I've been assigned the task to create or research the implementation of Active Directory Group based access to a 2008 SQL Server.
Looking into it, I see implementations of creating a view of Active Directory Users allowed access using a linked server or tables that are renewed every night on the database populated from a script using the active directory.
Our main objective overall is to remove the connection string to this specific database from the configuration file as the file exists on each client's machine. With this achieved the only viewable connection will be the active directory connection.
- Access to a particular database based on known groups from the active directory.
- How would I keep the concurrency of this view with the linked active directory server?
Any thoughts, suggestions, or references would be most helpful.
[Edit]
Here is my pseudo attempt implementation steps, if this helps in answering.
- Create a view of Active Directory Users using a linked server of a specific group "FooBarUsers"
- Query the "FooBarUser" view using the current Active Directory User returning a scalar variable as to whether the user exists in the view.
- Within the client side application, if the user exists, the application will continue loading otherwise halt execution/load.