Active directory query 1000 page size limitaion

Hi.

We need to create a view of our active directory users (we have 2500).

I found out that there is max page size of 1000, so we cannot get more
data.

Anyone found a solution to that problem?

ThanksI don't really understand what your question has to do with MSSQL - are
you talking about Reporting Services, perhaps? If so, you can try
microsoft.public.sqlserver.reportingsvcs to see if you get a better
response.

Simon

Active Directory as linked Server in SQL

I want to create a view in SQL populated with users from our Active Directory. I have learnt that this can be done using linked server. I have tried using the following:
sp_addlinkedserver 'ADSI', 'Active Directory Services 2.5', 'ADSDSOObject', 'adsdatasource'
go
sp_addlinkedsrvlogin @.rmtsrvname = 'ADSI', @.useself = 'false', @.locallogin = 'sa', @.rmtuser = 'lok_applications', @.rmtpassword = '9dfFfG374GoiAo6yxxc8oZ'
SELECT *
FROM OpenQuery( ADSI,
'SELECT * FROM "LDAP://194.22.1.18/DC=lok,DC=com"')
I keep getting this error no matter what I try:
An error occurred while preparing a query for execution against OLE DB provider 'ADSDSOObject'.
OLE DB error trace [OLE/DB Provider 'ADSDSOObject' ICommandPrepare::Prepare returned 0x80040e14].
Any ideas why?
Hi,
From your descriptions, I understood that you meet the error [Prepare
returned 0x80040e14] when you are using linked server to Active Directory.
Have I understood you? If there is anything I misunderstood, plesae feel
free to let me know
Based on my knowledge, there should be some authority issue with this kind
of error. Would you please have a try on following steps?
1.
try to create a new linked server as follows
EXEC sp_addlinkedserver 'ADSI', 'Active Directory Services 2.5',
'ADSDSOObject',
'adsdatasource'
GO
Will you get the same error?
2.
try to add SQL Server to Active Directory (Right click Server in SQL Server
Enterprise Manager -> properties -> Active Directory)
Could you make it successfully? If not, what kind of error do you meet?
3.
Checking Start-up account of SQL Server.
Step One: typing "services.msc" (without quotation marks) in Start -> Run
Step Two: right click 'MSSQLServer' or 'MSSQLServer$InstanceName',
according to the SQL Server you are using -> Properties -> Log On. If you
are using a Local System Account, change it to Domain Account
try to see whether you could successfully add it and make the query
Hope this helps and please feel free to post in the group if this solves
your problem or if you would like further help. We are here to be of
assistance!
Sincerely yours,
Mingqing Cheng
Microsoft Online Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!
|||Hi,
I wanted to post a quick note to see if you would like additional
assistance or information regarding this particular issue. We appreciate
your patience and look forward to hearing from you!
Sincerely yours,
Mingqing Cheng
Microsoft Online Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!
|||Hi,
I have a very similar problem. I have double checked that:
First ran from a Member Server running SQL 2000 sp3
SQL Service is running as a domain user (even a domain admin)
SQL Server is registered in Active Directory
Created the linked server as suggested, and also tried creating using
enterprise manager
Tried various uses of sp_addlinkedsrvlogin as well as the security
dialog of the linked server in EM to make sure I have proper credentials
Tried running from the Domain Controller itself on SQL 7.0
updated MDAC to 2.8
When I run an OpenQuery in QA, I get a message like:
Server: Msg 7321, Level 16, State 2, Line 1
An error occurred while preparing a query for execution against OLE DB
provider 'ADsDSOObject'.
OLE DB error trace [OLE/DB Provider 'ADsDSOObject'
ICommandPrepare::Prepare returned 0x80040e14
When I try to browse around in EM under the linked server, I get a
message dialog like:
Could not obtain a required interface from OLE DB provider
'ADSDSOObject'. OLE DB error trace[OLE/DB Provider 'ADSDSOObject'
IUnknown::QueryInterface returned 0x80004002: IDBSchemaRowset].
Any ideas? Perhaps I need to change the AD configuration, or I
overlooked something with the authentication?
Dave
*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
|||Bjork,
I have a nearly identical problem. Did you ever solve your problem, and
if so, do you have any suggestions?
thanks,
Dave
*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Active Directory as linked Server in SQL

I want to create a view in SQL populated with users from our Active Directory. I have learnt that this can be done using linked server. I have tried using the following
sp_addlinkedserver 'ADSI', 'Active Directory Services 2.5', 'ADSDSOObject', 'adsdatasource
g
sp_addlinkedsrvlogin @.rmtsrvname = 'ADSI', @.useself = 'false', @.locallogin = 'sa', @.rmtuser = 'lok_applications', @.rmtpassword = '9dfFfG374GoiAo6yxxc8oZ'
SELECT *
FROM OpenQuery( ADSI,
'SELECT * FROM "LDAP://194.22.1.18/DC=lok,DC=com"'
I keep getting this error no matter what I try
An error occurred while preparing a query for execution against OLE DB provider 'ADSDSOObject'.
OLE DB error trace [OLE/DB Provider 'ADSDSOObject' ICommandPrepare::Prepare returned 0x80040e14].
Any ideas why?Hi,
From your descriptions, I understood that you meet the error [Prepare
returned 0x80040e14] when you are using linked server to Active Directory.
Have I understood you? If there is anything I misunderstood, plesae feel
free to let me know :)
Based on my knowledge, there should be some authority issue with this kind
of error. Would you please have a try on following steps?
1.
try to create a new linked server as follows
EXEC sp_addlinkedserver 'ADSI', 'Active Directory Services 2.5',
'ADSDSOObject',
'adsdatasource'
GO
Will you get the same error?
2.
try to add SQL Server to Active Directory (Right click Server in SQL Server
Enterprise Manager -> properties -> Active Directory)
Could you make it successfully? If not, what kind of error do you meet?
3.
Checking Start-up account of SQL Server.
Step One: typing "services.msc" (without quotation marks) in Start -> Run
Step Two: right click 'MSSQLServer' or 'MSSQLServer$InstanceName',
according to the SQL Server you are using -> Properties -> Log On. If you
are using a Local System Account, change it to Domain Account
try to see whether you could successfully add it and make the query :)
Hope this helps and please feel free to post in the group if this solves
your problem or if you would like further help. We are here to be of
assistance!
Sincerely yours,
Mingqing Cheng
Microsoft Online Support
---
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!|||Hi,
I wanted to post a quick note to see if you would like additional
assistance or information regarding this particular issue. We appreciate
your patience and look forward to hearing from you!
Sincerely yours,
Mingqing Cheng
Microsoft Online Support
---
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!|||Bjork,
I have a nearly identical problem. Did you ever solve your problem, and
if so, do you have any suggestions?
thanks,
Dave
*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Active Directory as linked Server in SQL

I want to create a view in SQL populated with users from our Active Director
y. I have learnt that this can be done using linked server. I have tried usi
ng the following:
sp_addlinkedserver 'ADSI', 'Active Directory Services 2.5', 'ADSDSOObject',
'adsdatasource'
go
sp_addlinkedsrvlogin @.rmtsrvname = 'ADSI', @.useself = 'false', @.locallog
in = 'sa', @.rmtuser = 'lok_applications', @.rmtpassword = '9dfFfG374GoiA
o6yxxc8oZ'
SELECT *
FROM OpenQuery( ADSI,
'SELECT * FROM "LDAP://194.22.1.18/DC=lok,DC=com"')
I keep getting this error no matter what I try:
An error occurred while preparing a query for execution against OLE DB provi
der 'ADSDSOObject'.
OLE DB error trace [OLE/DB Provider 'ADSDSOObject' ICommandPrepare::Prep
are returned 0x80040e14].
Any ideas why'Hi,
I wanted to post a quick note to see if you would like additional
assistance or information regarding this particular issue. We appreciate
your patience and look forward to hearing from you!
Sincerely yours,
Mingqing Cheng
Microsoft Online Support
---
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Please reply to newsgroups only, many thanks!|||Hi,
I have a very similar problem. I have double checked that:
First ran from a Member Server running SQL 2000 sp3
SQL Service is running as a domain user (even a domain admin)
SQL Server is registered in Active Directory
Created the linked server as suggested, and also tried creating using
enterprise manager
Tried various uses of sp_addlinkedsrvlogin as well as the security
dialog of the linked server in EM to make sure I have proper credentials
Tried running from the Domain Controller itself on SQL 7.0
updated MDAC to 2.8
When I run an OpenQuery in QA, I get a message like:
Server: Msg 7321, Level 16, State 2, Line 1
An error occurred while preparing a query for execution against OLE DB
provider 'ADsDSOObject'.
OLE DB error trace [OLE/DB Provider 'ADsDSOObject'
ICommandPrepare::Prepare returned 0x80040e14
When I try to browse around in EM under the linked server, I get a
message dialog like:
Could not obtain a required interface from OLE DB provider
'ADSDSOObject'. OLE DB error trace[OLE/DB Provider 'ADSDSOObject'
IUnknown::QueryInterface returned 0x80004002: IDBSchemaRowset].
Any ideas? Perhaps I need to change the AD configuration, or I
overlooked something with the authentication?
Dave
*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!|||Bjork,
I have a nearly identical problem. Did you ever solve your problem, and
if so, do you have any suggestions?
thanks,
Dave
*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

Action Queries

Two questions.

1. How do I create action queries in SQL Server? From Enterprise Manager -> view I can create, run but NOT save the query.

2. How do I access an SQL server query from access like i would an Access query? Do i have to make a call to a stored procedure or something like that?If you like to reuse a query you can create it in Query Analyzer and then save it to a file. Using Query Analyzer you can then open the file and run the query. You can use any text editor to create a query and save it. Also by using a stored procedure you are saving the SQL to the database so it can be used at any time just by calling it. Depending on how you setup permission you can let other users call your stored procedure.|||I'm a little new at this so bear with me... OK.. I follow you up to the point of the stored procedure. Say i save that file as Test.. Is test.sql the stored procedure? I thought stored procedures were only available inside Enterprise manager. Lastly Once the file containing the sql statement is created, how do i reference the file from enterprise manager? i can figure out how to call a stored procedure in the enterprise manager from Access VBA code.|||Access_Dude,
Action Queries are a bit different in SQL Server to Access. In access, it all gets saved down in the database. In SQL Server, you've got a choice: Either save it down as a .sql file (in effect a text file - rename the extension to .txt, will open it in Notepad, no problems). This allows you to have a permanent copy which you can open from other apps without needing SQL Server - useful for saving down scripts which you want to run again but don't want to keep in the database.
Or, create a Stored Procedure in SQL Server. This will save the SQL into the database itself. As an example:

select Name, Postcode
from Customer
where CustomerID = 123

... can become a stored proc ('action query')...

create proc spGetCustomerNameAndPostcode
as
select Name, Postcode
from Customer
where CustomerID = 123

... it can then be simply called from an app, or from within SQL Server, using:
exec spGetCustomerNameAndPostcode

(Note that the exec isn't always needed, depends on what you're doing)

Hope this helps :)
Jon.|||Access_Dude,
Action Queries are a bit different in SQL Server to Access. In access, it all gets saved down in the database. In SQL Server, you've got a choice: Either save it down as a .sql file (in effect a text file - rename the extension to .txt, will open it in Notepad, no problems). This allows you to have a permanent copy which you can open from other apps without needing SQL Server - useful for saving down scripts which you want to run again but don't want to keep in the database.
Or, create a Stored Procedure in SQL Server. This will save the SQL into the database itself. As an example:

select Name, Postcode
from Customer
where CustomerID = 123

... can become a stored proc ('action query')...

create proc spGetCustomerNameAndPostcode
as
select Name, Postcode
from Customer
where CustomerID = 123

... it can then be simply called from an app, or from within SQL Server, using:
exec spGetCustomerNameAndPostcode

(Note that the exec isn't always needed, depends on what you're doing)

Hope this helps :)
Jon.

