ADFS Domain Connections Test

An AD FS server relies on multiple domains such as Active Directory domain, federated domain, etc. for user authentication. In the process, the AD FS server interacts with the domain controllers in the domains to authenticate users, issue tokens, and validate credentials. If the AD FS server frequently experiences slow responses from the PDC (Primary Domain Controller) or connection failures during query processing, it will lead to overall delays in the AD FS authentication process. This in turn will adversely impact the performance of applications that rely on the AD FS server for authentication. To avoid such anomalies, administrators should monitor how quickly the domains process the queries and easily identify the connections failures (if any). The ADFS Domain Connections test can help administrators in this regard!

This test auto-discovers the domains associated with the target AD FS server and reports the average time taken by each domain to process the PDC queries. This test also reports the connection failures (if any) occurred during the query processing.

Target of the test : An AD FS server

Agent deploying the test : An external agent

Outputs of the test : One set of results for each domain used by the AD FS server being monitored

Configurable parameters for the test
Parameters Description

Test Period

How often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port at which the AD FS server listens.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Average PDC query time

Indicates the time taken by this domain to perform a PDC query.

Seconds

A PDC (Primary Domain Controller) query typically refers to a request for information about the PDC Emulator, a specific role within an Active Directory (AD) environment. The PDC Emulator is one of the five Flexible Single Master Operations (FSMO) roles, and it plays a crucial part in AD operations, especially concerning time synchronization, password changes, and compatibility with legacy systems.

A high value for this measure indicates that the particular domain is taking longer time to process the queries.

PDC connection failures

Indicates the number of failures occurred while processing the PDC query by this domain.

Number

A non-zero value is a cause for concern.