Display Data In Reports Based On Active Directory Group Membership...
Aug 9, 2007
Hello,
I am fairly new to SQL 2005 and Reporting Services.
We are trying to create a report that will display sales data based on group membership from Active Directory.
For example, if USER1 logs in and looks at a Year to Date Sales report, it will only show data that pertains to his group. If USER2 logs in and accesses the same report, it will display different Year to Date information because he is in a different group.
Background Information: We are running SQL 2005 Enterprise Edition Service Pack 2 with Analysis and Reporting Services. We are delivering the reports through a Sharepoint site.
Please let me know if anyone has a good way to tackle this.
For code reuse, I am trying to get a table valued function to return users of a given AD group name. I can easily get this with hard-coding the group name. But because OpenQuery wont accept parameters, I can't insert my group name there. And because functions can't call dynamic SQL, I can't do it via dynamic sql. I have seen people do it with CLR, but I rather not go that route. I can use a stored procedure + cursor and iterate through each group and store the results into real tables and create a cache, but I rather query Active Directory itself to save space, but I rather do the caching then the CLR. Any approach I am missing on how to do this?
The following works fine:
SELECT DISTINCT sAMAccountName FROM OPENQUERY(ADSI, 'SELECT sAMAccountName, sn FROM ''LDAP://OU=SomeOU,OU=SomeOtherOU,DC=SomeDC,DC=SomeOtherDC'' WHERE objectCategory=''Person'' AND objectClass=''USER'' AND memberOf=''CN=SomeGroupName,OU=SomeOU,OU=SomeOtherOU,DC=SomeDC,DC=SomeOtherDC''') a WHERE sn IS NOT NULL
The following gives me the error:
Invalid use of a side-effecting operator 'EXECUTE STRING' within a function. CREATE FUNCTION [dbo].queryADGroupMembers ( @group nvarchar(255) ) RETURNS @rtnTable TABLE
I'm not sure this is an actual reporting services question but has someone else created reports for active directory in Reporting Services
I want to create a report with users and their respective manager. I have this working in reporting services but I just want the manager name how could I strip out all the other information in the manager field??
SELECT personalTitle, manager, name, employeeid, distinguishedName FROM 'LDAP://dc=xxx,dc=xxx,dc=xxxt' WHERE objectClass = 'user' AND objectCategory = 'Person' ORDER BY name
I get this as the manager name, I just want his name
I have a reporting scenario, where the reports are fetched from Analysis Services. The reports should display data only spcecific to that user. All users except those in admin roles should be validated using the Windows Authentication ID and data specific to them has to be displayed.
Any pointers/suggestions on how to implement this in Reporting services/ Analysis Services 2005 would be highly appreciated
Is there a way that we can tell what active directory group the person belongs to that is running the report? I know that you can detect a user id, but I need to access the Active Directory Group that they belong to.
Is it possible to check for Active Directory group.. ie see if the user running the Stored Proc, is in a specific Active Directory Group? Or if I set up Login's using Active Directory, can I get the Login that way... or will it give me the user's account?
My question is I have a SQL Server running on Web Server which is a member of a 2000 Active Directory, I only grant access to the database via Global Groups from the Active Directory. When I log onto the database via Windows Authentication the actual user shows up in the master.dbo.sysprocesses table, I can tell what database that process is going to but not how that user is being translated to the Global Group that was actually given access. I need the actual database user name which is the Global Group name that had permissions granted via user defined database roles so that I can do some pre-processing in an ASP.NET application so that I know what parts of a form are updatable or not.
We are using Windows authenication within our system, and I was wondering how it would be possible to determine if the user conected to the SQL SERVER instance was a member of a particular active directory security group?
I look for and try to get data from Active Directory to MSSQL Server, but have same error:
Msg 7321, Level 16, State 2, Line 1 An error occurred while preparing the query "SELECT name FROM 'LDAP://office.experter.group' WHERE objectCategory = 'Person' AND objectClass = 'user'" for execution against OLE DB provider "ADsDSOObject" for linked server "ADSI".
for the code:
select * from openquery ( ADSI,'SELECT name FROM ''LDAP://office.experter.group'' WHERE objectCategory = ''Person'' AND objectClass = ''user''' )
Hi, Active Directory stores Information regarding Users, Groups & Policies etc. Is it possible to export Complete User Information from active directory to text file? If yes, please provide the steps. Thanking you.
Has anyone used this successfully from an OLEDB source component, or even from the Execute SQL Task? I've seen some examples of using a script component, but nothing that uses it through a connection manager.
I have an SSRS 2012 table report with groups; each group is broken ie. one group for one page, and there are multiple groups in multiple pages.
'GroupName' column has multiple values - X,Y,Z,......
I need to group 'GroupName' with X,Y,Z,..... ie value X in page 1,value Y in page 2, value Z in page 3...
Now, I need to display another column (ABC) in this table report (outside the group column 'GroupName'); this outside column itself is another column header (not a group header) in the table (report) and it derives its name partly from the 'GroupName' values:
Example:
Value X for GroupName in page 1 will mean, in page 1, column Name of ABC column must be ABC-X Value Y for GroupName in page 2 will mean, in page 2, column Name of ABC column must be ABC-Y Value Z for GroupName in page 3 will mean, in page 3, column Name of ABC column must be ABC-Z
ie the column name of ABC (Clm ABC) must be dynamic as per the GroupName values (X,Y,Z....)
Page1:
GroupName Clm ABC-X
X
Page2:
GroupName Clm ABC-Y
Y
Page3:
GroupName Clm ABC-Z
Z
I have been able to use First(ReportItems!GroupName.Value) in the Page Header to get GroupNames displayed in each page; I get X in page 1, Y in page 2, Z in page 3.....
However, when I use ReportItems (that refers to a group name) in the Report Body outside the group,
I get the following error:
Report item expressions can only refer to other report items within the same grouping scope or a containing grouping scope
I need to get the X, Y, Z ... in each page for the column ABC.
I have been able to use this - First(Fields!GroupName.Value); however, I get ABC-X, ABC-X, ABC-X in each of the pages for the ABC column, instead of ABC-X in page 1, ABC-Y in page 2, ABC-Z in page 3, ...
I have recently upgraded my the server that runs SQL Server to an Active Directory Domain Controler. Now I can't connect to the SQL Server from ASP.NET Applications when the application is not located on the local machine. The error message I get is SQL Server does not exist or access is denied. I have no problems connecting with QueryAnalyer and Enterprise Manager from my workstation. I have added the Sql Server to the directory via the "Active Directory"-tab in the Property window for my Sql Server Registration i Enterprise Manager. If I copy a directory from the wwwroot on my workstation to the server the application has no problem to connect so the connectionstring seams to work fine.
we have recently completed an upgrade to 2000 server and now have AD on our network.
How do i go about querying this from any of my SQL 2000 servers?
I have found a few websites that mention adding a linked server. I have never done this and am not sure how to query a linked server, if that is the way to go.
A little background, We have a DEV Server running SQL Server 2000. This is the first of many to be migrated from out NT Domain to our new AD (active directory Domain). All Domain user accounts have already been migrated.
When they migrated this first Server running SQL Server, I am getting the following error when I try to make the owner of a job (any job) run by the SQL Server Agent a domain account in the new AD - when I switch the ownership back to our old NT Domain, it works fine.
I am getting this error: The job failed. Unable to determine if the owner (domainusername) of job testjob has server access (reason: Could not obtain information about Windows NT group/user 'domainusername'. [SQLSTATE 42000] (Error 8198)).
note that this is happening to all windows authenticated sql server accounts on this Server. All of these account are in the local Admin group on the Server.
Does anyone know what needs to be done in SQL Server to make the AD migration seemless???? I need to try and find this out before we begin migrating Production Servers. Thank you!!
Hi! I want to write a trigger that add a new computer account in my active directory when I do an Insert in my MSSQL table.
I know how to use SELECTstatements using LDAP but I want to do a INSERT statement. Is that even possible? Can you write vb code directly in SP i mssql 2000?
What I think I have to do is to have a vbscript that does the adding then call the script using exetended SP cmd execute passing the name to the script.
If someone has a another solutions please let me know!
Is it possible to, somehow, get a specific users password from active directory? The reason I ask is that I am writing a new system and really don't want the users having to remember yet another password, but rather be able to use there network password? I would like to write the logon section myself and not use any built in functions that anything may have.
Please can someone advise. I don't think it is possible but have been asked to persue the issue.
HiI've created a stored procedure (see below) which accesses the ActiveDirectory and SQL server to get "real names" back. When I run thestored procedure in Query Analyzer it returns the expected results,however when I try to create a Web Assistant job based upon theprocedure I get the SQL-DMO message:Error 7410 Remote Access not allowed for Windows NT Useractivated bySETUSER.The procedure is being run (and the job created) as the account whichowns the SQL Server installation, and this account has AD adminpermissions.Any suggestions?CREATE VIEW dbo.vw_account_adASSELECT a.Name AS ad_name, dbo.Accounts.*FROM dbo.Accounts INNER JOINOPENQUERY(ADSI,'select SamAccountName, Name FROM''LDAP://w2k-bspad1/ ou=users,ou=bsp,DC=ad,DC=bl,DC=uk'' whereobjectcategory=''person'' ') a ONSUBSTRING(dbo.Accounts.Account_Name,CHARINDEX('', dbo.Accounts.Account_Name) + 1,LEN(dbo.Accounts.Account_Name) - CHARINDEX('',dbo.Accounts.Account_Name)) = a.SamAccountNameCREATE PROCEDURE [dbo].[usp_event_report] ASSET ANSI_NULLS ONSET ANSI_WARNINGS ONSELECT Code_Name, Account_Name + ' ('+ad_Name+')' as 'Account Name',Date_Occured, ResultFROM Usage_Codes, Usage, vw_account_adWHERE Usage.Code_ID = Usage_Codes.Code_IDAND Usage.Account_ID = vw_account_ad.Account_IDAND datepart(month,Date_Occured) = datepart(month,getdate())ORDER BY Code_Name, Account_Name, Date_OccuredGOChloe CrowderThe British Library
I have a request to build some reports that are specific to each user. Only the autheticated user should be able to see their report data and no one elses etc. How do I get data for the current autheticated user (via AD)? If this is via parameter, how do I hide the username/password in the url?
I am sure this has been done, but I couldn't find any good examples.
Can someone please tell me or provide a link explaining how I can query the active directory for usernames from sql server 2005. I'm actually creating usernames on the fly and I need to check if they already exist in the active directory. Thanks.
We want to use Active Directory with Oracle for User Authentication and accessing Oracle as well as storing the details in Oracle. Active Directory stores Information regarding Users, Groups & Policies etc.
We want to provide the access in Oracle for the users available in AD as well as export Complete User Information from active directory and keeping the updated information into some Oracle tables. What is the optimal method?
What configuration needed at Server/ Client End and How to do the same? Kindly provide the steps. Please do the needful. Thanks.
We currently have Active Directory within our domain all Server 2003 based. We also have a SQL2005 database stand alone server (not currently joined to the domain). What we would like to do is utilize single sign on. Currently our users have to log into windows, then open an "in-house" program which asks for a different set of credentials for the SQL2005 database. How do we intergrate Active Directory login to also authenticate to the SQL database? Can we just join the stand alone SQL server to the domain, then from there add the Active Directory "security groups" into the database? Could someone point me in the right direction, thanks!
Hi everybody. I have this problem: I have to access to the Active Directory of a remote server from my computer using SQL and make searches based on the LDAP of the server. Someone told me to use Add Linked Server, but I don't know how to do it with the Active Directory. Thanks for the help.
I encapsulated calls to Active Directory in a dll. This dll works very well for a call or a few calls. However when I wrote a winapp that calls many times repeatedly to this dll and consequently to DirectorySearcher, I recieve the following message after many iterations have been made: (while debugging, or in release mode same problem occurs)
Managed Debugging Assistant 'ContextSwitchDeadlock' has detected a problem in 'D:DevProjectsADQuerySysRegLoadPersGrpsSRLoadPersGrpsSRLoadPersGrpsinReleaseSRLoadPersGrps.vshost.exe'. Additional Information: The CLR has been unable to transition from COM context 0x1a0998 to COM context 0x1a0b08 for 60 seconds. The thread that owns the destination context/apartment is most likely either doing a non pumping wait or processing a very long running operation without pumping Windows messages. This situation generally has a negative performance impact and may even lead to the application becoming non responsive or memory usage accumulating continually over time. To avoid this problem, all single threaded apartment (STA) threads should use pumping wait primitives (such as CoWaitForMultipleHandles) and routinely pump messages during long running operations.
Continue & breakAll after the above error thrown caused this system error code to be generated: H80131c25
Here's one of the subs in the dll that is causing the problem. After multiple calls to the directorySearcher, one or another call fails with the above error. (on the FindOne method here, but on the .GetDirectoryEntry method in another sub, random which one fails, it's the number of iterations that is the problem) Question I have is: Is the only way to stop this error to reduce or slow down the calls to DirectorySearcher?
Private Sub GetGroupName(ByVal GroupName As String, ByRef strDistinguishedName As String, ByRef strMsg As String) Dim strFilter As String Dim entry As DirectoryEntry Try strFilter = "(&(objectClass=group)(cn=" + GroupName + "))" Dim myArr() As String = {"distinguishedName"} Dim mysearchroot As DirectoryEntry = New DirectoryEntry(myLDAPPath) Dim myDirectorySearcher As New DirectorySearcher(mysearchroot, strFilter, myArr, SearchScope.Subtree) Dim mySearchResult As SearchResult = myDirectorySearcher.FindOne If mySearchResult Is Nothing Then Throw New Exception("Get Group Name: No groups by name: " & GroupName) End If entry = mySearchResult.GetDirectoryEntry() strDistinguishedName = entry.Properties.Item("distinguishedName").Value.ToString 'cleanup entry = Nothing mySearchResult = Nothing myDirectorySearcher.Dispose() mySearchResult = Nothing Catch e As Exception strMsg = "Failed to Get Distinguished Group Name for: " + GroupName + " " + e.Message strDistinguishedName = "" End Try