Action jumping to wrong report

Hello all,
I have a set of master reports that have linked copies in different
directories based on which customer is logging in to view them. Many of
the fields in these reports have actions to jump to other reports. The
problem I'm running into is that the action is jumping to the report in
the master directory (which has open customer queries) instead of the
one in the customer directory which has a default.
Kind of confusing, so here's an example:
Master reports 1 and 2 in directory /master have a default value of %
for customer and don't prompt for that parameter
Linked reports 1 and 2 in directory /123 have a default value of 123
for customer and don't prompt for that parameter
Report 1 jumps to report 2 when they click on a certain field, but if
it jumps to the report in /master it will query data for all customers.
I want it to jump to the linked report in /123 so it will only query
data for that customer.
If I try to pass in the customer field it gives an error since that
field isn't prompted for. Obviously prompting for the field will defeat
the security. Is there any way to force it to jump to the linked report
in the current directory instead of the one in the directory being
linked from?
Thanks!
JonAfter playing around with the "jump to URL" option I answered my own
question.
=Globals!ReportServerUrl & "?" & Globals.ReportFolder &
"/Report+2&Customer=" Fields!customer.value
Just in case it helps anyone else with a similar question...
Thanks,
Jon

accessing two database in sql server 2k5 express

hi guys. can you please provide tutorial/link how to access two database in one view. i was thinking about LINK TABLE like what i do in ms access but i find solution in sql server.

thnx.

I hope u need to get the result of two table from two database . You can create a view with three part qualified name.

Create view yourviewname

as

Select *from Databasename1.owner.tablename where ......

Union /Join

Select *from Databasename2.owner.tablename where ......

basically you need to give fully qualifed tablename . The user accessing this view should have permission in both the dbs

Madhu

|||thanks. its up and running...

Accessing sys.syslockinfo from an application role

In SQL Server 2005, you must have the VIEW SERVER STATE permission in order to access sys.syslockinfo (http://msdn2.microsoft.com/en-us/library/ms189497).

It seems that the VIEW SERVER STATE permission can only be granted to users.

Once you execute sp_setapprole, the connection loses the permissions of the user and assumes the permissions of the application role (http://msdn2.microsoft.com/en-us/library/ms190998).
So, how can I access the sys.syslockinfo view while using an application role?
Note: I have to maintain compatibility with SQL Server 2000

Here are two ways to allow an application role access to syslockinfo:

a) Create a signed stored procedure that exposes syslockinfo and grant execute on it to the application role. An example of procedure signing has been presented in the following post:

controlling security through stored procedures -- 2005 behaviour

b) Grant VIEW SERVER STATE to public.

Thanks
Laurentiu|||

Thanks for your help. I see that they just added this knowledge base article: http://support.microsoft.com/kb/906549, which has another example. Did you write the kb article?

|||Thanks for posting the KB link, this is recent indeed. No, I didn't write that article but I see it's a complete description of the solution I mentioned as (a). Let us know if you have any trouble with that solution.

Thanks
Laurentiu|||Their example works great for syslogins and sysprocesses. However, it doesn't work for syslockinfo.

This is the error message:
The user does not have permission to perform this action.|||Nevermind, I think there was just something wrong with my install. I reinstalled, and now it is working. Thanks again for your help.

Accessing password_hash by users in SQL Server 2005

In SQL Server 2000 we had a view that would show the user credentials and the password hash. The reason we need this is that we use SQL Server authentication on the database. To test users, we have a login with little access, and it should be able to see the view and compare the password supplied against what is in the database, and then let the code handle a graceful exit if the password is invalid. I am trying to do this with SQL Server 2005, and I am running into trouble. I am trying to do this with a function, since there I can set the EXECUTE AS clause (in theory) and leverage the privlidges of a specific user in the database. Here is an example function:

CREATE FUNCTION check_acct.fn_allusers (@.test int)
RETURNS @.users table (username varchar(50), passwd varbinary(256))
WITH EXECUTE AS caller
AS
BEGIN
INSERT @.users
select name, password_hash from sys.sql_logins
RETURN
END
GO
GRANT SELECT ON fn_allusers TO user_acct

I cannot get to all rows in the sys.sql_logins table unless I first:

GRANT VIEW ANY DEFINITION TO CHECK_ACCT

then when I call this function from CHECK_ACCT, I am able to see the data. If I change the WITH EXECUTE AS 'CHECK_ACCT' and execute thsi function from USER_ACCT, I do not get the same results. Do functions not inherit VIEW DEFINITION proivlidges? Any suggestions on how to do this but limit access to these secure objects to this one function?

