Using WMI via LDAP

Windows Management Instrumentation (WMI) contains the WMIExtension interface that allows an administrator to use WMI for managing computer objects returned from the LDAP namespace. WMI provides the user with a great deal of power over computer components (including OS, services, file systems, event logs, etc.), and description of all its possibilities requires of a separate book. We will only consider the use of methods (Get WMIObject, Get WMIServices) and property (WMIObjectPath) of the WMIExtension interface for retrieving some information, which usual ADSI interfaces cannot supply. You can find WMI SDK documentation yourself and easily expand the examples proposed to cover your own needs.

The following program comprises a few samples of information, which you can retrieve using WMI ADSI Extension. To get a list of other properties that can be obtained, see the definition of the class specified in the "select … from …" string when the ExecQuery method is called.

Listing 17.24. WMI-ADSI.vbs — Using WMI ADSI Extension

    Option Explicit    Sub Main ()    Dim objAD As IADsContainer    Dim obj As IADs    Dim ADSObject As WMIExtension    Dim WMIServices As SWbemServices    Dim WMIObject As SWbemObject    Dim recSet As SWbemObjectSet    Dim LogFile As SWbemObject    Dim i As Integer    ' Obtain a list of computers and query each of them:    Set objAD = GetObject ("LDAP: //CN=Computers, DC=net, DC=dom")    objAD.Filter = Array ("computer")    i = 1    For Each obj In objAD      Debug.Print "#"; i; obj.Name; " ("; obj.ADsPath;")"      ' Get a computer object from the LDAP namespace:      Set ADSObject = GetObject (obj.ADsPath)      Debug.Print "WMI Object Path: " + ADSObject.WMIObjectPath      Set WMIObject = ADSObject. GetWMIObject      Debug.Print vbCrLf      ' Now you can use any properties or methods of the WMI object.      ' For the list of properties, see the Win32_ComputerSystem      ' WMI class definition.      ' Display some system information about the currently      ' selected computer:      Debug.Print "Status = " + WMIObject.Status      Debug.Print "Boot state = " + WMIObject.BootUpState      Debug.Print "Computer name = " + WMIObject. Caption      Debug.Print "Role within domain = " + CStr (WMIObject.DomainRole)      Debug.Print "Total memory (bytes) = " + WMIObject. TotalPhysicalMemory      Debug.Print "User registered = " + WMIObject.UserName      Debug.Print vbCrLf      ' Get a WMI services object for the "root\cimv2" namespace:      Set WMIServices = ADSObject.GetWMIServices      ' Get some information about the OS installed:      Set recSet = WMIServices.ExecQuery _                   ("select * from Win32_OperatingSystem")      ' Use GetWMIObject to retrieve a WMI object:     For Each WMIObject In recSet        Debug.Print WMIObject.Name      Next      Debug.Print vbCrLf      ' List all running services:      Set recSet = WMIServices.ExecQuery _            ("select * from Win32_Service where State<>'Stopped'")      ' The following statement allows you to get a list of services that      ' have failed to start on the selected computer:      ' Set recSet = WMIServices.ExecQuery("select * from Win32_Service      '   where State='Stopped' and Start Mode='Auto'")      Debug.Print "Services (TOTAL)"; recSet.Count      For Each WMIObject In recSet        Debug.Print WMIObject.Name      Next      Debug.Print vbCrLf      ' List all processes running on the target computer:      Set recSet = WMIServices.ExecQuery ("select * from Win32_Process")      Debug.Print "Processes (TOTAL)"; recSet.Count      For Each WMIObject In recSet      Debug.Print WMIObject.Name    Next    Debug.Print vbCrLf    ' Enumerate event logs:    Set recSet = WMIServices.ExecQuery _                 ("select * from Win32_NTEventLogFile")    Debug.Print "Event logs (TOTAL)"; recSet.Count    For Each LogFile In recSet      Debug.Print LogFile.Name      ' The following statement saves a log to a file      ' on the target computer;      ' you need only to form a unique file name:      ' LogFile.BackupEventlog ("C:\net.evt")    Next    Debug.Print vbCrLf    ' Display all events in the specified log (Application,    ' Security, System, etc.) :    Set recSet = WMIServices.ExecQuery _             ("select * from Win32_NTLogEvent WHERE LogFile='Security'")    Debug.Print "Events (TOTAL)"; recSet.Count    For Each LogFile In recSet      ' The latest event will go first.      ' For a list of properties, see the Win32_NTEventlog      ' WMI class definition.      ' You can redirect this information to a file      ' on the local computer (where the program is running):      Debug.Print LogFile.CategoryString, LogFile.SourceName, _              LogFile.EventCode, LogFile.LogFile, LogFile.TimeGenerated    Next    Debug.Print vbCrLf    ' Go to the next computer    i = i + 1   Next   Set objAD = Nothing   Set obj = Nothing   Set ADSObject = Nothing   Set WMIServices = Nothing   Set WMIObject = Nothing   Set recSet = Nothing   Set LogFile = Nothing   End Sub 

Windows 2000 and Windows .NET systems contain the so-called Windows Management Instrumentation Tester (wbemtest.exe). If you become particularly interested in using WMI and are not afraid to spend some time learning this powerful technology, you can use that GUI tool for browsing WMI objects and testing queries used in your ADSI scripts.

To start the Windows Management Instrumentation Tester, enterl wbemtest.exe in the Run window. Then, you must connect to a WMI namespace. Click Connect and enter root\cimv2 in the Namespace field. In Fig. 17.1, you can see the main window of the tool and the Query window that allows you to execute WQL requests.

Fig. 17.1: Performing interactive WMI queries using the Windows Management Instrumentation Tester

There is another relatively "safe" operation - you can obtain a list of WMI classes and properties of those classes. Click Enum Classes. In the Superclass Info window (Fig. 17.2), select Recursive and click OK.

Fig. 17.2: Enumerating all WMI classes

In the class list, you can double click a class name and view the properties and methods exposed by that class. The Instances button will allow you to see all objects of the class selected that exist on the computer. All that information might be useful for you to learn WMI objects and debug WQL queries.