When monitoring Active Directory Federation Services, one part to be considered is the AD FS Diagnostics PowerShell module, which is deployed to the AD FS Servers as part of Azure Active Directory Connect Health agent has cmdlets that are executed by the health agent on a regular basis and uploads the results to the cloud for visualization in the Azure Portal and alert generation.
Although this module is used by the Azure AD Connect Health Agent, it is published in the Script Center, thus if you are not using the Azure AD Connect Health service, you have a way to run this locally on your AD FS servers.
The module is available for download at the Script Center in the following site:
The module file name is ADFSDiagnostics.psm1, and is located under “%programfiles%\Azure Ad Connect Health Adfs Agent\Diagnostics\”. Note that it requires elevated access, and PowerShell 4.0 to run and may you need to install the module first in your Powershell modules path.
Below are the cmdlets available in the module:
The Test-ADFSServerHealth cmdlet contains a series of health checks for the most common AD FS issues and it´s perhaps the most useful during troubleshooting. However, there are some other cmdlets that will help you to verifies configuration, certificate properties, retrieve federation metadata, and get a token from the STS (STS using the actual server where the cmdlet is running), and also to verify that endpoints required for office 365 to work are enabled and Relying Party trusts are configured.