Monitoring Forefront UAG DirectAccess clients and users with PowerShell in SP1

You can monitor DirectAccess clients and users by using the Forefront UAG client and user monitoring cmdlet, a Windows PowerShell snap-in that provides information about current and historical client and user logons. Monitoring Forefront UAG DirectAccess clients and users can be analyzed on an on-demand basis, to get a feel for how your current Forefront UAG DirectAccess performance is impacted by the number of concurrent users and clients.

The following procedure describes how to monitor Forefront UAG DirectAccess clients and users.

Adding and using the UAGDAUserMonitoring snap-in

The snap-in is automatically installed on the Forefront UAG DirectAccess server. When you want to use the snap-in on a non-Forefront UAG DirectAccess server, you must first install the snap-in on the local computer, as follows:

On the Forefront UAG DirectAccess server, from Windows Explorer, navigate to \UAG installation directory\common\bin\da\monitoring, and copy DAUserMonitoringSnapIn.dll to your local computer.
On the local computer, on the taskbar, click Start, click Run, and type the command: %windir%\Microsoft.NET\Framework64\v2.0.50727\installutil DAUserMonitoringSnapIn.dll, and then press ENTER.

Note:

In the above command, specify the full pathname of the DAUserMonitoringSnapIn.dll

Note:
In the above command, specify the full pathname of the DAUserMonitoringSnapIn.dll

To add and use the UAGDAUserMonitoring snap-in

On the taskbar, click Start, click All Programs, click Accessories, click Windows PowerShell, and then click Windows PowerShell.

From the Windows PowerShell command prompt, type Add-PSSnapin UAGDAUserMonitoring, and press ENTER.

Note:
If you want to automatically add the snap-in to all Windows PowerShell sessions when they start, add the snap-in to your Windows PowerShell profile. For more information, see about_Profiles(http://go.microsoft.com/fwlink/?LinkId=164602).

To retrieve user and client session information, from the Windows PowerShell command prompt, type Get-DirectAccessUsers . See the following table for the available parameters.

Parameter Name	Parameter Definition	Value	Example
ShowHistory	Defines whether current or historical data is returned.	False—Returns current DirectAccess sessions (default). True—Returns historical events.	Get-DirectAccessUsers –ShowHistory $True
StartTime	When ShowHistory is set to True, this parameter defines the start time for the query output.	Locale Time/Date format. (The default is 01/01/0001 12:00 AM.)	Get-DirectAccessUsers –ShowHistory $True –StartTime "7/7/2009 8:56:00 AM"
EndTime	When ShowHistory is set to True, this parameter defines the end time for the query output.	Locale Time/Date format. (The default is the current time.)	Get-DirectAccessUsers –ShowHistory $True –EndTime "7/7/2009 15:36:00 PM"
UserName	Used to filter specific users.	User name	Get-DirectAccessUsers –UserName Carlos
ClientName	Used to filter specific client computers.	Client computer name	Get-DirectAccessUsers –ClientName Carlos2008RTM
SessionID	Each session is recorded in SQL with a Session ID (GUID). This parameter is used to filter SQL events by the SessionID.	SessionID	Get-DirectAccessUsers –ShowHistory $true –SessionID 91c0262c-d876-4d5e-8418-969b864d38af

Note:
Query results can be piped to a CSV file which can be read by using Microsoft Excel. For example Get-DirectAccessUsers \| Export-Csv results.csv, exports the query result to results.csv.

To retrieve the health status of your Forefront UAG DirectAccess servers, from the Windows PowerShell command prompt, type Get-DirectAccessServices.

Historical event types include: StartSession, EndSession, UserameAdded, ClientNameAdded, CertAdded, MissingCert, MissingSC, MissingHealth, GainedCorpAccess, LostCorpAccess.