Mapping Active Directory Classes
Because Active Directory has a wide variety of possible objects, WMI cannot create a direct one-to-one mapping. Instead, the Directory Services provider uses rules to map classes between the two technologies.
This following sections are discussed in this topic:
Note
For more information about support and installation of this component on a specific operating system, see Operating System Availability of WMI Components.
Mapping Classes
The following list describes the guidelines that the Directory Services provider uses to map Active Directory classes to WMI classes:
Each abstract class in the Active Directory schema maps to one abstract class in the WMI schema.
In the WMI schema, each abstract class is prefixed with DS_. For example, the person class from the Active Directory schema maps to the DS_person WMI class.
Each nonabstract class from the Active Directory schema maps to the following two classes in the WMI schema:
- The first mapped class is prefixed with ADS_. These are abstract classes, mapped according to the rules below.
- The second mapped class is a nonabstract class with the DS_ name prefix. This class is derived from the ADS_ abstract class, with the addition of the Provider qualifier.
For example, the user class from the Active Directory schema maps to two classes. The first class is the ADS_user abstract class, mapped according to rules below. The second class is the DS_user nonabstract class. It is derived from ADS_user and has the added Provider qualifier.
Unless specified otherwise, the name of a mapped class is the mangled value of the LDAP-Display-Name property in the Active Directory class.
If the Sub-Class-Of property is present on the Active Directory class, the WMI-mapped class is derived from the specified class.
If the Sub-Class-Of property is not present, the WMI-mapped class is derived from the DS_LDAP_Root_Class class, as specified in the MOF file.
Note
This class has the ADSIPath key property, with a type VT_BSTR. This is the unique ADSI path that identifies this instance. Active Directory supports single-inheritance only, so this works.
A Dynamic qualifier of type VT_BOOL, and flavor
WBEM_FLAVOR_FLAG_PROPAGATE_TO_INSTANCE | WBEM_FLAVOR_FLAG_PROPAGATE_TO_DERIVED_CLASSset to TRUE is created for every class. This is a standard WMI qualifier that indicates that instances of this class are provided dynamically.If the class is not abstract, the provider creates a Provider qualifier of type VT_BSTR BOOL and qualifier flavor
WBEM_FLAVOR_FLAG_PROPAGATE_TO_INSTANCE | WBEM_FLAVOR_FLAG_PROPAGATE_TO_DERIVED_CLASSset to "DS Instance Provider" for every class. This is a standard WMI qualifier that indicates the name of the provider dynamically providing instances of this class.
The rest of the ADSI properties map to class qualifiers and properties as per the following tables. All qualifiers map with a qualifier flag value of WBEM_FLAVOR_FLAG_PROPAGATE_TO_INSTANCE | WBEM_FLAVOR_FLAG_PROPAGATE_TO_DERIVED_CLASS.
The following lists mapping information for the Active Directory class, showing the WMI qualifier and WMI qualifier type for each Active Directory property.
-
Common-Name
-
CN (VT_BSTR)
Mapped directly from the string value.
-
Default-Object-Category
-
DefaultObjectCategory (VT_BSTR)
Mapped directly from the string value.
-
Default-Security-Descriptor
-
DefaultSecurityDescriptor (VT_BSTR)
Mapped directly from the string value.
-
Governs-Id
-
GovernsId (VT_BSTR)
Mapped from the string representation of the OID; for example, "{ 1 3 3 6 }".
-
Object-Class
-
N/A
Not mapped.
-
Object-Class-Category
-
ObjectClassCategory (VT_I4)
Mapped directly from the integer value. In addition, if the value is Abstract(2), then the standard VT_BOOL CIM qualifier, called the "Abstract" qualifier, is also created.
-
RDN-ATT-ID
-
RDNATTID (VT_BSTR)
Mapped from the string representation of the OID value; for example, "{ 1 3 3 6 }". In addition, the property identified here is annotated with the standard Indexed CIM qualifier set to TRUE.
-
System-Only
-
SystemOnly (VT_BOOL)
Mapped directly from the Boolean value.
The following lists the Active Directory class properties mapped to WMI class properties.
-
May-Contain
-
Each property in this list is mapped to a WMI property.
-
Must-Contain
-
Each property in this list is mapped to a WMI property. The standard Not_Null CIM qualifier is created for each of these.
-
System-May-Contain
-
Each property in this list is mapped to a WMI property. In addition, each property is annotated with a System qualifier, set to TRUE.
-
System-Must-Contain
-
Each property in this list is mapped to a WMI property. The standard Not_Null CIM qualifier is created for each of these. In addition, each property is annotated with a System qualifier, set to TRUE.
Mapping Attributes
The Directory Services provider maps each attribute of an Active Directory class to exactly one property of the corresponding WMI class according to the rules in this section. In general, the Directory Services Provider names the WMI property as the mangled version of the LDAP-Display-Name value of the Active Directory attribute.
