header image

Active Directory WMI provider

Posted by: | March 15, 2012 | No Comment |

I stumbled on this namespace on my domain controller – root\directory\ldap – which appears to be a WMI provider for AD. From the information at http://technet.microsoft.com/en-us/library/hh831568.aspx it appears that it is being deprecated in Windows Server 8. This means it will be removed in a future version. In the mean time we have more toys to play with. Managing AD with the PowerShell cmdlets is going to be the best way to do it but we have an opportunity to experiment and discover other ways of doing things.

The namespace is huge so getting a full listing of classes is problematic.

Some quick observations

Get-WmiObject -Namespace root/directory/ldap -Class ds_grouppolicycontainer | select DS_displayName

gets a list of group policies

The domain security policy can be exposed like this

Get-WmiObject -Namespace root/directory/ldap -Class ds_domain | select DS_lockoutDuration, DS_lockOutObservationWindow, DS_lockoutThreshold, DS_maxPwdAge, DS_minPwdAge, DS_minPwdLength, DS_pwdHistoryLength, DS_pwdProperties

DS_lockoutDuration          : -600000000
DS_lockOutObservationWindow : -600000000
DS_lockoutThreshold         : 25
DS_maxPwdAge                : -36288000000000
DS_minPwdAge                : 0
DS_minPwdLength             : 7
DS_pwdHistoryLength         : 24
DS_pwdProperties            : 1

It will be worth poking around a bit more in this namespace

under: PowerShell and Active Directory, PowerShell and WMI