sqlsurfer101 (8/19/2013)
"I'm using xp_logininfo to find which domain group a user belongs to, and manipulate some controls in the application based on the results." - Why are you using SQL for this since you are going to manipulate the application controls?
Well, because it seemed the most sensible way to do it. All the schemas, roles, logins and permissions are in the database - isn't it reasonable for the app to query the database about such matters? I could do something in the application, in fact, I did have it that way originally, but it seems back-asswards to me. The database should be telling the app what is permitted, not the app deciding for itself.
Well, I was trying to say that xp_logininfo for me hasn't been accurate in the sense that it returns which group the user is in, but, the user can be in another group connecting to the same instance of SQL which you might miss.
The documentation states that it should return all groups of which the user is a member, up to some astronomical limit that I will never approach. Are you telling me that this SP has known incorrect behavior? I found no mention of this while researching how to use it.
And my issue isn't that it reports some other group than the one that might interest me, but that it claims the user doesn't exist at all.
I think there are certain AD commands. I normally use a AD lookup tool, check for the user, the groups they belong to. You could then look if those groups exist in SQL depending on how many groups you may need to look at.
There are, you can even hook into the domain controller as a linked server in SQL Server, but I think you have to have domain admin privileges to use it. At least, when I tried it, I could link to the controller with no problem, but I was unable to execute any queries against it.
What is this AD lookup tool you mention? Is it accessible from SQL Server?