SideBar    What Is ADSI?
DOWNLOAD THE CODE:
Download the Code 41841.zip

Now that you've added a SQL Server and a database to AD, you can browse these classes in AD by using ADSI Edit, which is included with Win2K Server. To open ADSI Edit, run the Microsoft Management Console (MMC) from the Start menu, select Console, Add/Remove Snap-in, and add the ADSI Edit snap-in.

After registering ADSI Edit, you need to select the domain to connect to by right-clicking the ADSI icon and entering a domain server name. You should be able to locate your server under the COMPUTER container. You should see a new mS-SQL-SQLServer object under the Server's AD Class instance. If you're running a default instance of SQL Server, the object will be called MSSQLSERVER.

If you expand the mS-SQL-SQLServer object, you should see a child object called mS-SQL-SQLDatabase. Each of these objects or classes has attributes. One attribute of mS-SQL-SQLDatabase is mS-SQL-Name, which lists the database name—in this case, Northwind, as Figure 3, page 16, shows.

Is It Secure?
You might wonder whether publishing your SQL Server and databases in AD is secure. Actually, doing so is more secure than the existing method of locating SQL Servers on the network—Named Pipe broadcasts. By default, a SQL Server announces itself as a service over Named Pipes to all clients. To illustrate this point, try running osql ­L on your network to discover all the computers running SQL Server. Named Pipe broadcasts let clients find SQL Server dynamically; however, you can't assign permissions to these broadcasts—they go out to everyone connected to your network.

In AD, you can assign permissions to restrict who can see which AD objects. For example, if I had a SQL Server for payroll data, I'd assign read permissions only to the AD payroll group. Once I publish my SQL Server and databases in AD, I can disable Named Pipe broadcasts and assign permissions to the AD objects. See SQL Server 2000 Books Online—BOL—(Updated-SP3) under "Revealing SQL Server on a Network" for information about how to disable Named Pipe broadcasts. Note that hiding SQL Server switches the port that SQL Server uses to 2433 regardless of whether you've already set SQL Server to use an alternate port.

Service Publication
A service publication helps client applications locate the appropriate database server. As Figure 4 shows, first a SQL Server publishes to AD its name and location, including information such as server name and the port number SQL Server is running on. Next, a client application looks up the location of a SQL Server by database name. Finally, the application uses the retrieved location information to connect to the SQL Server and to begin using it. When you publish SQL Server and its databases in AD, clients can dynamically locate database servers by database name. If you need to move a database to a different server, you need only to update AD.

The concept of a service publication for database management systems (DBMSs) has existed in Oracle since version 8i, and you can list Oracle databases in AD. In Oracle, if you've listed the Oracle databases in AD, you can simply specify the database's system identifier (SID) as the Host String, and the application will search AD to locate the server's network address and port number to make a connection. For example, Oracle's SQL*Plus can log on to an Oracle server by using the database's SID. Although SQL Server's Query Analyzer doesn't include this functionality, you can build client applications that search AD based on a database name and locate the appropriate SQL Server to connect to in much the same way as you can with Oracle.

Using SQL Server AD Data
Now that you've verified that your SQL Server and the Northwind database are registered in AD, let's look at some techniques for programmatically retrieving and manipulating SQL Server AD data. Although you can use ADSI exclusively, I find using a combination of ADO and ADSI's SQL dialect more natural for searching in AD. The VBScript code in Listing 1 uses the ADO provider for AD to retrieve the instance names registered in AD for all computers running SQL Server.

You can also query AD and retrieve a list of all registered databases by selecting the attribute mS-SQL-Name, as Listing 2 shows, again using the ADO provider for AD. For a complete list of AD attributes, see the Microsoft Developer Network (MSDN) documentation of the Win2K AD schema. Specifically, look at the mS-SQL-SQLServer and mS-SQL-SQLDatabase classes.

Prev. page     1 [2] 3     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

If this does what I think it says it does, the possibilities are endless!

Glenda Baker- March 26, 2004

The article cleared up some misconceptions about the AD configuration.

Roger Young- April 07, 2004

I am very dissapointed that I as a subscriber to SQL Server magazine should have to be subjected to flashing graphics when I am trying to read a useful article such as this. Even Printer Friendly still has a graphic there, flashing away. It's simply pollution that I don't expect to have to put up with. It didn't use to be there - in Print Preview mode anyway.

And this comments box is too small, (and it's scroll bar doesn't work). Are you trying to shut me up?

Thanks for listening.

regards, Paul Ritchie

Paul Ritchie- April 19, 2004

very interesting!! thanks for the information

Ronny De Fonny- May 06, 2004

Just went back of back issues regarding AD, as there very little in SQL & AD BOL!

The included Listings are priceless.

Jasper

Deucalion- September 26, 2004

Article Rating 5 out of 5

 
 

ADS BY GOOGLE