April 17, 2009 at 2:30 pm
In our application we are adding active directory groups to our security groups. What is the best way to store an active directory group name? Do we store it like Domain\PowerUser or should it be some sort of guid.
What is the fastest for the application to find in MS architecture and if it is a guid what is the data type in SQL?
April 17, 2009 at 3:00 pm
I guess I don't understand your question. If you're creating AD groups, wouldn't you store those in the Active Directory? That's not in SQL.
If you need to pull data about them into SQL, there are queries that can do that, but that doesn't store any data in SQL either, it just queries the Active Directory for data.
Can you clarify what you're doing?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
April 17, 2009 at 3:09 pm
Sure...
the application they are writing has roles within the application itself...A decision made way above me.
These roles can be associated to users of the application
These roles can be associated to Groups of the application
These roles can be associated to Active Directory groups from MS.
We need to know who is in the active directory group. When a user logs in we first look for the user in users table. Then we look at the AD groups and go to MS to authenticate. We need to store the AD group name or guid so we can look it up later.
So when they use the 3rd option how do I store the active directory name?
April 20, 2009 at 8:17 am
You should be able to query AD data at runtime, instead of trying to keep it in SQL tables. That way, you don't have to worry about the data getting out of synch or anything like that. You can set up a linked server to the AD server, and query that.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
April 20, 2009 at 8:44 am
you are not following what I am looking for. this is not a server that will be controlled by me. This is an application that has an AD groups table. The admin of the app can create groups and put AD groups into the App group. ie
SuperAppGroup
Domain\SillyEndUsers
Domain\SkilledEndUsers
The Domain\SillyEndUsers is what I do not know how to store. I have to store that no matter what for when they log into the app. AD I think stores a guid for the name. So I think I should use that incase the name ever changes. Will the SQL datatype uniqueidentifier work for that?
Here is a link that says they are stored as guids.
website
April 20, 2009 at 12:57 pm
UniqueIdentifier will work for that. Those are GUIDs.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply