Configure AD FS Server for Monitoring

Active Directory Federation Services (AD FS) server role can be assigned:

  • to a domain controller
  • to a Windows server joined in the domain

Multiple AD FS federation servers can be included in a farm - a group of connected servers with configuration replicated between them. The first AD FS federation server you set up in the farm becomes a primary server. Other federation servers you add to the farm will become secondary servers.

You can configure your AD FS farm for monitoring in one of the following ways:

  • Automatically (recommended)
  • Manually

NOTE: Make sure you have Windows Remote Management properly configured on your Netwrix Auditor server. See Software Requirements for details.

To configure AD FS farm audit settings automatically

Audit settings can be applied automatically if your monitoring plan has the primary AD FS federation server included as an item. If it has only secondary AD FS federation servers included, you will need to configure audit settings manually, as described later in this section.

  1. Select the AD FS data source in this monitoring plan (top row under the header), click Edit data source to open its settings.
  2. In the Configure audit settings section, select Adjust audit settings automatically check box.
  3. Save the settings.

Netwrix Auditor will automatically configure audit settings on all servers in the AD FS farm and adjust the necessary log settings on these servers.

To configure AD FS farm audit settings manually

To configure AD FS farm manually, you will need to enable AD FS audit settings and set up Windows audit policy:

  1. AD FS audit settings must be configured on the primary AD FS server, i.e. on the first server you have set up in the farm:
    • To configure audit of AD FS 3.0 on Windows Server 2012 R2, use the following PowerShell cmdlet:

    Set-AdfsProperties -LogLevel Errors,FailureAudits,Verbose,SuccessAudits,Warnings

    • To configure audit of AD FS 4.0 on Windows Server 2016 or AD FS 5.0 on Windows Server 2019, use the following PowerShell cmdlets:

    Set-AdfsProperties -LogLevel Errors,FailureAudits,Verbose,SuccessAudits,Warnings

    Set-AdfsProperties –AuditLevel Verbose

  2. Windows Audit policy must be configured on each server in the farm. For all Windows server versions
    • Run the auditpol utility with the following parameters:
    • auditpol.exe /set /subcategory:"Application Generated" /failure:enable /success:enable

  3. Adjust log size and retention settings for Security log and for AD FS Admin log (under Applications and Service logs). See Adjusting Event Log Size and Retention Settings for details.
  4. NOTE: If AD FS Admin logging is disabled, you should enable it.

Also remember to do the following: