Bir veya daha fazla güven için federasyon meta verilerinin (ortak kuruluşta ortak güven ayarlarını güncelleştirmek için kullanılır) otomatik olarak güncelleştirilmesi devre dışı bırakıldı, otomatik güven izleme (ortak kuruluştan gelen meta verilerin farklarını algılamak için kullanılır) ise etkinleştirildi.
Bu izleyici, tüm güvenlerin ConflictWithPublishedPolicy Windows PowerShell ayarını tarar ve bu ayar True olarak ayarlanmışsa Sarı durumu ve bir uyarı oluşturur.
Güven için otomatik güncelleştirme devre dışı bırakıldı, otomatik izleme ise etkinleştirildi.
AD FS Yönetimi ek bileşenini kullanıp güvenin özelliklerini değiştirerek otomatik güncelleştirme ayarını etkinleştirin.
Target | Microsoft.ActiveDirectoryFederationServices2012R2.TrustManagement | ||
Parent Monitor | System.Health.ConfigurationState | ||
Category | ConfigurationHealth | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.ActiveDirectoryFederationServices2012R2.TrustMgmtAutoUpdateSkippedWithWarningMonitor" Accessibility="Public" Enabled="true" Target="Microsoft.ActiveDirectoryFederationServices2012R2.TrustManagement" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="Microsoft.ActiveDirectoryFederationServices2012R2.TwoStateScriptMonitorType" ConfirmDelivery="false">
<Category>ConfigurationHealth</Category>
<AlertSettings AlertMessage="Microsoft.ActiveDirectoryFederationServices2012R2.TrustMgmtAutoUpdateSkippedWithWarningMonitor_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Warning</AlertSeverity>
</AlertSettings>
<OperationalStates>
<OperationalState ID="Success" MonitorTypeStateID="Success" HealthState="Success"/>
<OperationalState ID="Error" MonitorTypeStateID="Error" HealthState="Warning"/>
</OperationalStates>
<Configuration>
<PowerShellPath>%windir%\system32\windowspowershell\v1.0\powershell.exe</PowerShellPath>
<ScriptName>TrustManagementAutoUpdateSkippedWithWarningCheck.ps1</ScriptName>
<ScriptBody>
Import-Module adfs
$scomapi = new-object -comObject "MOM.ScriptAPI"
$scomapi.LogScriptEvent("ActiveDirectoryFederationServices", 200, 4, "Trust Mgmt PowerShell monitoring script executed")
$relyingParties = Get-ADFSRelyingPartyTrust
$conflictWithPublishedPolicy = $false
foreach ($rp in $relyingParties)
{
if ($rp.ConflictWithPublishedPolicy -eq $true )
{
$conflictWithPublishedPolicy = $true
break
}
}
if ( $conflictWithPublishedPolicy -ne $true )
{
$claimsProviders = Get-ADFSClaimsProviderTrust
foreach ($cp in $claimsProviders )
{
if ($cp.ConflictWithPublishedPolicy -eq $true)
{
$conflictWithPublishedPolicy = $true
break
}
}
}
$scompb = $scomapi.CreatePropertyBag()
$scompb.AddValue("ConflictWithPublishedPolicy", $conflictWithPublishedPolicy )
$scomapi.AddItem($scompb)
$scomapi.ReturnItems()
</ScriptBody>
<IntervalSeconds>900</IntervalSeconds>
<TimeoutSeconds>120</TimeoutSeconds>
<ErrorExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='ConflictWithPublishedPolicy']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">true</Value>
</ValueExpression>
</SimpleExpression>
</ErrorExpression>
<SuccessExpression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">Property[@Name='ConflictWithPublishedPolicy']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="String">false</Value>
</ValueExpression>
</SimpleExpression>
</SuccessExpression>
</Configuration>
</UnitMonitor>