patternsqlMinor
ADSI Linked Server: Why can I query AD in VBA, but not as a Linked Server?
Viewed 0 times
whycanquerybutadsivbaserverlinkednot
Problem
After all the reading and research I've done, this seems like the most logical place to post this question:
Why can I query Active Directory using VBA, but not a Linked Server in SQL Management Studio 2012?
First, I have been able to do this before, but many moons ago with SQL Server 2005.
Here is the query I am attempting:
Here is the error I'm getting:
The problem with this error message is that it's very generic and seemingly doesn't yield anything useful. Everything I've read appears to be a permission issue or the syntax of the query, and I assume it's meant in the context to my SQL instance login and how the security is set up in the Linked Server. The VBA code below works and is using a query that's very similar and not even the simplest of queries have worked in the Linked Server. I also have access to the Active Directory I am trying to link to and this is proven by the snippet of VBA code I have at the bottom (only there for reference). Thing is, I believe I have all the right privileges in place to for this to be working.
However, a lot of what's being suggested is on different sites involves doing modifications to the SQL instance that are not readily obvious of what the impacts are long term as this server is still being built. I have temporary elevated privileges to build it out.
Here's the details and para
Why can I query Active Directory using VBA, but not a Linked Server in SQL Management Studio 2012?
First, I have been able to do this before, but many moons ago with SQL Server 2005.
Here is the query I am attempting:
SELECT * FROM OpenQuery(
ADSI,
'SELECT displayName, title, department, employeeID, userAccountControl
FROM ''LDAP://dc=testdomain''
WHERE objectCategory = ''Person'' AND
objectClass = ''user'' AND
userAccountControl=512')Here is the error I'm getting:
Msg 7321, Level 16, State 2, Line 1
An error occured while preparing the query "SELECT displayName, title, department, employeeID, userAccountControl
FROM 'LDAP://dc=testdomain'
WHERE objectCategory = 'Person' AND
objectClass = 'user' AND
userAccountControl=512" for execution against OLE DB provider "ADsDSOObject" for linked server "ADSI".The problem with this error message is that it's very generic and seemingly doesn't yield anything useful. Everything I've read appears to be a permission issue or the syntax of the query, and I assume it's meant in the context to my SQL instance login and how the security is set up in the Linked Server. The VBA code below works and is using a query that's very similar and not even the simplest of queries have worked in the Linked Server. I also have access to the Active Directory I am trying to link to and this is proven by the snippet of VBA code I have at the bottom (only there for reference). Thing is, I believe I have all the right privileges in place to for this to be working.
However, a lot of what's being suggested is on different sites involves doing modifications to the SQL instance that are not readily obvious of what the impacts are long term as this server is still being built. I have temporary elevated privileges to build it out.
Here's the details and para
Solution
You should be able to query Active Directory without the need for a linked server. In my experience, having the
I'm able to successfully run your query against our Active Directory infrastructure from SQL Server 2012 using this:
The
For instance if your domain name was microsoft.com, you'd use:
Notice, in this instance, there are only two components. If your domain name was simply "cancorso", you'd use:
Hopefully this helps.
LDAP:// string precisely correct is key.I'm able to successfully run your query against our Active Directory infrastructure from SQL Server 2012 using this:
SELECT * FROM OPENROWSET
(
'ADSDSOObject'
, 'adsdatasource'
, 'SELECT displayName, title, department, employeeID, userAccountControl
FROM ''LDAP://DC=some,DC=name,DC=here''
WHERE objectCategory = ''Person''
AND objectClass = ''user''
AND userAccountControl=512'
);The
DC=some,DC=name,DC=here obviously needs to be modified to suit the actual domain name in use.For instance if your domain name was microsoft.com, you'd use:
DC=microsoft,DC=comNotice, in this instance, there are only two components. If your domain name was simply "cancorso", you'd use:
DC=cancorsoHopefully this helps.
Code Snippets
SELECT * FROM OPENROWSET
(
'ADSDSOObject'
, 'adsdatasource'
, 'SELECT displayName, title, department, employeeID, userAccountControl
FROM ''LDAP://DC=some,DC=name,DC=here''
WHERE objectCategory = ''Person''
AND objectClass = ''user''
AND userAccountControl=512'
);DC=microsoft,DC=comDC=cancorsoContext
StackExchange Database Administrators Q#94389, answer score: 3
Revisions (0)
No revisions yet.