Hello!
I thinking of creating a SQL Server clr function that works like this.
Input paremeter: A Windows group, e.g. Domain1\Group1
Resultset: A list of all accounts that directely or indirectely belongs to
that Windows group.
e.g.
Domain1\Account1
Domain1\Account2
Domain1\Account3
The idea is to use this together with the security catalog views to get a
list of accounts that is for example sysadmins.
Could it be that a function like this exist in SQL Server?
I also thought about what AD permisssions that would be needed?
Best regards
Ola HallengrenHi
You can create an ADSI linked server and query the active directory, but
recursing through the groups not always that easy. There is a script to list
all group members on http://www.rlmueller.net/freecode3.htm
John
"Ola Hallengren" wrote:
> Hello!
> I thinking of creating a SQL Server clr function that works like this.
> Input paremeter: A Windows group, e.g. Domain1\Group1
> Resultset: A list of all accounts that directely or indirectely belongs to
> that Windows group.
> e.g.
> Domain1\Account1
> Domain1\Account2
> Domain1\Account3
> The idea is to use this together with the security catalog views to get a
> list of accounts that is for example sysadmins.
> Could it be that a function like this exist in SQL Server?
> I also thought about what AD permisssions that would be needed?
> Best regards
> Ola Hallengren|||Thanks, John. As I understand it I have about these options.
1. Create an ADSI linked server and query against that with TSQL. This can
be packaged into a SQL Server function.
2. Use the VBScript at http://www.rlmueller.net/freecode3.htm from
xp_cmdshell. This can be packaged into a stored procedure.
3. Create some CLR code with the same logic as in the VBScript and use that
assambly in a SQL Server function.
Is this right?
/Ola
"John Bell" wrote:
> Hi
> You can create an ADSI linked server and query the active directory, but
> recursing through the groups not always that easy. There is a script to list
> all group members on http://www.rlmueller.net/freecode3.htm
> John
> "Ola Hallengren" wrote:
> > Hello!
> >
> > I thinking of creating a SQL Server clr function that works like this.
> >
> > Input paremeter: A Windows group, e.g. Domain1\Group1
> >
> > Resultset: A list of all accounts that directely or indirectely belongs to
> > that Windows group.
> >
> > e.g.
> > Domain1\Account1
> > Domain1\Account2
> > Domain1\Account3
> >
> > The idea is to use this together with the security catalog views to get a
> > list of accounts that is for example sysadmins.
> >
> > Could it be that a function like this exist in SQL Server?
> >
> > I also thought about what AD permisssions that would be needed?
> >
> > Best regards
> >
> > Ola Hallengren|||I think so, I would opt for either 2 or 3 but have never tried 3!.
John
"Ola Hallengren" <OlaHallengren@.discussions.microsoft.com> wrote in message
news:05FC89C1-3816-41B9-9123-5D9E4FFBEFC0@.microsoft.com...
> Thanks, John. As I understand it I have about these options.
> 1. Create an ADSI linked server and query against that with TSQL. This can
> be packaged into a SQL Server function.
> 2. Use the VBScript at http://www.rlmueller.net/freecode3.htm from
> xp_cmdshell. This can be packaged into a stored procedure.
> 3. Create some CLR code with the same logic as in the VBScript and use
> that
> assambly in a SQL Server function.
> Is this right?
> /Ola
>
> "John Bell" wrote:
>> Hi
>> You can create an ADSI linked server and query the active directory, but
>> recursing through the groups not always that easy. There is a script to
>> list
>> all group members on http://www.rlmueller.net/freecode3.htm
>> John
>> "Ola Hallengren" wrote:
>> > Hello!
>> >
>> > I thinking of creating a SQL Server clr function that works like this.
>> >
>> > Input paremeter: A Windows group, e.g. Domain1\Group1
>> >
>> > Resultset: A list of all accounts that directely or indirectely belongs
>> > to
>> > that Windows group.
>> >
>> > e.g.
>> > Domain1\Account1
>> > Domain1\Account2
>> > Domain1\Account3
>> >
>> > The idea is to use this together with the security catalog views to get
>> > a
>> > list of accounts that is for example sysadmins.
>> >
>> > Could it be that a function like this exist in SQL Server?
>> >
>> > I also thought about what AD permisssions that would be needed?
>> >
>> > Best regards
>> >
>> > Ola Hallengren
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment