SQL Server Active Directory Helper Service

  • Jon80

    SSCrazy

    Points: 2598

    I tried to start SQL Server Active Directory Helper on

    - A Win 2003 Server that is a Primary Domain Controller (Virtual Machine)

    - A Win XP SP2 (virtual) machine that is joined to the active directory.

    An error was displayed referring to the following 'service-specific error code': -1073741724.

    Any idea what this means?

  • arun-974433

    SSC Journeyman

    Points: 75

    Even I am having the same problem.

  • mayurambokar

    SSC Enthusiast

    Points: 196

    i m also having a same problem

    what is the solution

  • Andrew Hatfield

    SSCrazy

    Points: 2241

    The Active Directory Helper won't start manually. By default the service is Disabled. The SQL Server Database Engine handles the use of this service.

    It publishes SQL Server information in Active Directory. If you don't need to publish SQL Server information in your Active Directory domain, then set the service to Disabled. If you do, set it to Manual and let SQL Server manage it.

    The SQL Server installation sets the user account to NT AUTHORITY\NETWORK SERVICE. This will pass the computer name as the credential to Active Directory. Another often used user account is NT AUTHORITY\LOCAL SYSTEM. Following the principal of least privilege, it is best to create a new service account dedicated to the Active Directory Helper service. Domain Users is the only group membership it needs. If you use Group Policy to configure the Log On As A Service privilege then you will need to add this service account to your GPO. If this doesn't apply, then simply setting the user in Services will grant the privilege on your behalf.

    --
    Andrew Hatfield

  • sgmunson

    SSC Guru

    Points: 110418

    Andrew,

    Can you explain what reasons would be good reasons to choose to publish SQL Server info to AD? I'm relatively new to the administrative pieces of SQL Server, and would like some background on this topic ... It also would be useful for me to know how the answer to the above question applies in a home network scenario, and specifically where one has a website that has financial data on said SQL Server, where I'd be restricting access to specific authenticated users. Could such publication be more of a risk than a helpful thing?

    Steve

    (aka smunson)

    :):):)

    Steve
    ‌(aka sgmunson)
    ‌:) 🙂 🙂
    Health & Nutrition

  • Jon80

    SSCrazy

    Points: 2598

    smunson (1/9/2009)


    Andrew,

    Can you explain what reasons would be good reasons to choose to publish SQL Server info to AD? I'm relatively new to the administrative pieces of SQL Server, and would like some background on this topic ... It also would be useful for me to know how the answer to the above question applies in a home network scenario, and specifically where one has a website that has financial data on said SQL Server, where I'd be restricting access to specific authenticated users. Could such publication be more of a risk than a helpful thing?

    Steve

    (aka smunson)

    :):):)

    I see your point, perhaps a useful scenario (lacking background knowledge on SQL Server) would be that I might need to retrieve personal information of employees into the Active Directory Domain, using procedural scripts. Assuming this can be done it would be helpful in this case.

  • Andrew Hatfield

    SSCrazy

    Points: 2241

    Publishing SQL Server information to Active Directory is only of any use if you have client applications that query Active Directory for such information.

    When you publish SQL Server to AD, it publishes the SQL Instance and databases. One way that I could see this being useful is that you wouldn't need to configure your application connection settings. It can query LDAP://RootDSE to get your local domain information and then ask AD to give it a list of SQL Instances and databases.

    I haven't yet seen an application that takes advantage of this feature. I would imagine that SQL Server creates an Application Partition within your Active Directory schema similar to DNS.

    There is some further information here

    http://www.sqlmag.com/Article/ArticleID/41841/41841.html

    http://msdn.microsoft.com/en-us/library/aa174517(SQL.80).aspx

    --
    Andrew Hatfield

  • Andrew Hatfield

    SSCrazy

    Points: 2241

    smunson (1/9/2009)


    It also would be useful for me to know how the answer to the above question applies in a home network scenario, and specifically where one has a website that has financial data on said SQL Server, where I'd be restricting access to specific authenticated users. Could such publication be more of a risk than a helpful thing?

    Steve

    (aka smunson)

    :):):)

    I can't see that it would add any value in your situation. Horse for courses though

    --
    Andrew Hatfield

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply