What is the “Windows Virtual Machine” object in active directory?
Welcome to the AskCore blog. In this blog, we are going to discuss about the “Windows Virtual Machine” object in the AD DS.
For any Active Directory joined Windows Hyper-V Virtual Machines, a serviceConnectionPoint (SCP) object called “Windows Virtual Machine” is created under the computer object account in the active directory.
You may refer to the below articles to know more about service connection points:
The “Windows Virtual Machine” object is primarily used to distinguish a domain joined Windows Hyper-V Virtual Machine from any physical machine or any other virtualization platform based machine in the domain.
To query all Hyper-V based, domain joined Virtual Machine in the domain you can use AD-PowerShell or dsquery command:
You should run this powershell command from the “Active Directory Module for Windows Powershell” command prompt
Get-ADObject –LDAPFilter "(&(objectClass=serviceConnectionPoint)(CN=Windows Virtual Machine))"
dsquery * Domainroot –Filter "(&(objectClass=serviceConnectionPoint)(CN=Windows Virtual Machine))"
This object is first created by the Hyper-V Integration service “Hyper-V Heartbeat Service” when a Hyper-V Virtual Machine running is added to the active directory. In case the object is deleted, it will be automatically re-created when the VM is restarted or the "Hyper-V Heartbeat Service" is restarted. On each restart of the service or virtual machine the integration service checks if the machine is domain joined and if it is domain joined, it checks if the serviceConnectionPoint (SCP) object exists in the domain. If the object doesn’t exist it will attempt to recreate the object.
One of the errors you may get is “ERROR_NO_SUCH_DOMAIN” if the machine is not joined to the domain, or if we are not able to connect to rootDSE due to a network issue. We attempt a maximum of 5 retries between 5 minutes and then fail. The error message with the error code is written in the Hyper-V Integration Component (IC) trace. Further, if we fail to obtain the computer object or if the computer object doesn’t exist, you’ll get a COM exception.
If the machine is a workgroup machine, this record will not be created. You should use other methods to determine if the machine is a virtual machine. You can query the Model and Manufacturer properties of the Win32_ComputerSystem class. A machine is a Hyper-V Virtual Machine if the Manufacturer property returns “Microsoft Corporation” and Model property returns “Virtual Machine”. Here is a sample VBScript which helps find out a Virtual Machine using the logic I just explained:
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set colItems = objWMIService.ExecQuery( _
"SELECT * FROM Win32_ComputerSystem",,48)
For Each objItem in colItems
If StrComp(objItem.Manufacturer,"Microsoft Corporation") = 0 And StrComp(objItem.Model,"Virtual Machine") = 0 Then
Wscript.Echo "Hyper-V Virtual Machine"
Wscript.Echo "Not a Hyper-V Virtual Machine"
Troubleshooting Object Creation Failures:
If a domain joined Windows Virtual Machine doesn’t have this object in the active directory, and if you wish to trace why this object is not getting created, you should enable Hyper-V IC tracing and also take a network trace.
To force a retry and collect the trace logs, setup the network and Hyper-V IC tracing and restart the "Hyper-V Heartbeat Service" and monitor the trace for about 5-10 minutes.
We have explained steps to enable hyper-v tracing in one of our blogs. The trace file will contain exceptions and errors for the failure event.
You may have to send the integration service trace to Microsoft Support for analysis.
I hope that this post helps you understand the “Windows Virtual Machine” object better and also troubleshoot the object creation failure issues.
Support Escalation Engineer
Windows Core - High Availability Group