If the Active Directory property Is-Single-Valued is FALSE, then this WMI property is combined with the OR operator with CIM_FLAG_ARRAY. Note that each property is tagged with the VT_BSTR qualifier, ADSyntax. It represents the underlying Active Directory syntax.
The following table lists the mapping of the Active Directory syntax to the WMI property data type.
| Active Directory element | WMI data type |
|---|---|
| Access-Point | CIM_STRING |
| Boolean | CIM_BOOLEAN |
| Case Insensitive String | CIM_STRING |
| Case Sensitive String | CIM_STRING |
| Distinguished Name | CIM_STRING |
| DN-Binary | Embedded object of class DN_With_Binary defined below. |
| DN-String | Embedded object of class DN_With_String defined below. |
| Enumeration | CIM_SINT32 |
| Enumeration | CIM_STRING |
| Integer | CIM_SINT32 |
| LargeInteger | CIM_STRING |
| Security Descriptor | Embedded object of class Uint8Array defined below. |
| Numeric String | CIM_STRING |
| Object ID | CIM_STRING |
| Octet String | Embedded object of class Uint8Array defined below. |
| OR Name | CIM_STRING |
| Presentation-Address | Embedded object of class Uint8Array defined below. |
| Print Case String | CIM_STRING |
| Replica Link | Embedded object of class Uint8Array defined below. |
| String(Sid) | Embedded object of class Uint8Array defined below. |
| Time | CIM_DATETIME |
| UTC Coded Time | CIM_DATETIME |
| Unicode String | CIM_STRING |
The Octet String syntax, which refers to an array of uint8 values, presents a problem when mapped to WMI because WMI allows properties of types uint8 and arrays of uint8, whereas Active Directory allows properties of type Octet String as well as arrays of Octet String.
The following example shows the Directory Services Provider class that is used to map an array of Octet String type properties.
Class Uint8Array
{
uint8 values[];
uint32 numberOfValues;
};
WMI maps all Octet String Active Directory property values to embedded instances of Uint8Array. Similarly, WMI maps arrays of Octet String to arrays of embedded Uint8Array objects.
The following example shows the classes that are mapped by WMI to DN-Binary and DN-String DS property values.
Class DN_With_String
{
string dnString;
string value;
};
Class DN_With_Binary
{
string dnString;
uint8 value[];
};
The following table lists how WMI maps the rest of the Active Directory attribute interface properties to WMI property qualifiers.
| Active Directory attribute-property name | WMI Qualifier | Data type | Mapping information |
|---|---|---|---|
| Attribute-Syntax | AttributeSyntax | VT_BSTR | Mapped from the string representation of the OID. |
| Common-Name | CN | VT_BSTR | Mapped from the string value. |
| System-Only | System | VT_BOOL | Mapped from the Boolean value. |
Note
WMI maps all Active Directory qualifiers with the WBEM_FLAVOR_FLAG_PROPAGATE_TO_INSTANCE | WBEM_FLAVOR_FLAG_PROPAGATE_TO_DERIVED_CLASS qualifier flavors.
Association Classes
The Directory Service is essentially a hierarchical store of objects. Those objects that can appear at a nonleaf level in the hierarchy are called "containers". The structure of this hierarchy is further controlled by the "Poss-Superiors" and "System-Poss-Superiors" properties of a class in the schema. These, taken together, specify the set of classes whose instances can be contained within an instance of a container class.
The following example models a CIM association as instances of the static association class DS_LDAP_Class_Containment.
// DS Class Associations Provider
// Create a class of which instances are
// provided by this provider
[
Association : ToInstance,
dynamic,
HasClassRefs,
Provider("Microsoft|DSLDAPClassAssociationProvider|V1.0")
]
class DS_LDAP_Class_Containment
{
[key, classref{"DS_LDAP_Root_Class"} : ToInstance ToSubClass]
object Ref ChildClass;
[key, classref{"DS_LDAP_Root_Class"} : ToInstance ToSubClass]
object Ref ParentClass; // The parent DS Class
};
// Create an instance of the provider class for registration
instance of __Win32Provider as $AssociationsProvider
{
Name = "Microsoft|DSLDAPClassAssociationProvider|V1.0";
Clsid = "{33831ED4-42B8-11d2-93AD-00805F853771}";
ImpersonationLevel = 1;
};
// Specification of the instances and operation
// provided by the provider
instance of __InstanceProviderRegistration
{
Provider = $AssociationsProvider;
SupportsGet = TRUE;
SupportsPut = FALSE;
SupportsDelete = FALSE;
SupportsEnumeration = TRUE;
};
The association class provider supports the GetObjectAsync and CreateClassEnumAsync methods.