Presented by Zap Riecken Using SQL Server to Query Active Directory Wednesday March 18, 2015 Olympia, WA.

Slides:



Advertisements
Similar presentations
Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.
Advertisements

LIS651 lecture 3 taming PHP Thomas Krichel
Eric J. Oszakiewski MCTS: SharePoint Application Development SharePoint Configuration.
CC SQL Utilities.
© 2012 Entrinsik, Inc. Informer Administration Exploring the system menu and functions PRESENTER: Jason Vorenkamp| Informer Software Engineer| March 2012.
Keys, Referential Integrity and PHP One to Many on the Web.
How Did I Steal Your Database Mostafa
Let’s try Oracle. Accessing Oracle The Oracle system, like the SQL Server system, is client / server. For SQL Server, –the client is the Query Analyser.
Querying Active Directory From SSRS
DAT702.  Standard Query Language  Ability to access and manipulate databases ◦ Retrieve data ◦ Insert, delete, update records ◦ Create and set permissions.
ManageEngine ADAudit Plus A detailed walkthrough.
Database Systems Lecture 5 Natasha Alechina
Security and Integrity
1 CS428 Web Engineering Lecture 23 MySQL Basics (PHP - VI)
Administration of Users Dr. Gabriel. 2 Documentation of User Administration Part of the administration process Reasons to document: –Provide a paper trail.
Today’s Agenda Chapter 12 Admin Tasks Chapter 13 Automating Admin Tasks.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
MySql In Action Step by step method to create your own database.
CHAPTER 9 DATABASE MANAGEMENT © Prepared By: Razif Razali.
A Guide to SQL, Eighth Edition Chapter Three Creating Tables.
Module 3: Changes to Transact-SQL. Overview Accessing Object Information New Transact-SQL Syntax Changes to Objects Distributed Queries.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
INTERNET APPLICATION DEVELOPMENT For More visit:
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
ADM 493 Digging Deep into the Active Directory with LDP John Craddock Principal Consultant Sally Storey Consultant.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.
© 2003 By Default! A Free sample background from Slide 1 Week 2  Free PHP Hosting Setup  PHP Backend  Backend Security 
PHP meets MySQL.
Chapter 7 Working with Databases and MySQL PHP Programming with MySQL 2 nd Edition.
CS 3630 Database Design and Implementation. Your Oracle Account UserName is the same as your UWP username Followed Not case sensitive Initial.
1 SQL Server 2000 Administration Kashef Mughal MSB.
1 Working with MS SQL Server Textbook Chapter 14.
Introduction to MySQL Lab no. 10 Advance Database Management System.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
CSC 2720 Building Web Applications Database and SQL.
Module 11: Programming Across Multiple Servers. Overview Introducing Distributed Queries Setting Up a Linked Server Environment Working with Linked Servers.
1 Structured Query Language (SQL). 2 Contents SQL – I SQL – II SQL – III SQL – IV.
Stored Procedure. Objective At the end of the session you will be able to know :  What are Stored Procedures?  Create a Stored Procedure  Execute a.
Module 4: Managing Recipients. Overview Introduction to Exchange Recipients Creating, Deleting, and Modifying Users and Contacts Managing Mailboxes Managing.
What’s a database? Data stored in a structured format that lends itself to easy manipulation and recall.
Visual Programing SQL Overview Section 1.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
© Copyright by Deitel & Associates, Inc. and Pearson Education Inc. All Rights Reserved. 1 Outline 25.1 Test-Driving the ATM Application 25.2.
Creating a simple database This shows you how to set up a database using PHPMyAdmin (installed with WAMP)
Task #1 Create a relational database on computers in computer classroom 308, using MySQL server and any client. Create the same database, using MS Access.
Chapter 8 Manipulating MySQL Databases with PHP PHP Programming with MySQL 2 nd Edition.
>> Introduction to MySQL. Introduction Structured Query Language (SQL) – Standard Database Language – Manage Data in a DBMS (Database Management System)
1 Working with MS SQL Server Beginning ASP.NET in C# and VB Chapter 12.
Module 8: Using Programming Objects for Data Retrieval.
MySQL Tutorial. Databases A database is a container that groups together a series of tables within a single structure Each database can contain 1 or more.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
19 Copyright © 2008, Oracle. All rights reserved. Security.
3 A Guide to MySQL.
Project Management: Messages
Unix System Administration
Cisco Data Virtualization
Introduction to SQL Server 2000 Security
OER- UNIT 3 Authorization
ORACLE SQL Developer & SQLPLUS Statements
ISC440: Web Programming 2 Server-side Scripting PHP 3
Chapter 8 Working with Databases and MySQL
PHPMyAdmin.
SQL Server 2000: Integration with AD and E2K
Querying Active Directory From SSRS
PHP and MySQL.
Data Definition Language
SQL NOT NULL Constraint
Developing with uConnect
Presentation transcript:

