views:

503

answers:

4

How I can query Active Directory from Sql Server 2005?

+6  A: 

Pretty general question but here are some pointers.

You need a linked server creating on the SQL Server that points to ADSI (Active Directory Service Interface) something like this will do it.

EXEC sp_addlinkedserver 'ADSI', 'Active Directory Services 2.5', 'ADSDSOObject', 'adsdatasource'

Then you can use the following sort of query.


SELECT *
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName
FROM ''LDAP://DC=MyDC,DC=com,DC=uk''
WHERE objectCategory = ''Person''
AND objectClass = ''user'')

You'll need to set the LDAP:// line appropriately (ask your AD admin for the details) and be aware that distributed adhoc queries using OpenQuery are disabled by default in SQL Server. Once you have the above though it should be pretty easy to google for any particular variations.

Steve Homer
Is the link to AD read-only, or can you Insert via this route too?
Kristen
No it's Select only but you can use the ADSI COM object model to create users. There's an intro here http://en.csharp-online.net/User_Management_with_Active_Directory
Steve Homer
+2  A: 

Yes.

Linked server:

EXEC master.dbo.sp_addlinkedserver
    @server = N'ADSI', 
    @srvproduct=N'Active Directory Services',
    @provider=N'ADsDSOObject', 
    @datasrc=N'Servername.domain.com'

Query:

select * from openquery
(
ADSI,'SELECT name 
FROM ''LDAP://Servername.domain.com''
WHERE objectCategory = ''Person'' AND objectClass = ''user''
')

There are lots of examples if you search linked server and LDPA on Google. I say this because LDAP can be quite complicated to work with.

gbn
A: 

In order to overcome the maximum limit of 1000 records returned at a time from the Active Directory queries, you can use the function which I wrote below.

CREATE FUNCTION [dbo].[tf_GetAllUsersFromActiveDirectory]
()
RETURNS 
     @USERS TABLE 
     ( 
        sAMAccountName VARCHAR(25)    PRIMARY KEY CLUSTERED     
      , givenName VARCHAR(200)
      , SN VARCHAR(200)
      , userAccountControl VARBINARY(8)
      , mail VARCHAR(200)

     )
AS
BEGIN



INSERT INTO @Users
SELECT  sAMAccountName,givenName, sn, userAccountControl,mail FROM OpenQuery(ADSI, '<LDAP://YourDomain.com:389>;(&(objectClass=User)(|(sAMAccountName=A*)(sAMAccountName=B*)(sAMAccountName=C*)(sAMAccountName=D*)) );sAMAccountName,givenName, sn, mail,userAccountControl;subtree')
UNION ALL
SELECT  sAMAccountName,givenName, sn, userAccountControl,mail FROM OpenQuery(ADSI, '<LDAP://YourDomain.com:389>;(&(objectClass=User)(|(sAMAccountName=E*)(sAMAccountName=F*)(sAMAccountName=G*)(sAMAccountName=H*)) );sAMAccountName,givenName, sn, mail,userAccountControl;subtree')
UNION ALL 
SELECT  sAMAccountName,givenName, sn, userAccountControl,mail FROM OpenQuery(ADSI, '<LDAP://YourDomain.com:389>;(&(objectClass=User)(|(sAMAccountName=I*)(sAMAccountName=J*)(sAMAccountName=K*)(sAMAccountName=L*)) );sAMAccountName,givenName, sn, mail,userAccountControl;subtree')
UNION ALL
SELECT  sAMAccountName,givenName, sn, userAccountControl,mail FROM OpenQuery(ADSI, '<LDAP://YourDomain.com:389>;(&(objectClass=User)(|(sAMAccountName=M*)(sAMAccountName=N*)(sAMAccountName=O*)(sAMAccountName=P*)) );sAMAccountName,givenName, sn, mail,userAccountControl;subtree')
UNION ALL 
SELECT  sAMAccountName,givenName, sn, userAccountControl,mail FROM OpenQuery(ADSI, '<LDAP://YourDomain.com:389>;(&(objectClass=User)(|(sAMAccountName=Q*)(sAMAccountName=R*)(sAMAccountName=S*)(sAMAccountName=T*)) );sAMAccountName,givenName, sn, mail,userAccountControl;subtree')
UNION ALL
SELECT  sAMAccountName,givenName, sn, userAccountControl,mail FROM OpenQuery(ADSI, '<LDAP://YourDomain.com:389>;(&(objectClass=User)(|(sAMAccountName=U*)(sAMAccountName=V*)(sAMAccountName=W*)(sAMAccountName=X*)) );sAMAccountName,givenName, sn, mail,userAccountControl;subtree')
UNION ALL 
SELECT  sAMAccountName,givenName, sn, userAccountControl,mail FROM OpenQuery(ADSI, '<LDAP://YourDomain.com:389>;(&(objectClass=User)(|(sAMAccountName=Y*)(sAMAccountName=Z*)) );sAMAccountName,givenName, sn, mail,userAccountControl;subtree')



RETURN



END

GO
Suman
+1  A: 

Just a note; to remove the link use

exec sp_dropserver 'ADSI';
JosephStyons
Thanks for mentioning this!
Calanus