A few months ago, I debuted a new tool for AAD Connect deployment (read about it here: AAD Connect Network and Name Resolution Test or download it here: https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3) which allows you to test a number of conditions to make sure your server and environment are suitable for deploying AAD Connect.
This week, I needed to help a customer go through the steps of switching from AD FS to Seamless Sign On, and realized I didn’t have any network testing framework in place for that.
I’ve added a few URL checks to the tool. It attempts to query resources at a few endpoints:
proxy.cloudwebappproxy.net autologon.microsoftazuread-sso.com 0.register.msappproxy.net
Fun fact: the value that AAD Connect tests is actually {0}.register.msappproxy.net, which works fine with the legacy NSLookup command, but the PowerShell Resolve-DnsName balks. Fortunately, 0.register.msappproxy.net also resolves to the same address.
At any rate, you can go get the updated version at https://gallery.technet.microsoft.com/Azure-AD-Connect-Network-150c20a3. I didn’t add any new params to it, so Seamless SSO checks will be performed with the other online connectivity checks.
Thank you, thank you ! Just stumbled across your script, perfect time for a multi forest deployment I will be working on soon.