Presented by Zap Riecken Using SQL Server to Query Active Directory Wednesday March 18, 2015 Olympia, WA

Zap Riecken What’s in a name…

Zap Riecken Who is this…

Lesson 1: I am not the smartest man in the room Agenda Lesson 2: How to setup a connection from SQL to Active Directory Lesson 3: Now to get data out Lesson 4: What data is available

Lesson 1: Still not the smartest man in the room

Pre-requisites Lesson 2: Setup a connection from SQL to AD Service Account/User with read access rights to Active Directory (AD) The ability to connect from your SQL server to your AD boxes Directory System Agent by default TCP is port 389 Global Catalog is available by default on port 3268 Sufficient privileges in SQL to create a linked server

What is LDAP Lesson 2: Setup a connection from SQL to AD Lightweight Directory Access Protocol Designed specifically to provide a hierarchical set of records Precursor designed by International Telecommunication Union X.500 turned into LDAP in order to support TCI/IP It really is a database

Creating the linked server Lesson 2: Setup a connection from SQL to AD Via TSQL script: --Create a Linked Server EXEC = = N'Active Directory Service = = N'adsdatasource' --Create a security context EXEC = = = = N' \ = ' '

Creating the linked server Lesson 2: Setup a connection from SQL to AD Via SQL GUI:

OpenRowset Lesson 3: Now to get data out Requires allowing Ad Hoc Distributed Queries The connection string is passed as clear text, including username and password Limited functionality compared to OpenQuery BUT you don’t need a linked server

OpenQuery Lesson 3: Now to get data out Using LDAP Dialect: SELECT SAMAccountName, givenName, sn FROM OPENQUERY(ADSI, ' ; (&(objectCategory=Person)); SAMAccountName,givenName, sn; subtree') This is your LDAP connection string This is your filter criteria These are the columns you want returned This is your linked server name This defines the scope of your returned results

OpenQuery Lesson 3: Now to get data out Using SQL: This is your LDAP connection string These are the columns you want returned This is your linked server name This is your filter criteria Msg 7321, Level 16, State 2, Line 1 An error occurred while preparing the query SELECT SAMAccountName, givenName, Sn FROM OPENQUERY(ADSI, 'SELECT SAMAccountName,givenName,sn FROM ''LDAP://OU=,OU=,DC=,DC= '' WHERE objectCategory = ''Person'' ')

OpenQuery Lesson 3: Now to get data out LDAP Connection String: LDAP://OU=Users, DC=domain, DC=int

OpenQuery Lesson 3: Now to get data out SELECT SAMAccountName, givenName, Sn FROM OPENQUERY(ADSI, 'SELECT SAMAccountName,givenName,sn FROM ''LDAP://OU=Users,DC=domain,DC=int'' WHERE objectCategory = ''Person'' ') NEW LDAP Connection String: Msg 7330, Level 16, State 2, Line 1 Cannot fetch a row from OLE DB provider "ADSDSOObject" for linked server “ADSI".

OpenQuery Lesson 3: Now to get data out Limitations on OpenQuery: Active Directory is configured by default to have a MaxPageSize of 1000 records. In SQL you get 1000 rows and in SQL you get 901 rows before it breaks. Go to AD Admin and have them increase the value for MaxPageSize. Fix it YOURSELF! I went back and modified my query to paginate based on easy variables – like the first alpha character from the users’ name.

