Skip to main content

Query Active Directory from SSMS - 3 steps


Step1: Get the Servers
Run the following command to get the list of all linked servers.
sp_linkedservers

Note: sp_helpserver can also be used to list the available servers

Step 2: Add the server you want to connect to [This is important, because most people mess up here]

To add a linked server we will use the following command
sp_addlinkedserver

EXEC sp_addlinkedserver
@server=N'S1_instance1',
@srvproduct=N'',
@provider=N'SQLNCLI',
@datasrc=N'S1\instance1';

Step 3: Query the Active Directory

DECLARE @Application TABLE (cn varchar(50));
DECLARE @ApplicationCN varchar(50);
DECLARE @SQLString nvarchar(MAX);
DECLARE @ApplicationName varchar(20)= 'yy' -- name of the container
DECLARE @Role varchar(20) = 'xxx'
DECLARE @Domain nvarchar(20) = 'a.com' -- if this is a.com

SET @SQLString='SELECT cn FROM OPENQUERY(ADSI,''SELECT cn FROM ''''LDAP://' +@Domain +''''' WHERE objectClass=''''msDS-AzApplication'''' AND msDS-AzApplicationName='''''+@ApplicationName+''''''')';

PRINT (@SQLString)

INSERT @Application EXEC(@SQLString);

SET @ApplicationCN=(SELECT TOP 1 cn FROM @Application);

SET @SQLString='SELECT * FROM OPENQUERY(ADSI,''SELECT userPrincipalName,givenName,sn,samAccountName, cn, company, department, Name, Mail,telephoneNumber,mobile, l, physicalDeliveryOfficeName, postalCode, streetAddress, facsimileTelephoneNumber, distinguishedName, info FROM ''''LDAP://' +@Domain +''''' WHERE msDS-MembersForAzRoleBL=''''CN='+@Role+',CN=AzRoleObjectContainer-'+@ApplicationCN+',CN='+@ApplicationCN+ ',CN=US,OU=EDFrameworkAuthorizationStores,DC=a,DC=com'''''') order by 1'

EXEC (@SQLString);

--Let me know in case you face any problem.
Labels:

Comments

Post a Comment

Popular posts from this blog

Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)

While accessing the active directory (AD) and authorization manager (AZMAN) , If you get “   Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098)  “ message check the    account that is being used to get the LDAP query from AD .  ERROR DETAILS Exception Details:  System.Runtime.InteropServices.COMException: Insufficient access rights to perform the operation. (Exception from HRESULT: 0x80072098) Source Error: Line 154:    'Session("FullName") = System.Security.Principal.WindowsIdentity.GetCurrent.Name.ToString() Line 155: Line 156:    If Not User.IsInRole("Role1") Then Line 157:          Response.Redirect("./Login.aspx") Line 158:    End If  Stack Trace : .... SOLVE IT Steps to do check the app pool rights: Click on the website name that you are having problem with in IIS  In the right panel you will se...
Post a Comment
Read more

JavaScript Interview Questions

This is a compilations of all the interview questions related to Javascript that i have encountered.  Q: Difference between window.onload and onDocumentReady? A: The onload event does not fire until every last piece of the page is loaded, this includes css and images, which means there’s a huge delay before any code is executed. That isnt what we want. We just want to wait until the DOM is loaded and is able to be manipulated. onDocumentReady allows the programmer to do that. Q:  What is the difference between == and === ? A: The == checks for value equality, but === checks for both type and value. Few examples: "1" == 1; // value evaluation only, yields true "1" === 1; // value and type evaluation, yields false "1" == true; // "1" as boolean is true, value evaluation only, yields true "1" === false; // value and type evaluation, yields false Q: What does “1″+2+5 evaluate to? What about 5 + 2 +...
1 comment
Read more

Do's and Don't SQL

Do's: Writing comments whenever something is not very obvious, as it won’t impact the performance.  (--) for single line  (/*…*/) to mark a section Use proper indentation Use Upper Case for all SQL keywords. SELECT, UPDATE, INSERT, WHERE, INNER JOIN, AND, OR, LIKE. Use BEGIN... END block for multiple statements in conditional code  Use Declare and Set in beginning of Stored procedure Create objects in same database where its relevant table exists otherwise it will reduce network performance. Use PRIMARY key in WHERE condition of UPDATE or DELETE statements as this will avoid error possibilities. If User table references Employee table than the column name used in reference should be UserID where User is table name and ID primary column of User table and UserID is reference column of Employee table. Use select column name instead of select * Use CTE (Common Table Expression); its scope is limited to the next statement in SQL query, instead of...
Post a Comment
Read more