I am trying to get members of an Active Directory group by querying the AD server from Transact-SQL (SQL Server 2005). Although there does not seem to be any written list of LDAP attributes that can be queried in AD (or I am not finding it), I have gotten this far:
SELECT * FROM
OPENQUERY( MYSERVER,
'SELECT cn, msExchHomeServerName, userPrincipalName FROM ''LDAP://CN=Users,DC=MYSERVER,DC=COM'' WHERE userPrincipalName=''*'' ')
This gives me a user list. But I can't find the syntax or attribute name(s) to query in order to get the membership of a specific group - for example, the group "SQL_Developers".
Anybody out there familiar enough with LDAP, AD and OPENQUERY() to give me a hand?
Thanks....
Tom
SELECT Member FROM 'LDAP://CN=SqlDevelopers,OU=Container,DC=Myserver,DC=com'
returns an array.. use the distinguished name to reference your particular group.
|||Can't get that syntax to work - sorry. Not sure if it's a security problem (maybe) or if our servers are set up in a nonstandard way (possible) or if I'm just doing something wrong (likely). Can you elaborate a little bit more on your suggestion?
No comments:
Post a Comment