OpenQuery Lesson 3: Now to get data out Paginated Query: IF OBJECT_ID('tempdb.dbo.#tmpADUsers') IS NOT NULL DROP TABLE #tmpADUsers CREATE TABLE #tmpADUsers ( SAMAccountName VARCHAR(255) NULL, givenName VARCHAR(255) NULL, sn VARCHAR(255) NULL ) GO VARCHAR(255) SMALLINT CHAR(1) = 65 < 91 BEGIN = EXEC OUTPUT, 'SELECT SAMAccountName,givenName,sn FROM OPENQUERY( ADSI, ''SELECT SAMAccountName,givenName,sn FROM ''''LDAP://OU=Users,DC=domain,DC=int'' ''WHERE objectCategory = ''''Person'''' AND SAMAccountName = ''''%s*'''''' INSERT #tmpADUsers EXEC + 1 END SELECT * FROM #tmpADUsers DROP TABLE #tmpADUsers

OpenQuery Lesson 3: Now to get data out NEW Paginated Query: --First we build the Query VARCHAR(MAX) = ' SELECT * FROM OPENQUERY(ADSI, '' SELECT samAccountName, telephoneNumber, mail, givenName, sn, displayName FROM ''''LDAP://OU=Users,OU=WSECU,DC=wsecu,DC=int'''‘ WHERE objectCategory = ''''Person'''' AND samAccountName =

OpenQuery Lesson 3: Now to get data out NEW Paginated Query – Part 2: --Now lets make SQL do the heavy lifting VARCHAR(MAX) = 'CREATE VIEW [ADView] AS '; INT = ASCII('A'); INT = ASCII('Z'); BEGIN '*'); + ' UNION ALL '; + 1; END

OpenQuery Lesson 3: Now to get data out NEW Paginated Query – Part 3: --Check to see if the view is already there IF OBJECT_ID('[ADView]') IS NOT NULL DROP VIEW [ADView] --Create the view EXEC --View the data SELECT * FROM [ADview] WHERE samAccountName = 'zapr'

User Attributes Lesson 4: What data is available

User Attributes Lesson 4: What data is available With 200+ columns to choose from this little data connection is a lot bigger on the inside than we can see from here. Inside Active Directory A book by Sakari Kouti and Mika Seitsonen Reference tables for user class attributes Note: this was last updated in 2001

Useful fields Lesson 4: What data is available Unique ID SID vs GUID SID is specific and unique to the user where they are in AD GUID is specific unique to the user regardless of where they are A SID will change if the user is moved (domain to domain – not OU) GUID will remain with the user forever objectSidobjectGUIDSAMAccountNamegivenNamesn 0x D1157B402BA43CC xFDAFA43805E1C14E89B1FFC32D32DCE2ZapRZapRiecken

Useful fields Lesson 4: What data is available Account Disabled userAccountControl x1Reserved, the value must always be UF_ACCOUNT_DISABLE x004Reserved, the value must always be UF_HOMEDIR_REQUIRED UF_LOCKOUT UF_PASSWD_NOTREQD UF_PASSWD_CANT_CHANGE UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED x Reserved, the value must always be UF_NORMAL_ACCOUNT

Gotchas Lesson 4: What data is available Remember users can be stored in different OUs Cannot query for multi-valued attributes like Member Of LDAP is case-sensitive AD also has a MaxResultSize value set to 256KB (approx. 262,144 characters)

For attending this session on Using SQL Server to Query Active Directory Thank you Contact me: – board gaming tweets – SQL tweets Questions?

Querying Active Directory through SQL Server Using OpenRowset and OpenQuery by Nicki Kowalchuk OpenRowset-and-OpenQuery.aspx OpenRowset-and-OpenQuery.aspx SQL SERVER – Use of xp_sprintf – System Stored Procedure by Ayyappan Thangaraj Querying Active Directory on SQL Server using T-SQL by Pavel Pawlowski Attributes for AD Users: userAccountControl by Philipp Foeckeler Additional Resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.