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/TokenRequestsPerSecCounterName$", "Requests/sec")
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/TokenRequestsCounterName$", "Requests")
}
else
{
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/ADFSEventLog$", "AD FS/Admin")
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/PerformanceCounterName$", "AD FS Proxy")
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/TokenRequestsPerSecCounterName$", "Token Requests/sec")
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/TokenRequestsCounterName$", "Token Requests")
}
$federationProxyInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/HTTPProxyServer$", $proxyWMIObject.ForwardHttpProxyAddress)
$discoveryData.AddInstance( $federationProxyInstance )
#Add relationship
$federationProxiesContainsFederationServerProxy = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxiesContainsFederationServerProxy']$")
$federationProxiesContainsFederationServerProxy.Source = $federationProxiesInstance
$federationProxiesContainsFederationServerProxy.Target = $federationProxyInstance
$discoveryData.AddInstance( $federationProxiesContainsFederationServerProxy )
####WebSites
if ( $isServiceRunning )
{
####WebSites
$webSitesInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites']$")
$webSitesInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/ServerName$", $targetComputer)
$webSitesInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$webSitesInstance.AddProperty( "$MPElement[Name='System!System.Entity']/DisplayName$", "Web sites" )
$serverAddress = [string]::Format([System.Globalization.CultureInfo]::InvariantCulture, "https://{0}:{1}" , $proxyWMIObject.HostName, $proxyWMIObject.HostHttpsPort)
$fpVDir = GetFedPassiveVDir
$wsTrustEndpoint = [string]::Format([System.Globalization.CultureInfo]::InvariantCulture, "{0}/adfs/services/trust/proxytrust", $serverAddress )
$samlEndpoint = [string]::Format([System.Globalization.CultureInfo]::InvariantCulture, "{0}/adfs/services/trust/samlprotocol/proxytrust", $serverAddress )
$fpvDirName = ""
if ( $fpVDir -ne $null )
{
$fpvDirFullName = $fpVDir.Name
$splitArgs = "/ROOT/", ""
$fpvDirName = $fpvDirFullName.Split( $splitArgs,[StringSplitOptions]::RemoveEmptyEntries)[1]
}
$fedPassiveURL = [string]::Format([System.Globalization.CultureInfo]::InvariantCulture, "{0}/{1}", $serverAddress, $fpvDirName )
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites']/FedPassiveWebsiteURL$", $fedPassiveURL )
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites']/FedPassiveWebsitePort$", $proxyWMIObject.HostHttpsPort )
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites']/WSTrustEndpoint$", $wsTrustEndpoint )
$webSitesInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyWebsites']/SAMLEndpoint$", $samlEndpoint )
#Add instance
$discoveryData.AddInstance( $webSitesInstance )
#Add relationship
$fpHostsWebsites = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyHostsWebSites']$")
$fpHostsWebsites.Source = $federationProxyInstance
$fpHostsWebsites.Target = $webSitesInstance
$discoveryData.AddInstance( $fpHostsWebsites )
####Authentication
$authInstance = $discoveryData.CreateClassInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyAuthentication']$")
$authInstance.AddProperty("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxy']/ServerName$", $targetComputer)
$authInstance.AddProperty("$MPElement[Name='Windows!Microsoft.Windows.Computer']/PrincipalName$", $targetComputer)
$authInstance.AddProperty( "$MPElement[Name='System!System.Entity']/DisplayName$", "Authentication" )
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyAuthentication']/MEXEndpoint$", "/adfs/services/trust/mex" )
$authInstance.AddProperty( "$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyAuthentication']/FedMetadataEndpoint$", "/FederationMetadata/2007-06/FederationMetadata.xml" )
#Add instance
$discoveryData.AddInstance( $authInstance )
#Add relationship
$fpHostsAuth = $discoveryData.CreateRelationshipInstance("$MPElement[Name='Microsoft.ActiveDirectoryFederationServices20.FederationServerProxyHostsAuthentication']$")
$fpHostsAuth.Source = $federationProxyInstance
$fpHostsAuth.Target = $authInstance
$discoveryData.AddInstance( $fpHostsAuth )
}
$scomAPI.LogScriptEvent("FederationServerProxy Discovery end", 101, 4, $targetComputer )
$scomAPI.Return($discoveryData)
</Script></Contents>
</File>
</Files>
</DataSource>
</Discovery>
Home
ENU