views:

1326

answers:

1

I cannot query AD via SQL Server. I add the linked server referencing the active directory both via SQL (see below) and through the SSMS GUI but I cannot figure out the security issues.

    EXEC sp_addlinkedserver @server = 'ADSI', @srvproduct = 'Active Directory Services 2.5', @provider = 'ADSDSOObject', @datasrc = 'adsdatasource'

    EXEC sp_addlinkedsrvlogin @rmtsrvname = 'ADSI', @useself = 'False', @locallogin = 'sa', @rmtuser = 'mylogin', @rmtpassword = 'mypassword'

Thus this query fails by saying "...The provider indicates that the user did not have the permission to perform the operation."

SELECT * FROM OPENQUERY(ADSI, 'SELECT givenName, sn FROM ''LDAP://dc=mydomain,dc=com'' WHERE objectClass=''Person'' AND objectClass=''User''')

I probably have the @locallogin, @rmtuser, and @rmtpassword off and am confusing what each parameter means, and what the correct arguments should be; whether they should include user ID and password coalesced into one string including a backslash, or an aerobase, or what have you.

Any suggestions? It does not matter which SQL Server database, it is just that SS 08 is more informative due to a modicum of Intellisense.

+1  A: 

Trial and error led me to deduce that the @rmtuser parameter expects domain backslash user name; that seems to allow it to be queryable, for now.

JonathanWolfson