PowerShell for Windows Admins

Mar 15 2012   4:25PM GMT

Active Directory WMI provider

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I stumbled on this namespace on my domain controller – root\directory\ldap – which appears to be a WMI provider for AD. From the information at http://technet.microsoft.com/en-us/library/hh831568.aspx it appears that it is being deprecated in Windows Server 8. This means it will be removed in a future version. In the mean time we have more toys to play with. Managing AD with the PowerShell cmdlets is going to be the best way to do it but we have an opportunity to experiment and discover other ways of doing things.

The namespace is huge so getting a full listing of classes is problematic.

Some quick observations

Get-WmiObject -Namespace root/directory/ldap -Class ds_grouppolicycontainer | select DS_displayName

gets a list of group policies

The domain security policy can be exposed like this

Get-WmiObject -Namespace root/directory/ldap -Class ds_domain | select DS_lockoutDuration, DS_lockOutObservationWindow, DS_lockoutThreshold, DS_maxPwdAge, DS_minPwdAge, DS_minPwdLength, DS_pwdHistoryLength, DS_pwdProperties

DS_lockoutDuration          : -600000000
DS_lockOutObservationWindow : -600000000
DS_lockoutThreshold         : 25
DS_maxPwdAge                : -36288000000000
DS_minPwdAge                : 0
DS_minPwdLength             : 7
DS_pwdHistoryLength         : 24
DS_pwdProperties            : 1

It will be worth poking around a bit more in this namespace

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: