obtaining metrics from ADFS servers.

  • 343 Views
  • Last Post 11 September 2015
BrianB posted this 11 September 2015

All:   I am trying to obtain metrics from my adfs servers, but there does not seem to be a way other than using perfmon counters. I was hoping to be able to count the number of users, Top users, ID of users, and the relying party used on a monthly basis.   Is there a way to obtain this information from the event logs or the application AD FS logs? I don’t think the SQL DB has any of this information recorded to be able to write a query.

  Brian Britt Team Lead | Senior Systems Analyst Vanderbilt University Security Operations | VUIT Identity Operations Team | Central Directory Services Office: (615) 322-4676 SecurityPlus_Certified_CE_LogoLync: (615) 875-9858

Description: Description: Description: MCTS(rgb)_1078

 
Description: Description: MCSE(rgb)_406    Description: Description: MCSA(rgb)_440_454  

 

Order By: Standard | Newest | Votes
barkills posted this 11 September 2015

My colleague, Eric will likely chime in, but I’ll sketch what we’ve done in this area.

 

We’ve got a PS script which ships some perfmon counters along to a graphite server (http://graphite.wikidot.com/). Graphite handles taking in time-series data and automatically renders a graph of that data, along

with applying automatic data retention optimized for a time-series data. That’s super easy to get setup as it’s as simple as sending a string in a UDP packet. We tend to find that watching these metrics will occasionally tell us when there is an undetected

problem. I recall Eric saying that some of the ADFS perfmon counters have changed names between versions, and this was a minor PITA, so be forewarned on that front.

 

In addition to this, Eric has written some custom code which logs some additional data to a SQL database to capture the obvious kinds of metrics you are talking about which the product seems to have missed. We

track logins per relying party and logins per ADFS server, and have a simple asp.net web app which queries that custom DB for that data. We could probably instead ship those metrics along to the graphite server like the perfmon counter data. I seem to recall

others (Joe Kaplan?) saying that they have implemented their own custom solution to cover this.

 

show

dddugan posted this 11 September 2015

Also take a look at Azure AD Connect Health (https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health/).

 

Cheers.

 

show

Close