Jorge's Quest For Knowledge!

All You Need To Know About Identity And Security On-Premises And In The Cloud. It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2016-07-20) Installing And Configuring Azure AD Connect Health For Active Directory Domain Services

Posted by Jorge on 2016-07-20


This blog post show you how to configure Azure AD Connect Health for AD/ADDS

First download the Azure AD Connect Health Agent for AD/ADDS from here

After the download move/copy the executable to every DC you want to install the Azure AD Connect Health for AD/ADDS on

Double-click on the executable

Click [Install]

image

Figure 1: Azure AD Connect Health – Install Screen

After the installation ends, you need to determine how your DCs have access to the internet.

If the DC has a direct connection, you need to only open up firewall ports first before continuing.

If the DC must have access through a proxy, you must configure the proxy settings first before continuing

There are several options to source the proxy settings from

[1] If you want to source the settings from Internet Explorer use: Set-AzureAdConnectHealthProxySettings -ImportFromInternetSettings

[2] If you want to source the settings from WinHTTP use: Set-AzureAdConnectHealthProxySettings -ImportFromWinHttp

[3] If you want to source the settings manually use: Set-AzureAdConnectHealthProxySettings -HttpsProxyAddress <PROXYSERVER>:<PORT>

Afterwards you can view the proxy settings in use by Azure AD Connect Health through: Get-AzureAdConnectHealthProxySettings

Additional info regarding the URLs accessed by Azure AD Connect Health see: https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-health-agent-install/

If your DC supports cookies and JavaScript or IE Enhanced Security Configuration has been disabled:

Click [Configure Now]

If your DC does not support cookies and JavaScript or IE Enhanced Security Configuration has been or is enabled:

Click [Close] and continue with figure 9

image

Figure 2: Azure AD Connect Health – Configure Screen

Specify either native Azure AD credentials or federated credentials. In either case, the credentials must have the Global Administrator role in Azure AD!

image

Figure 3: Azure AD Connect Health – Initial Credentials Screen

…because I used federated credentials, I’m redirected to ADFS

image

Figure 4: Azure AD Connect Health – Redirection To ADFS

…specify the password belonging to the specified user name

image

Figure 5: Azure AD Connect Health – Credentials Screen

…registration continues

image

Figure 6: Azure AD Connect Health – Registration Of The Agent

If you clicked [Configure Now] in figure 2 and your DC did not support cookies and JavaScript or IE Enhanced Security Configuration has been or is enabled, you will see the following message

Close the screen by clicking the red cross in the upper right corner

image

Figure 7: Azure AD Connect Health – Message About Cookies And/Or Javascript Not Being Supported

Closing the screen above throws the following errors

image

Figure 8: Azure AD Connect Health – Additional Errors

Open a new PowerShell command prompt window and type:

Import-Module AdHealthAdds

$azureADCreds = Get-Credential

Specify either native Azure AD credentials or federated credentials. In either case, the credentials must have the Global Administrator role in Azure AD!

image

Figure 9: Azure AD Connect Health – Starting Registration And Entering Native Azure Credentials

In the existing PowerShell command prompt window type:

Register-AzureADConnectHealthADDSAgent -Credential $azureADCreds

image

Figure 10: Azure AD Connect Health – Registration Of The Agent

Done! After doing on all the DCs, you can go to https://portal.azure.com/ and check the health of your AD/ADDS

PS: The installation of the Azure AD Connect Health Agent for ADFS is very similar!

Cheers,
Jorge
———————————————————————————————
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
* DISCLAIMER:
https://jorgequestforknowledge.wordpress.com/disclaimer/
———————————————————————————————
############### Jorge’s Quest For Knowledge #############
#########
http://JorgeQuestForKnowledge.wordpress.com/ ########
———————————————————————————————

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: