Microsoft has just released the preview for Azure AD Connect Health for Windows Servers AD. This feature is similar to the health agent used with Azure AD Connect to monitor the health of your directory synchronization instance with Azure AD and your ADFS but for On Premises Active Directory Domain Controllers.

To be able to take advantage of this new feature you need to have an Azure AD premium and download/install the new agent from http://go.microsoft.com/fwlink/?LinkID=820540

Setup the Azure Connect Health Agent for DC

Once you have downloaded the agent, you need to install it on all of your domain controllers.

This is a pretty straight forward installation.

NOTE the agent can be installed on domain controllers running Windows Server 2008 R2, 2012 and 2012 R2

Important point, there is no server restart.

Run the agent setup

image

Follow the wizard to install the agent

imageimageimage

Once the setup is complete, you need to configure the agent which is basically an automated process to register the agent and define the account to be used to connect to AD Connect Health

imageimageimageimage

That’s it, the agent in now installed and will start gathering monitoring data.

You can check if the following services have been installed and are in a running state

  • AzureADConnectHealthAddsInsights
  • AzureADConnectHealthAddsMonitor

image

View Reports

Connect to your Azure portal (https://portal.azure.com/) and access the Azure AD Connect Health dashboard

image

Then look for Active Directory Domain Services dashboard; you will see the forest(s) monitored and the number of agent deployed

image

Once enough data will be gathered you will have an insight of your On Premises AD health, including authentication requests, replication state…

imageimageimage