tags:

views:

634

answers:

1
Q: 

Active Directory Groups With SQL Server 2005

Alright, so I already have an existing connection to Active Directory on my server. I know that querying active directory works. What I want to be able to do is query for all of the ou's and/or groups in active directory, and also be able to find the users the belong to those groups/ous.

this is the current query that just pulls user information (or part of a stored procedure set up to pull all users):

SELECT
 userAccountControl,
 DisplayName AS [NAME],
 givenName AS FIRSTNAME,
 middleName, 
 sn AS LASTNAME,
 employeeID AS EMPID,
 telephoneNumber AS EXT,
 Title, 
 Department AS DEPT,
 Division,
 sAMAccountName AS UserName,
 mail AS Email,
 homeDirectory AS HomeDir,
 userPrincipalName AS LOGON,
 manager
FROM         OPENQUERY(ADSI, 
       '
 select
  userAccountControl,
  DisplayName,
  givenName,
  middleName,
  sn,
  employeeID,
  telephoneNumber,
  Title,
  Department,
  Division,
  sAMAccountName,
  mail,
  homeDirectory,
  userPrincipalName,
  manager
 from ''LDAP://name''
 where sn > ''a''
 and sn <''h''
 order by DisplayName
 ')
AS derivedtbl_1
+1  A: 

Are you aware of the fact that you cannot query more objects than the AD server is willing to return in one reply?

The ADSI SQL provider does not support paging through the results. The AD server is usually configured to return the first 1000 results only.

If you query for virtually all AD objects at once you are very likely to hit that limit.

Can you clarify what you are trying to achieve?

Tomalak  2009-05-05 15:19:04
"this is the current query that just pulls user information (or part of a stored procedure set up to pull all users):"the sp this is from has 5 insert/select statements that go into a temp table which then is compared to a table on our data warehouse db and updates the table
DForck42  2009-05-05 15:59:27
basically our ad has several different groups, IT, QA, Document Control, etc. I want to be able to see what groups there are in ad and what users belong to which group.
DForck42  2009-05-05 16:00:56
I don't think SQL is quite the right tool for finding out about group memberships or mapping all users in the directory to a table. I'd recommend using a programming layer between AD and database and not using SQL to query the AD. It's possible (and tempting) but may prove more painful than useful down the road.
Tomalak  2009-05-05 16:05:33

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?