Is there a tool, or does anyone have a script format that might automaticall
y
pull in AD accounts from an OU and put them in the Users group of a specific
database.
If there is an article or existing document on this I have not been able to
find it.
I would appreciate any help anyone can give whereas if I can't find this, I
will have to type in about 2000 users into my database from a hard copy.
There has to be a way. Even if someone can tell me what table and field the
users are listed in, I can probably script it from that.
Thanks in advance
gordonJust so I understand, when you create a database, you want SQL to
automatically pull in users AD and grant them access to the database?
"gordon" wrote:
> Is there a tool, or does anyone have a script format that might automatica
lly
> pull in AD accounts from an OU and put them in the Users group of a specif
ic
> database.
> If there is an article or existing document on this I have not been able t
o
> find it.
> I would appreciate any help anyone can give whereas if I can't find this,
I
> will have to type in about 2000 users into my database from a hard copy.
> There has to be a way. Even if someone can tell me what table and field t
he
> users are listed in, I can probably script it from that.
> Thanks in advance
> gordon|||Yes. Actually the database is already created. Right now, I have to
manually add every user in an AD OU to the "Users" group in SQL 2000. Then
I
have to assign them either Public or another role, manually. As you might
imagine, this is very time consuming. I have seen ADSI scripts pull
information from OU's in AD to tables in SQL, but not to the USERS group (yo
u
know, where you have diagrams, views, tables, users, roles etc. ) I want to
add the AD user to the USers in SQL.
Thanks for the response!!!!
"John Barr" wrote:
> Just so I understand, when you create a database, you want SQL to
> automatically pull in users AD and grant them access to the database?
> "gordon" wrote:
>|||I understand, and yes, it is possible, but it will taking some coding.You
will have to create a VBScript to read AD based on an OU name that you pass
and access SQL Server to execute a stored procedure to do dynamic SQL to add
the user if it is not existing, and grant it the rights you will need. It
will be time consuming to create, but it will eliminate the manual addtions.
You can get the VBScript to access AD in the Script Center on Microsofts
Site, and write those users into a table using ADO, then execute a Stored
Procedure. Seems a little hectic, but it would work.
"gordon" wrote:
> Yes. Actually the database is already created. Right now, I have to
> manually add every user in an AD OU to the "Users" group in SQL 2000. The
n I
> have to assign them either Public or another role, manually. As you might
> imagine, this is very time consuming. I have seen ADSI scripts pull
> information from OU's in AD to tables in SQL, but not to the USERS group (
you
> know, where you have diagrams, views, tables, users, roles etc. ) I want t
o
> add the AD user to the USers in SQL.
> Thanks for the response!!!!
>
> "John Barr" wrote:
>|||I appreciate it. I knew it would be that much work, was wondering ifanyone
had done it and I could use their code and modify it for my OU's. Or if
there were any Microsoft Technical articles showing how.
Thanks for the responses.
"John Barr" wrote:
> I understand, and yes, it is possible, but it will taking some coding.You
> will have to create a VBScript to read AD based on an OU name that you pas
s
> and access SQL Server to execute a stored procedure to do dynamic SQL to a
dd
> the user if it is not existing, and grant it the rights you will need. It
> will be time consuming to create, but it will eliminate the manual addtion
s.
> You can get the VBScript to access AD in the Script Center on Microsofts
> Site, and write those users into a table using ADO, then execute a Stored
> Procedure. Seems a little hectic, but it would work.
> "gordon" wrote:
>|||Hi
What are you not using roles and permissioning via AD group membership? It
is the recommenced way to manage users in SQL Server.
Add the users in AD to a group, then add the group the SQL Server. Then when
a new user arrives, you just add the person to the AD group and then the
user has the permission in the DB. When the user leaves, there is no
maintenance to be done at SQL Server level, only at AD level.
Books online has a lot of information DB roles and AD group membership.
Regards
--
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
IM: mike@.epprecht.net
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"gordon" <gordon@.discussions.microsoft.com> wrote in message
news:03540F8D-A377-4207-8093-4DA0F6225D81@.microsoft.com...
> Yes. Actually the database is already created. Right now, I have to
> manually add every user in an AD OU to the "Users" group in SQL 2000.
> Then I
> have to assign them either Public or another role, manually. As you might
> imagine, this is very time consuming. I have seen ADSI scripts pull
> information from OU's in AD to tables in SQL, but not to the USERS group
> (you
> know, where you have diagrams, views, tables, users, roles etc. ) I want
> to
> add the AD user to the USers in SQL.
> Thanks for the response!!!!
>
> "John Barr" wrote:
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment