User Account Push from SQL Server to AD

  • We have a need to push data from our Peoplesoft DB (SQL 2000) into active directory.  I'd like to do a direct push using a SQL Statement without any intermediate steps (like dumping to a text file)...

    I've already found threads on reading LDAP, but what I really need to do is first read using LDAP, then update or add data as necessary...Has anyone done anything like this before?  Will I have to use an Extended SP to pull it off???

    Thanks!

  • This would probably be better accomplished using a script and ADSI which queries the database and then executes the appropriate ADSI command. What information are you trying to push from PeopleSoft into AD?

    K. Brian Kelley
    @kbriankelley

  • There's specific information like EmployeeID, Name, Address, etc that we want to store in AD.  Right now we have processes set up that dumps the data to a text file then a VB process pushes it into AD.  The problem is that this isn't as secure as having SQL do it directly (no one can modify the text file, for instance).  Another option we were considering was to allow the VB app access to a view.  The problem is, I want to avoid creating new logins to the DB because it creates yet another risk for our system.  My view is that data should be pushed from sensitive systems and not to a text file...

    If I have to do calls to ADSI (not sure what that is) or an extended proc, that's fine...I just want to control the process and push the data to AD.

    Thanks.

    Mike

  • But right now you are talking about a SQL Server process having the capability of modifying your Active Directory structure... typically there are fewer folks with the ability to update AD than there are folks who have sysadmin level access to SQL Server. Keep in mind that anyone who has such access would then have the capability to update AD. What's to stop these folks from doing that anymore than modifying the text file?

    In any case, you have the ability to access ADSI using the sp_OA* extended stored procedures already built into SQL Server.

    K. Brian Kelley
    @kbriankelley

  • On principal I would agree.  But, the fact of the matter is there are many more AD Admins here than people who have access to SQL Server.  Probably even more that would have access to the Text File...Furthermore, we can restrict the user I would use to only be able to update the appropriate parts of AD.

    Thanks for the pointer to sp_OA

    Mike

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply