Azure AD Connect Health Monitoring was recently released and is a great way to monitor your Domain Controllers both On Prem and/or hosted in Azure IaaS.

image

Open the old portal http://manage.windowsazure.com and ensure you have Active Directory Premium.  If not sign up for a trial.

image

Now switch back to the new portal http://portal.azure.com and search for connect health and click on Azure AD Connect Health.

image

Click go to site Create

image

Once created you will see the blade showing that nothing except your tenant domain is being monitored.

image

One the Quick Start blade download the agent for AD DS.

image

Execute the Agent on your Domain Controllers.

image

Once installed click source Configure Now.

image

You will see the script run.

image

Enter your Azure credentials.

image

If you get the error “Please re-register using a valid organizational account that has access to perform this operation. Global Admin accounts are allowed access by default. The use of a Microsoft Account (such as user@hotmail.com, user@outlook.com etc.) is not supported for this operation” then go back to the old portal and create a Global Admin account that uses your tenant or custom domain ID as shown below:

image

Open your Azure AD Domain.

image

Enter a Username and select your Tennant domain.

image

Enter details required and select Global Admin then enter an alternate email address.

image

Generate a Password.

image

Open up an InPrivate browsing session (Ctrl+ Shift + P) and navigate to https://manage.windowsazure.com and login with the new account details.

image

You will need to change the password then click follow link Update and Sign In.

image

You will the the above error that there is no Azure Subscription.  This is fine.  Exit the InPrivate browsing session.

image

Now rerun the agent setup.

image

Now log back into the portal and search for Azure Active Directory Connect Health.

image

Clicking on Active Directory Domain Services shows you the health of my 3 Domain Controllers (although I am currently only monitoring 2:

image

What an awesome tool?

Don’t forget to download the agents for your ADFS Servers and the AD Connect agent for the server that is running AD Connect if you Sync it for Office 365 etc and they will also show up in the portal.

image