SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Active Directory


Active Directory

Author
Message
JKSQL
JKSQL
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1888 Visits: 702
In our application we are adding active directory groups to our security groups. What is the best way to store an active directory group name? Do we store it like Domain\PowerUser or should it be some sort of guid.

What is the fastest for the application to find in MS architecture and if it is a guid what is the data type in SQL?
GSquared
GSquared
SSC Guru
SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)

Group: General Forum Members
Points: 58021 Visits: 9730
I guess I don't understand your question. If you're creating AD groups, wouldn't you store those in the Active Directory? That's not in SQL.

If you need to pull data about them into SQL, there are queries that can do that, but that doesn't store any data in SQL either, it just queries the Active Directory for data.

Can you clarify what you're doing?

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
JKSQL
JKSQL
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1888 Visits: 702
Sure...
the application they are writing has roles within the application itself...A decision made way above me.
These roles can be associated to users of the application
These roles can be associated to Groups of the application
These roles can be associated to Active Directory groups from MS.

We need to know who is in the active directory group. When a user logs in we first look for the user in users table. Then we look at the AD groups and go to MS to authenticate. We need to store the AD group name or guid so we can look it up later.

So when they use the 3rd option how do I store the active directory name?
GSquared
GSquared
SSC Guru
SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)

Group: General Forum Members
Points: 58021 Visits: 9730
You should be able to query AD data at runtime, instead of trying to keep it in SQL tables. That way, you don't have to worry about the data getting out of synch or anything like that. You can set up a linked server to the AD server, and query that.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
JKSQL
JKSQL
SSCommitted
SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)SSCommitted (1.9K reputation)

Group: General Forum Members
Points: 1888 Visits: 702
you are not following what I am looking for. this is not a server that will be controlled by me. This is an application that has an AD groups table. The admin of the app can create groups and put AD groups into the App group. ie

SuperAppGroup
Domain\SillyEndUsers
Domain\SkilledEndUsers

The Domain\SillyEndUsers is what I do not know how to store. I have to store that no matter what for when they log into the app. AD I think stores a guid for the name. So I think I should use that incase the name ever changes. Will the SQL datatype uniqueidentifier work for that?
Here is a link that says they are stored as guids.
website
http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/ActiveDirectory/ActiveDirectoryNamingStandard.html
GSquared
GSquared
SSC Guru
SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)SSC Guru (58K reputation)

Group: General Forum Members
Points: 58021 Visits: 9730
UniqueIdentifier will work for that. Those are GUIDs.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search