Azure AD Connect Health Monitoring was recently released and is a great way to monitor your Domain Controllers both On Prem and/or hosted in Azure IaaS.
Open the old portal http://manage.windowsazure.com and ensure you have Active Directory Premium. If not sign up for a trial.
Now switch back to the new portal http://portal.azure.com and search for connect health and click on Azure AD Connect Health.
Click go to site Create
Once created you will see the blade showing that nothing except your tenant domain is being monitored.
One the Quick Start blade download the agent for AD DS.
Execute the Agent on your Domain Controllers.
Once installed click source Configure Now.
You will see the script run.
Enter your Azure credentials.
If you get the error “Please re-register using a valid organizational account that has access to perform this operation. Global Admin accounts are allowed access by default. The use of a Microsoft Account (such as firstname.lastname@example.org, email@example.com etc.) is not supported for this operation” then go back to the old portal and create a Global Admin account that uses your tenant or custom domain ID as shown below:
Open your Azure AD Domain.
Enter a Username and select your Tennant domain.
Enter details required and select Global Admin then enter an alternate email address.
Generate a Password.
Open up an InPrivate browsing session (Ctrl+ Shift + P) and navigate to https://manage.windowsazure.com and login with the new account details.
You will need to change the password then click follow link Update and Sign In.
You will the the above error that there is no Azure Subscription. This is fine. Exit the InPrivate browsing session.
Now rerun the agent setup.
Now log back into the portal and search for Azure Active Directory Connect Health.
Clicking on Active Directory Domain Services shows you the health of my 3 Domain Controllers (although I am currently only monitoring 2:
What an awesome tool?
Don’t forget to download the agents for your ADFS Servers and the AD Connect agent for the server that is running AD Connect if you Sync it for Office 365 etc and they will also show up in the portal.