[de6c97be-003e-4032-a05f-59ebc6e71c3b] Active Directory Federated Services (ADFS) Diagnostic

Applies to: Windows Server 2008 DatacenterWindows Server 2008 Datacenter without Hyper-VWindows Server 2008 Enterprise More

Summary


The Active Directory Federated Services (AD FS) Diagnostic helps you to collect useful information and detect known configuration and use problems that are related to AD FS.

More Information


This article describes the information that may be collected from a computer that is running the AD FS Diagnostic.

This article describes the information that may be collected from a computer that is running the AD FS Diagnostic.

 

Information collected

AD FS Summary
DescriptionFile Name
Details regarding the AD FS role installation, configuration and use.ResultReport.xml


Event Logs
DescriptionFile Name
Event Log – System – text, csv and evtx formats (last 7 days){Computername}_evt_System.*
Event Log – Application – text, csv and evtx formats (last 7 days){Computername}_evt_Application.*
Event Log – Security – text, csv and evtx formats (last 7 days){Computername}_evt_Security.*
Event Log - AD FS 2.0 Tracing - text, csv and evtx formats (last 7 days){Computername}_evt_AD FS20Tracing-Debug.*
Event Log – AD FS 2.0 Admin – Text, csv, evtx formats (last 7 days){Computername}_evt_AD FS20-Admin.*


Hotfixes
DescriptionFile Name
Details about the hotfixes installed on the computer.{Computername}__hotfixes.txt


IIS App Pools
DescriptionFile Name
An export of the IIS application pools on the computer.{Computername}__IIS_App_Pools.txt


IIS Sites
DescriptionFile Name
An export of the IIS sites on the computer.{Computername}__IIS_Sites.txt


IIS SSL Bindings
DescriptionFile Name
A list of the SSL certificate bindings, and details about those certificates, to the sites on the computer.{Computername}__IIS_SSL_Bindings.txt


IIS URL ACL
DescriptionFile Name
An export of the web site permissions configured for each of the sites on the computer.{Computername}__IIS_URL_ACL.txt


IIS Web Applications
DescriptionFile Name
An export containing the web applications and details about them.{Computername}__IIS_Web_Applications.txt


IIS Web Handler
DescriptionFile Name
An export of web handler details from the computer.{Computername}__IIS_Web_Handler.txt


HOSTS File
DescriptionFile Name
The %systemroot%\system32\drivers\etc\hosts file, which contains DNS values to be preloaded into cache.{Computername}_HOSTS_File.txt


AD FS File Versions
DescriptionFile Name
File version details of AD FS files – txt and csv formats.{Computername}_symAD FSFileVersions.*


Federation Metadata
DescriptionFile Name
The federation metadata configuration XML file from each configured federated trust.FedMetaData_{trustname}.xml


AD FS Attribute Store
DescriptionFile Name
The output of the PowerShell cmdlet Get-AdfsAttributeStore.{Computername}_AD FS_AttributeStore.txt


AD FS Certificate Details
DescriptionFile Name
The output of the PowerShell cmdlet Get-AdfsCertificate.Computername}_AD FS_Certificate.txt


AD FS Certificate Sharing Store
DescriptionFile Name
For AD FS servers in a farm an LDAP query result containing the permissions on the AD FS certificate sharing container.{Computername}_AD FS_CertificateSharingContainer_ACL.txt


AD FS Claim Description
DescriptionFile Name
An export of all configured claims on the AD FS server.{Computername}_AD FS_ClaimDescription.txt


AD FS Claims Provider Trust
DescriptionFile Name
The output of the PowerShell cmdlet Get-AdfsClaimsProviderTrust.{Computername}_AD FS_ClaimsProviderTrust.txt


AD FS LS Folder Contents
DescriptionFile Name
File details about files in the (default) c:\Inetpub\Adfs\Ls directory and subdirectories.{Computername}_AD FS_LS_Folder_Contents.txt


AD FS Relying Party Trust
DescriptionFile Name
The output of the PowerShell cmdlet Get- AdfsRelyingPartyTrust.{Computername}_AD FS_RelyingPartyTrust.txt


AD FS AdfsSyncProperties
DescriptionFile Name
The output of the PowerShell cmdlet Get- AdfsSyncProperties.{Computername}_AD FS_SyncProperties.txt


AD FS Attribute Store
DescriptionFile Name
The output of the PowerShell cmdlet Get-AdfsAttributeStore.{Computername}_AD FS_AttributeStore.txt


AD FS Registry Values
DescriptionFile Name
An export of the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Services\Adfssrv key and its values.{Computername}_AD FSSRV_REG.txt


AD FS Additional Registry Values
DescriptionFile Name
An export of the HKCU\Software\Microsoft\IdentityCRL\UserExtendedProperties key and its values.{Computername}_AD FS_ AD FSAdditionalRegVals.txt


AD FS Certificates
DescriptionFile Name
File export of the AD FS service communications certificate.

Note Exported with public key only.
AD FS_ServiceCommunications_Cert.cer


AD FS 2016 cmdlets
Description

Get-AdfsAccessControlPolicy

Get-AdfsApplicationGroup

Get-AdfsApplicationPermission

Get-AdfsAzureMfaConfigured

Get-AdfsCertificateAuthority

Get-AdfsClaimDescription

Get-AdfsClaimsProviderTrustsGroup

Get-AdfsFarmInformation

Get-AdfsLocalClaimsProviderTrust

Get-AdfsNativeClientApplication

Get-AdfsRegistrationHosts

Get-AdfsRelyingPartyTrustsGroup

Get-AdfsRelyingPartyWebTheme

Get-AdfsScopeDescription

Get-AdfsServerApplication

Get-AdfsTrustedFederationPartner

Get-AdfsWebApiApplication



WAP data collection
Description

Collect certificate list Cert:\LocalMachine\AdfsTrustedDevices



Device Registration Service data
Description

Get-AdfsDeviceRegistrationUpnSuffix

Get-AdfsDeviceRegistration

Get-AdfsDeviceRegistration

Active Directory search results for:

  • CloudDRSIssuerCertificatePublicKey
  • DRSIssuerCertificatePublicKey

MSINFO32 results

Active Directory AD site information

Active Directory trust information


Additional Information

In additional to the files collected and listed above, this troubleshooter can detect one or more of the following conditions:
 
  • Operating system name
  • Time zone
  • Last Reboot/Uptime
  • Installed anti-malware
  • User Account Control setting
  • User name used to log on during data gathering
  • Computer model
  • Processor information
  • Computer domain name
  • Computer domain role
  • Physical memory
  • Process summary
  • Top memory usage statistics

References


For more information about the diagnostic tool, go to the following article in the Microsoft Knowledge Base:
973559 Frequently asked questions about the Microsoft Support Diagnostic Tool (MSDT) when it is used with Windows 7 or Windows Server 2008 R2