Skip to main content

Query Active Directory from SSMS - 3 steps


Step1: Get the Servers
Run the following command to get the list of all linked servers.
sp_linkedservers

Note: sp_helpserver can also be used to list the available servers

Step 2: Add the server you want to connect to [This is important, because most people mess up here]

To add a linked server we will use the following command
sp_addlinkedserver

EXEC sp_addlinkedserver
@server=N'S1_instance1',
@srvproduct=N'',
@provider=N'SQLNCLI',
@datasrc=N'S1\instance1';

Step 3: Query the Active Directory

DECLARE @Application TABLE (cn varchar(50));
DECLARE @ApplicationCN varchar(50);
DECLARE @SQLString nvarchar(MAX);
DECLARE @ApplicationName varchar(20)= 'yy' -- name of the container
DECLARE @Role varchar(20) = 'xxx'
DECLARE @Domain nvarchar(20) = 'a.com' -- if this is a.com

SET @SQLString='SELECT cn FROM OPENQUERY(ADSI,''SELECT cn FROM ''''LDAP://' +@Domain +''''' WHERE objectClass=''''msDS-AzApplication'''' AND msDS-AzApplicationName='''''+@ApplicationName+''''''')';

PRINT (@SQLString)

INSERT @Application EXEC(@SQLString);

SET @ApplicationCN=(SELECT TOP 1 cn FROM @Application);

SET @SQLString='SELECT * FROM OPENQUERY(ADSI,''SELECT userPrincipalName,givenName,sn,samAccountName, cn, company, department, Name, Mail,telephoneNumber,mobile, l, physicalDeliveryOfficeName, postalCode, streetAddress, facsimileTelephoneNumber, distinguishedName, info FROM ''''LDAP://' +@Domain +''''' WHERE msDS-MembersForAzRoleBL=''''CN='+@Role+',CN=AzRoleObjectContainer-'+@ApplicationCN+',CN='+@ApplicationCN+ ',CN=US,OU=EDFrameworkAuthorizationStores,DC=a,DC=com'''''') order by 1'

EXEC (@SQLString);

--Let me know in case you face any problem.
Labels:

Comments

Post a Comment

Popular posts from this blog

Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)

While accessing the active directory (AD) and authorization manager (AZMAN) , If you get “   Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)  “ message check the    account that is being used to get the LDAP query from AD .  ERROR DETAILS Exception Details:  System.Runtime.InteropServices.COMException: Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098) Source Error: Line 154:    'Session("FullName") = System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString() Line 155: Line 156:    If Not User.IsInRole("Role1") Then Line 157:          Response.Redirect("./Login.aspx") Line 158:    End If  Stack Trace : .... SOLVE IT Steps to do check the app pool rights: Click on the website name that you are having problem with in IIS  In the right panel you will see 'Basic Settings'. Click It. Select the specific pool option and enter the name of the ac
Post a Comment
Read more

Sql Server database Read_Only / Read_Write

The ALTER DATABASE command allows a database administrator to modify SQL Server databases and their files and filegroups. This includes permitting the changing of database configuration options. Why Read Only ? When you need to ensure that the data is a database is not modified by any users or automated processes, it is useful to set the database into a read-only mode. Once read-only, the data can be read normally but any attempts to create, updated or delete table rows is disallowed. This makes the read-only mode ideal when preparing for data migration, performing data integrity checking or when the data is only required for historical reporting purposes. Make Database Read Only USE  [master] GO ALTER DATABASE  [TESTDB]  SET  READ_ONLY  WITH  NO_WAIT GO Make Database Read/Write USE  [master] GO ALTER DATABASE  [TESTDB]  SET  READ_WRITE  WITH  NO_WAIT GO In case you get the following error message make the database single user: Msg 5070, Level 16, Stat
Post a Comment
Read more