diagnosticsModule/Public/Export-AdfsDiagnosticsFile.ps1
<#
.SYNOPSIS Gathers and exports diagnostic data into a file. This cmdlet is used with the Diagnostics Analyzer Tool on the AD FS Help website (https://adfshelp.microsoft.com/DiagnosticsAnalyzer). .DESCRIPTION The Export-AdfsDiagnosticsFile cmdlet gathers diagnostic data from the current AD FS server and exports the diagnostic file required for the AD FS Help Diagnostic Analyzer. This cmdlet works on AD FS 2.0 and later. .PARAMETER FilePath String parameter that specifies the location of the exported file. By default, a file will be created in the current folder. .PARAMETER IncludeTrusts Boolean parameter that will enable additional checks for relying party trust and claims provider trust certificates. It is false by default. .PARAMETER SslThumbprint String parameter that corresponds to the thumbprint of the AD FS SSL certificate. This is required for running test cases on proxy servers. .PARAMETER AdfsServers Array of fully qualified domain names (FQDN) of all of the AD FS STS servers that you want to run health checks on. For Windows Server 2016 this is automatically populated using Get-AdfsFarmInformation. By default the tests are already run on the local machine, so it is not necessary include the FQDN of the current machine in this parameter. .PARAMETER Local Switch that indicates that you only want to run the health checks on the local machine. This takes precedence over -AdfsServers parameter. .EXAMPLE Export-AdfsDiagnosticsFile -IncludeTrusts:$true Export a diagnostic file of an AD FS Farm and examine the relying party trust and claims provider trust certificates. .EXAMPLE Export-AdfsDiagnosticsFile -adfsServers @("sts1.contoso.com", "sts2.contoso.com", "sts3.contoso.com") Export a diagnostic file of an AD FS farm by running checks on the following servers: sts1.contoso.com, sts2.contoso.com, sts3.contoso.com. This automatically runs the test on the local machine as well. .EXAMPLE Export-AdfsDiagnosticsFile -sslThumbprint ‎c1994504c91dfef663b5ce8dd22d1a44748a6e16 Export a diagnostic file of a WAP server and utilize the provided thumbprint to check SSL bindings. #> # the final output format is as follows (in JSON): # diagnosticData: # { module1: { cmdlet1.1: results, cmdlet1.2: results, ...}, # module2: { cmdlet2.1: results, ...} # ... # } # where results will be the desired output or an exception message. Function Export-AdfsDiagnosticsFile() { # aggregate parameters for all cmdlets [CmdletBinding()] Param ( [string] $filePath = $null, [switch] $includeTrusts = $false, [string] $sslThumbprint = $null, [string[]] $adfsServers = $null, [switch] $local = $null ) # generate filePath at current folder if filePath is not provided by user if (!$filePath) { $filePath= -join("ADFSDiagnosticsFile-", (Get-Date -UFormat %Y%m%d%H%M%S), ".json") } # create file if the file doesn't exist if (!(Test-Path -Path $filePath)) { Out-Verbose "Creating file $filePath" New-Item $filePath -ItemType "file" > $null } $filePath = (Resolve-Path -Path $filePath).Path # run the private JSON generator for diagnostic data $JSONDiagnosticData = GenerateJSONDiagnosticData -includeTrusts:$includeTrusts -sslThumbprint $sslThumbprint -adfsServers $adfsServers -local:$local; Out-Verbose "Outputting diagnostic data at $filePath" Out-File -FilePath $filePath -InputObject $JSONDiagnosticData -Encoding ascii # print message for the user to find the file Write-Host "Please upload the diagnostic file located at $filePath to https://adfshelp.microsoft.com/DiagnosticsAnalyzer/Analyze." } |