Home Forums Article Discussions Article Discussions by Author Discuss Content Posted by Brandie Tarvin Working Your SOX Off RE: Working Your SOX Off

  • October 3, 2007 at 7:23 am

    #738598

    actually auditors ask for the content of domain groups in sql for financial databases. keep it in mind and make yourself nice useful script that will pull groups you have in AD. fed it something like so if your domain is for example yourdc1.yourdc2.yourdc3.com

    "SELECT * FROM 'LDAP://dc=yourdc1,dc=yourdc2,dc=yourdc3,dc=Com' WHERE objectCategory='group'"

    "SELECT * FROM 'LDAP://dc=yourdc1,dc=yourdc2,dc=yourdc3,dc=Com' WHERE objectCategory='user'"

    pulling AD from sql itself is not exactly a good business and not applicable fr all the systems. I do not like exposing sql in AD at all for security reasons.

    dump the output into the format you happen to like and load into your administrative database and merge that content with the security extracts from production system catalogs (ssis/dts, c# whatever you like to use)

    you may find many interesting things.

    and you may also consider sql server lockdown project according to what do you find (buildin admins for example bring plenty users that you may not really like in there... etc.)