Step 1: Create a Dedicated User Account in Microsoft Entra ID
- Create a new user account in Microsoft Entra ID (e.g.,
healthagentuser@yourdomain.com). - Secure the account by creating a strong password.
- Assign the Owner role to the new account in the Microsoft Entra Connect Health portal. Ensure this role is assigned for all service instances that will use the health agent.
Step 2: Download the Health Agent Setup
- Download the Microsoft Entra Connect Health Agent MSI file.
- Place the
.exeinstaller on each domain controller where the agent will be installed.
Step 3: Run PowerShell Script to Install and Register the Health Agent
Use the following PowerShell script to silently install and register the health agent on multiple servers. You’ll use PowerShell Remoting (Invoke-Command) to perform this on multiple servers.
PowerShell Script for Remote Deployment:
# Define the list of servers to install the agent on
$servers = @("Server1", "Server2", "Server3", "...")
# Define the credentials
$userName = "NEWUSER@DOMAIN"
$password = "PASSWORD" # Replace with actual password
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$myCreds = New-Object System.Management.Automation.PSCredential ($userName, $secpasswd)
# Define the command to run on each server
$scriptBlock = {
param($myCreds)
# Step 1: Install the AD Connect Health Agent
Start-Process -FilePath "C:\Path\To\AdHealthAddsAgentSetup.exe" -ArgumentList "/quiet AddsMonitoringEnabled=1 SkipRegistration=1" -Wait
# Step 2: Wait for installation to complete
Start-Sleep -Seconds 30
# Step 3: Import module and register the agent
Import-Module "C:\Program Files\Microsoft Azure AD Connect Health Agent\Modules\AdHealthConfiguration"
Register-MicrosoftEntraConnectHealthAgent -Credential $myCreds
}
# Execute the script block on each server in the list
foreach ($server in $servers) {
Invoke-Command -ComputerName $server -ScriptBlock $scriptBlock -ArgumentList $myCreds -Credential $myCreds -ErrorAction Stop
Write-Output "Installation and registration complete on $server"
}
Step 4: Configure Proxy Settings (Optional)
If your environment uses a proxy, you can configure the Microsoft Entra Connect Health Agent to use it:
Import Existing Proxy Settings:
- Import from Internet Explorer settings:powershellCopy code
Set-MicrosoftEntraConnectHealthProxySettings -ImportFromInternetSettings - Import from WinHTTP settings:powershellCopy code
Set-MicrosoftEntraConnectHealthProxySettings -ImportFromWinHttp
Specify Proxy Address Manually:
To set a specific proxy server address, use:
Set-MicrosoftEntraConnectHealthProxySettings -HttpsProxyAddress "proxyserver:443"
Clear Proxy Configuration:
To remove the proxy settings, run:
Set-MicrosoftEntraConnectHealthProxySettings -NoProxy
Verify Proxy Settings:
To check the current proxy settings, use:
Get-MicrosoftEntraConnectHealthProxySettings
Step 5: Test Connectivity
After registration, verify that the agent can communicate with the Microsoft Entra Connect Health service:
Test-MicrosoftEntraConnectHealthConnectivity -Role ADDS
Replace ADDS with ADFS or Sync as applicable.
Step 6: Manage the Health Agent Account
When finished, you may want to manage or restrict access for the Microsoft Entra Connect Health agent account:
- Remove the role assignment for the local account in Microsoft Entra Connect Health.
- Rotate the password for the account periodically.
- Disable or delete the account if it’s no longer needed.
Alternative: Register the Agent Non-Interactively on a Server
To manually register the agent on a Server Core or without prompting for credentials:
$cred = Get-Credential
Register-MicrosoftEntraConnectHealthAgent -Credential $cred
For sovereign clouds, specify the User Principal Name:
Register-MicrosoftEntraConnectHealthAgent -UserPrincipalName "user@domain"
This guide should enable you to efficiently deploy, configure, and test the Microsoft Entra Connect Health Agent across multiple servers in your environment.
