August 4, 2009 at 1:25 am
I have an application which will use Windows Authentication to control access to various objects in the database. A number of Active Directory groups will be created, one per role in the database, and the sysadmins will add new users to these AD groups as necessary.
Within the application we would like to be able to enumerate all the members of these groups. The app has an Access front-end (unfortunately) but has a SQL Server 2005 back-end.
I have tried using xp_logininfo but unfortunately it doesn't handle nesting well. For example, if we have Group A and Group B, and these groups belong to Group C, if I run xp_logininfo 'Group C', 'members' it does not return Group A and Group B. If I run xp_logininfo 'Group C', 'all' it returns 'Group C'.
Does anyone know of a way I can do this?
August 5, 2009 at 8:09 am
I have a script I was working with a while back that loads tables of user, groups and group membership from active directory using ADSI via a linked server. You should be able to use this a reference to get the info you need in real time instead of loading a table. There is an issue that you can only retrieve 1000 rows at a time. script is in attachment.
August 5, 2009 at 9:10 pm
Hi Bob,
We came up with another way of doing this, calling the IS_MEMBER function with EXECUTE AS each domain username. I think your solution would be more flexible though so I will have a peruse.
Thanks heaps for your assistance!
Jenny
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply