API Reference
View (LapsDsrmPolicyService)
Typed view returned to hosts/rules.
Inheritance
- Object
- View
Constructors
public View() #Inherited Methods
Properties
public Boolean CollectionSucceeded { get; set; } #True when DSRM LAPS collection completed successfully.
public String CollectionError { get; set; } #Error details when collection fails; null when successful.
public String DomainName { get; set; } #DNS domain name evaluated (e.g., contoso.com).
public String TargetDn { get; set; } #Distinguished name of the evaluation target; for this service it is the Domain Controllers OU.
public Nullable<Boolean> BackupDsrmPassword { get; set; } #True when policy enables backing up the DSRM password to Active Directory.
public Nullable<UInt32> PasswordAgeDays { get; set; } #Maximum password age for DSRM/Windows LAPS secrets (days).
public Nullable<UInt32> PasswordLength { get; set; } #Required length (characters) for generated passwords.
public Nullable<UInt32> PasswordComplexity { get; set; } #Password complexity level as defined by Windows LAPS policy (implementation scale).
public Nullable<Boolean> PasswordExpirationProtectionEnabled { get; set; } #True when expiration time cannot be extended beyond policy requirements (protection enabled).
public Nullable<Boolean> AdPasswordEncryptionEnabled { get; set; } #True when Windows LAPS AD encryption is enabled for stored secrets.
public String AdPasswordEncryptionPrincipal { get; set; } #Security principal permitted to decrypt encrypted LAPS passwords (when encryption is enabled).
public Nullable<UInt32> AdEncryptedPasswordHistorySize { get; set; } #Number of previous encrypted passwords retained in Active Directory (history size).
public IReadOnlyList<PolicyAttribution> Attribution { get; set; } #Policy attribution rows (winner + sources) for the settings above; includes Not configured rows when absent.
public String AttributionTopWriters { get; set; } #Compact string listing up to three Effective GPO names that wrote LAPS settings (for summaries).
public Int32 DcTotal { get; set; } #Total number of domain controllers discovered under the Domain Controllers OU.
public Int32 DsrmPresent { get; set; } #Number of DCs that have a DSRM LAPS secret present (msLAPS-EncryptedDSRMPassword).
public Int32 DsrmExpired { get; set; } #Number of DCs with an expired DSRM LAPS password (expiration time <= now).
public Int32 DcWithWindowsLaps { get; set; } #Number of DCs that also have a Windows LAPS (local administrator) secret present (informational).
public IReadOnlyList<Object> Missing { get; set; } #List of DCs missing a DSRM LAPS secret (each item includes DomainName, SamAccountName, OperatingSystem).
public IReadOnlyList<Object> Expired { get; set; } #List of DCs with an expired DSRM LAPS password (each item includes DomainName, SamAccountName, WindowsDsrmLapsExpiration).