tags:

views:

138

answers:

3
Q: 

Matching DB records to Active Directory entries?

I have been tasked with coming up with a solution where I am not sure if there is a solid answer: How can I match username records from an application's database to users in our Active Directory? I have two applications this needs to be done for - 1st application I only have firstname and lastname information. Second application i have the application's username, which is similar to activeD's but not a definate match. I also have firstname lastname info.

Now, simply put I can just write a script that matches all the records in ActiveD that match the firstname lastname in the application DB, but that is fraught with errors. Having no unique identifier to begin with might make this an impossible task, but before I start to task someone else with manually comparing the data after running the script, I thought I would ask the delightful StackOverflow crew to chew on it. There are always methods I don't think of, after all.

So any brilliant ideas out there to accomplish this task?

Thanks guys

+1  A: 

Once you get them matched up automatically and the exceptions by hand, make a custom attribute in Active directory where you can store the information to keep them matched up in the future.

Cade Roux  2009-06-02 17:07:52
deduping is going to be a manual process and depending on the number of users/ purpose you might want to eyeball everyones record anyway. To make it easier going forward you might create an AD mapper database; and have a lnking table taging records up using the SID code between databases.
u07ch  2009-06-02 17:40:22
A: 

Well, the one thing that will be indeed unique in AD is the sAMAccountName for each user. If you find a way to associate your users in your two databases with a SAM Account Name, you should have no big trouble anymore to do an automatic sync check with AD.

That property is already available in AD, you don't need to add any additional artificial IDs, and it's much easier to read than a GUID.

Marc

marc_s  2009-06-02 19:07:39
A: 

You could store the Active Directory object GUID against the database record.

Moo  2009-06-02 19:13:37
What attribute name is that?
Rowland Shaw  2009-07-06 14:33:34
Actually, just found objectGUID http://msdn.microsoft.com/en-us/library/cc221017.aspx
Rowland Shaw  2009-07-06 14:39:04

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?