Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Active Directory Expand / Collapse
Author
Message
Posted Friday, April 17, 2009 2:30 PM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, August 20, 2014 8:05 AM
Points: 421, Visits: 607
In our application we are adding active directory groups to our security groups. What is the best way to store an active directory group name? Do we store it like Domain\PowerUser or should it be some sort of guid.

What is the fastest for the application to find in MS architecture and if it is a guid what is the data type in SQL?
Post #699775
Posted Friday, April 17, 2009 3:00 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 13,872, Visits: 9,596
I guess I don't understand your question. If you're creating AD groups, wouldn't you store those in the Active Directory? That's not in SQL.

If you need to pull data about them into SQL, there are queries that can do that, but that doesn't store any data in SQL either, it just queries the Active Directory for data.

Can you clarify what you're doing?


- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #699802
Posted Friday, April 17, 2009 3:09 PM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, August 20, 2014 8:05 AM
Points: 421, Visits: 607
Sure...
the application they are writing has roles within the application itself...A decision made way above me.
These roles can be associated to users of the application
These roles can be associated to Groups of the application
These roles can be associated to Active Directory groups from MS.

We need to know who is in the active directory group. When a user logs in we first look for the user in users table. Then we look at the AD groups and go to MS to authenticate. We need to store the AD group name or guid so we can look it up later.

So when they use the 3rd option how do I store the active directory name?
Post #699811
Posted Monday, April 20, 2009 8:17 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 13,872, Visits: 9,596
You should be able to query AD data at runtime, instead of trying to keep it in SQL tables. That way, you don't have to worry about the data getting out of synch or anything like that. You can set up a linked server to the AD server, and query that.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #700646
Posted Monday, April 20, 2009 8:44 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Wednesday, August 20, 2014 8:05 AM
Points: 421, Visits: 607
you are not following what I am looking for. this is not a server that will be controlled by me. This is an application that has an AD groups table. The admin of the app can create groups and put AD groups into the App group. ie

SuperAppGroup
Domain\SillyEndUsers
Domain\SkilledEndUsers

The Domain\SillyEndUsers is what I do not know how to store. I have to store that no matter what for when they log into the app. AD I think stores a guid for the name. So I think I should use that incase the name ever changes. Will the SQL datatype uniqueidentifier work for that?
Here is a link that says they are stored as guids.
website
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/ActiveDirectory/ActiveDirectoryNamingStandard.html
Post #700679
Posted Monday, April 20, 2009 12:57 PM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 13,872, Visits: 9,596
UniqueIdentifier will work for that. Those are GUIDs.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #700914
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse