querying active directory from ssrs
DESCRIPTION
Querying Active Directory From SSRS. To Customize The User Experience And Secure Reports. Introduction. Wes Springob (No relation to Mr. Squarepants ) BI Consultant at New York Life Originally from Pittsburgh, now New Port Richey Wife Ashley, Portrait Photographer http :// SQLWes.com - PowerPoint PPT PresentationTRANSCRIPT
Querying Active Directory From SSRSTo Customize The User Experience And Secure Reports
IntroductionWes Springob(No relation to Mr. Squarepants)BI Consultant at New York Life Originally from Pittsburgh, now New Port RicheyWife Ashley, Portrait Photographer
http://SQLWes.com
http://twitter.com/SQLWes
http://LinkedIn.com/in/SQLWes
Disclosure: Extensive use of SSRS Proficient T-SQL Developer LDAP novice 0 AD administration experience Recently exploring reporting of data sources that aren’t SQL Server Have been wanting to work with AD Data in SSRS for years, but only recently have had
the opportunity. The names have been changed to protect the innocent = No live demo of
Active Directory
Use Case Why would you need to secure a report with AD? Doesn’t the Report Server do that for you?
Short answer, yes it does:
We can do more
System of recordMany database systems store a user’s Active Directory ID. But they also store a lot more, unfortunately, to “support” the application. Where in most cases, we should be going back to query AD to ensure we are using the most current values.
Tools A SQL Server with SSRS installedManagement StudioVisual Studio, BIDS or Report Builder to create RDL’sActive Directory Explorer
1. Aids in writing LDAP queries2. Free tool, downloadable from Technet3. Any domain account typically has sufficient, Read Only, rights
to query AD
ApproachesLinked Servers / T-SQLCLR / System.DirectoryServices NamespaceCustom Code in the RDL / System.DirectoryServices NamespaceQuery AD Directly as a Data source From within the RDL / T-SQL
What is LDAP?Lightweight Directory Access Protocol
“is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.” -- Wikipedia
Used to query or filter Active Directory from T-SQL or .Net code.Neither AD or LDAP are RDBMSAD is Optimized for fast reads
Active Directory ExplorerDefinitions:dn = Distinguished Namedc = domain componentou = organizational unitcn = common namesn = surname (last name)givenName = (First Name)
Linked Servers
OpenQuery
Creating the report
Creating the AD data source
Creating the dataset
Creating the Query Expression
Preview
Solving the Use Case
Queries?
Additional LDAP Queries
Resources:Active Directory Explorer Download:http://technet.microsoft.com/en-us/sysinternals/bb963907.aspxThis Slide Deck:http://SQLWes.com