Skip to main content

Query Active Directory from SSMS - 3 steps


Step1: Get the Servers
Run the following command to get the list of all linked servers.
sp_linkedservers

Note: sp_helpserver can also be used to list the available servers

Step 2: Add the server you want to connect to [This is important, because most people mess up here]

To add a linked server we will use the following command
sp_addlinkedserver

EXEC sp_addlinkedserver
@server=N'S1_instance1',
@srvproduct=N'',
@provider=N'SQLNCLI',
@datasrc=N'S1\instance1';

Step 3: Query the Active Directory

DECLARE @Application TABLE (cn varchar(50));
DECLARE @ApplicationCN varchar(50);
DECLARE @SQLString nvarchar(MAX);
DECLARE @ApplicationName varchar(20)= 'yy' -- name of the container
DECLARE @Role varchar(20) = 'xxx'
DECLARE @Domain nvarchar(20) = 'a.com' -- if this is a.com

SET @SQLString='SELECT cn FROM OPENQUERY(ADSI,''SELECT cn FROM ''''LDAP://' +@Domain +''''' WHERE objectClass=''''msDS-AzApplication'''' AND msDS-AzApplicationName='''''+@ApplicationName+''''''')';

PRINT (@SQLString)

INSERT @Application EXEC(@SQLString);

SET @ApplicationCN=(SELECT TOP 1 cn FROM @Application);

SET @SQLString='SELECT * FROM OPENQUERY(ADSI,''SELECT userPrincipalName,givenName,sn,samAccountName, cn, company, department, Name, Mail,telephoneNumber,mobile, l, physicalDeliveryOfficeName, postalCode, streetAddress, facsimileTelephoneNumber, distinguishedName, info FROM ''''LDAP://' +@Domain +''''' WHERE msDS-MembersForAzRoleBL=''''CN='+@Role+',CN=AzRoleObjectContainer-'+@ApplicationCN+',CN='+@ApplicationCN+ ',CN=US,OU=EDFrameworkAuthorizationStores,DC=a,DC=com'''''') order by 1'

EXEC (@SQLString);

--Let me know in case you face any problem.
Labels:

Comments

Post a Comment

Popular posts from this blog

Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)

While accessing the active directory (AD) and authorization manager (AZMAN) , If you get “   Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)  “ message check the    account that is being used to get the LDAP query from AD .  ERROR DETAILS Exception Details:  System.Runtime.InteropServices.COMException: Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098) Source Error: Line 154:    'Session("FullName") = System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString() Line 155: Line 156:    If Not User.IsInRole("Role1") Then Line 157:          Response.Redirect("./Login.aspx") Line 158:    End If  Stack Trace : .... SOLVE IT Steps to do check the app pool rights: Click on the website name that you are having problem with in IIS  In the right panel you will se...
Post a Comment
Read more

Do's and Don't SQL

Do's: Writing comments whenever something is not very obvious, as it won’t impact the performance.  (--) for single line  (/*…*/) to mark a section Use proper indentation Use Upper Case for all SQL keywords. SELECT, UPDATE, INSERT, WHERE, INNER JOIN, AND, OR, LIKE. Use BEGIN... END block for multiple statements in conditional code  Use Declare and Set in beginning of Stored procedure Create objects in same database where its relevant table exists otherwise it will reduce network performance. Use PRIMARY key in WHERE condition of UPDATE or DELETE statements as this will avoid error possibilities. If User table references Employee table than the column name used in reference should be UserID where User is table name and ID primary column of User table and UserID is reference column of Employee table. Use select column name instead of select * Use CTE (Common Table Expression); its scope is limited to the next statement in SQL query, instead of...
Post a Comment
Read more

SQL Server 2008 - Inline Variable Assignment

Microsoft SQL Server 2008 brings in a new feature of 'Declaring and Assigning' a variable all in a single line. Earlier, while using SQL 2005 and earlier versions, we had to declare a variable before assigning it. This feature is explained in detail below. In SQL 2005 and earlier versions we had to write: Declare @age int Declare @name nvarchar(25) Declare @date date Set @age = 25 Set @name = "Garry" Set @date = GETDATE() With SQL 2008 we can combine both these statements to write Declare @age int = 25 Declare @name nvarchar(25) Declare @date @date = GETDATE() Advantage : This helps us to write less code, yet get the same functionality. Even though this feature has been available it is not being used in many projects because of backward compatibility issue. If the same code is being used on both 2005 and 2008 server we would prefer writing in a format compatible to both. Do share with us :  Would you like to use this new method? If not, why?
Post a Comment
Read more