1
00:00:03,040 --> 00:00:08,920
Now let's use one of the tools on the ADF's help site to verify the health of our ADF's deployment.

2
00:00:09,830 --> 00:00:13,190
I'm on the ADF's server and I'll show you why in a minute.

3
00:00:13,190 --> 00:00:15,230
And I have the site open in a browser.

4
00:00:16,180 --> 00:00:19,780
So let's go to online tools and click Diagnostics Analyzer.

5
00:00:20,680 --> 00:00:23,710
There are three steps to running the tool for the first time.

6
00:00:24,580 --> 00:00:30,070
The page assumes you've already installed the PowerShell module, so it jumps right to the testing part.

7
00:00:30,970 --> 00:00:32,710
Let's click on the first step.

8
00:00:33,590 --> 00:00:39,410
It says we need PowerShell version for a greater and asks if we're running ad fs 2.1 or lower.

9
00:00:40,280 --> 00:00:46,940
We're using AD for 2019, so we're okay since we're on the ad FS server.

10
00:00:46,970 --> 00:00:49,040
We won't do a manual installation.

11
00:00:49,910 --> 00:00:55,460
I'll just copy this PowerShell command and I already have PowerShell open as an administrator, so let's

12
00:00:55,460 --> 00:00:56,810
paste this in and run it.

13
00:00:57,680 --> 00:01:00,890
I actually need to download the latest version of New Get first.

14
00:01:01,070 --> 00:01:02,360
So I'll say yes to that.

15
00:01:03,230 --> 00:01:08,090
And PowerShell installs New Get and then downloads the ADF's toolbox module.

16
00:01:08,990 --> 00:01:11,900
Now let's go back to the browser and copy the next command.

17
00:01:12,020 --> 00:01:15,050
And this is just standard PowerShell to import the module.

18
00:01:15,950 --> 00:01:20,360
Now let's go back and take a look at the steps under the manual installation tab.

19
00:01:21,200 --> 00:01:26,570
It says here that you can install this on a computer other than the ADF's computer, like our Windows

20
00:01:26,570 --> 00:01:27,770
ten management VM.

21
00:01:27,920 --> 00:01:33,620
But then you need to copy the installation folder over to your ad FS server or the web application proxy

22
00:01:33,620 --> 00:01:35,300
server that you want to run it on.

23
00:01:36,170 --> 00:01:39,050
Then you can use remote PowerShell to run the tool.

24
00:01:39,950 --> 00:01:44,900
That's why I just remote into the ad fs server so we can keep it simple for the demo.

25
00:01:45,740 --> 00:01:47,540
Now let's go to the next step.

26
00:01:48,410 --> 00:01:53,090
There's a command here to run the diagnostics and create the JSON file with the output.

27
00:01:53,960 --> 00:01:59,630
If you want to test your web application proxy installation, you need to run the command on that server

28
00:01:59,630 --> 00:02:00,320
separately.

29
00:02:01,250 --> 00:02:04,310
So let's copy this command and run it in PowerShell.

30
00:02:05,200 --> 00:02:10,840
It says the diagnostics file was created right at the root of the C drive and it shows us where to upload

31
00:02:10,840 --> 00:02:12,220
the file for analysis.

32
00:02:13,090 --> 00:02:16,360
Let's go back to the browser and click to move to the next step.

33
00:02:17,230 --> 00:02:20,290
We need to log in with an Azure Active Directory account.

34
00:02:20,470 --> 00:02:22,150
So I'll click the sign in button.

35
00:02:23,050 --> 00:02:27,880
I'm already logged in with an account stored in my Azure Active Directory tenant and it says I need

36
00:02:27,880 --> 00:02:30,310
to set up MFA because I'm a global admin.

37
00:02:30,460 --> 00:02:31,840
But let's skip this for now.

38
00:02:32,720 --> 00:02:38,360
And now the Diagnostics Analyzer tool is requesting permission to sign me in and read my profile.

39
00:02:39,260 --> 00:02:44,900
This is an off 2.0 authorization flow that Azure ad uses to grant access to your account.

40
00:02:44,960 --> 00:02:46,100
So I'll click Accept.

41
00:02:47,000 --> 00:02:48,840
Now we can choose a file to upload.

42
00:02:48,890 --> 00:02:54,110
So I'll pick that JSON file created at the root of the C drive by the PowerShell command and then click

43
00:02:54,110 --> 00:02:55,580
upload a new diagnostic.

44
00:02:56,480 --> 00:03:02,000
The online tool store's previous run so you can go back and see what's changed in your configurations

45
00:03:02,000 --> 00:03:02,750
over time.

46
00:03:03,590 --> 00:03:08,690
On the Health Test Results tab, there's a summary of the outcome of the tests that were run.

47
00:03:09,590 --> 00:03:12,890
You can get information on each of these tests from this link.

48
00:03:13,780 --> 00:03:16,930
You can see there's quite a few diagnostics run on the server.

49
00:03:17,080 --> 00:03:19,150
But let's go back and look at the results.

50
00:03:20,050 --> 00:03:21,580
There's one failed test.

51
00:03:22,500 --> 00:03:25,170
It says extra net lockout isn't enabled.

52
00:03:26,070 --> 00:03:31,140
This is something we'll be looking at later in the course when we install Web application proxy.

53
00:03:32,040 --> 00:03:36,330
Then there's a warning about self signed certificates in the intermediate store.

54
00:03:37,260 --> 00:03:40,950
This isn't anything that was done by our ADF for installation.

55
00:03:41,820 --> 00:03:46,350
This has to do with our certificate authority configuration so we can move on.

56
00:03:47,250 --> 00:03:49,470
Then there are all the tests that passed.

57
00:03:50,400 --> 00:03:53,100
You can expand any of these to get the details.

58
00:03:54,020 --> 00:03:57,230
At the bottom, some of the tests weren't applicable.

59
00:03:58,100 --> 00:04:00,530
Let's go back up and look at the other tabs.

60
00:04:01,400 --> 00:04:08,180
ADF's configuration gives us a summary of the current configuration because each run of the tool is

61
00:04:08,180 --> 00:04:08,690
saved.

62
00:04:08,720 --> 00:04:14,210
This lets you go back in time and see the configuration which can be useful for troubleshooting changes.

63
00:04:15,140 --> 00:04:18,500
So it's a good idea to run this tool on a regular basis.

64
00:04:19,400 --> 00:04:22,040
The next tab is for relying party trusts.

65
00:04:22,970 --> 00:04:28,370
So these are the applications and organisations you've configured to use this ADF, RFS farm as their

66
00:04:28,370 --> 00:04:29,450
identity provider.

67
00:04:30,340 --> 00:04:33,490
Will be configuring those in the next couple of modules.

68
00:04:34,360 --> 00:04:41,200
And finally, claims provider trusts as we only have the default claims provider trust listed here,

69
00:04:41,350 --> 00:04:43,000
which is for Active Directory.

70
00:04:43,870 --> 00:04:49,060
Later in the course, I'll show you how to set up a claims provider trust when federating with another

71
00:04:49,060 --> 00:04:49,930
organisation.

72
00:04:50,800 --> 00:04:56,350
So that's the Diagnostics Analyzer tool which can help you evaluate the health of your ADF's farm.

73
00:04:56,470 --> 00:05:00,730
And it lets you save runs so you can trace back configuration changes over time.