WMI Deprecated from AAD Connect from version

Bob Bradley 4 years ago updated by Matthew Davis (Technical Product Manager) 4 years ago 6

In attempting to upgrade an existing UNIFYNow site to work with the latest AAD Connect version, I found that the microsoftidentityintegrationservice WMI namespace was missing.  This was preventing the successful creation of an AAD Connect agent for the new AAD Connect host.

After locating articles on how to restore this namespace, I found this reference which stated "... the deprecated WMI endpoints for MIIS_Service have now been removed ...".  Furthermore, the local ADSyncAdmins, ADSyncBrowse, ADSyncOperators and ADSyncPasswordSet groups no longer exist - these being the security roles associated to the WMI namespace.

Guidance in the above reference is now this: "Any WMI operations should now be done via PS cmdlets"

Does this mean that UNIFYNow will not support AAD Connect from version onwards, or is work underway to change the agent to connect via PS?



Thanks Bob. I've updated the article to contain this information.

Satisfaction mark by Bob Bradley 4 years ago

For reference, the following 2 articles show how to reinstate the WMI namespaces for MIM and AAC Connect respectively, but these pre-dated the deprecation from AAD Connect:

It doesn't appear that the PS reference is published online, but there is this: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-scheduler - and this does NOT provide a practical way of selectively running MA operations individually.

Attaching logs referencing the "invalid namespace" exception:


The test of Agent AADConnect Agent (5816b02b-a117-423c-b8ae-ad28a7c0f009) failed with message:
System.Management.ManagementException: Invalid namespace
at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.ManagementScope.InitializeGuts(Object o)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at Unify.Product.EventBroker.MIMAgent.TestConnection()
at Unify.EventBroker.Agents.Audit.AgentAuditingDecoratorBase.TestConnection()
at Unify.Product.EventBroker.AgentEngine.Notify(ITestAgentConnectionMessage message)
Under review

Hey Bob,

At the moment, you're correct - UNIFYNow will not support AAD Connect from version onwards. 

If there's a requirement for support we can investigate, but given the agent is shared across AAD Connect and MIM, there would be significant effort to split these up and offer the capability of AAD Connect integration without impacting the existing MIM integration functionality.

Thanks for confirming Matt - I suggest the https://voice.unifysolutions.net/knowledge-bases/8/articles/2731-unifynow-for-dirsync-or-azure-ad-connect article (which preceded the configuration for our customer when Microsoft changed the database name to ADSync but retained the microsoftidentityintegrationserver namespace) needs to be updated accordingly.  I will advise our customer that we should discontinue use of UNIFYNow to operate AAD Connect given there is no longer a compelling need to do so.  I just needed to confirm first.


Thanks Bob. I've updated the article to contain this information.