You're seeing the expected behavior, as I understand it. As you know, the "AS CALLER" reference will run the proc statements as the account that runs the proc, in which case that account needs the perms you're trying to use.

This may have to do with the scope of the call. If you'll look up the EXECUTE AS (Transact-SQL) statement in Books Online (make sure you have the February 2007 version loaded), you'll see a note about calling out of the current database, which you're doing. If you're in a database and you call sys.sql_logins, you're hitting the master database, which is outside the scope of the current database. I wonder if adding "USE master" would work?

|||

The permission needed to see the password hashes is CONTROL SERVER. See BOL for detailed information (http://msdn2.microsoft.com/en-us/library/ms187113.aspx).

The execution token established by EXECUTE AS is (by default) only trusted on the database where the execution context switch took place, and all server scoped privileges for the impersonated context are stripped down to DENY ONLY. This is explained in better detail on BOL: Extending Database Impersonation by Using EXECUTE AS (http://msdn2.microsoft.com/en-us/library/ms188304.aspx).

In this case, it may be simpler to sign the SP and grant CONTROL SERVER via the signature instead of via an impersonated context.

-- Removed the EXECUTE AS clause

--

CREATE FUNCTION check_acct.fn_allusers (@.test int)

RETURNS @.users table (username varchar(50), passwd varbinary(256))

BEGIN

INSERT @.users

select name, password_hash from sys.sql_logins

RETURN

END

GO

-- In order to see the password_hash, you require quite elevated privileges: CONTROL SERVER

-- I strongly recommend storing a backup of the signing private key in a safe place and then remove the copy from the database

--

CREATE CERTIFICATE [cert_fn_allusers] WITH

SUBJECT = 'Signing certificate for check_acct.fn_allusers'

go

ADD SIGNATURE TO [check_acct.fn_allusers] BY CERTIFICATE [cert_fn_allusers]

go

-- A copy of the certificate should be in master

--

CREATE LOGIN [cert_fn_allusers] FROM CERTIFICATE [cert_fn_allusers]

go

GRANT CONTROL SERVER TO [cert_fn_allusers]

go

As an additional suggestion I would recommend using the password hashes exclusively for porting/updating SQL Server accounts between multiple SQL Server instances.

I hope this information will be useful. Let us know if you have further questions or feedback.

-Raul Garcia

SDE/T

SQL Server Engine

|||

One thing that was brought to my attention is that I should have emphasized more is that potentially the usage of the passwords hash you mentioned on your problem description is dangerous.

The reason why only CONTROL SERVER permission giving access to the password hash is for protection against an attacker with lower privileges to obtain the password table and crack it offline. I strongly recommend allowing SQL Server itself verify the passwords of your users instead of doing this job on a separate code.

Additionally by allowing SQL Server to verify the password, you will be able to use the infrastructure to detect failed attempts (i.e. detect a brute force attack) and make use of the password policy functionality.

Thanks a lot,

-Raul Garcia

SDE/T

SQL Server Engine

Accessing One''s ReportServer Homepage from Other''s Machines

Hi,

My Reportserver Homepage is http://d620xp/Reports

Requirement is that Users should be able to view all the reports from this URL( from their Desktops)

What are the steps I need to do, to get this ?

Thanks in Advance,

Sundar

What happens when you enter http://d620xp/Reports in other machine's web browsers?

|||

Grant Privileges to the required users. After this when use opens this URL they should be able to see all the deployed reports...|||

Hi,

When Users type the ReportServer URL, they are seeing the Homepage but all the folders ( Datasources, Models and reports) are missing.

Is thr a way to enable Users to see all the Reports ?

Thanks,

Sundar

|||

Hi,

Thanks for your Reply.

How do I grant priviledges to Users ?

Should I do it through ReportManager Homepage or through IIS Site settings ?

Regards,

Sundar

|||You have to grant the correct permissions to the users. Right now, it appears that it is set to the most restrictive permissions.

|||

Sundar1234 wrote:

Hi,

Thanks for your Reply.

How do I grant priviledges to Users ?

Should I do it through ReportManager Homepage or through IIS Site settings ?

Regards,

Sundar

Through reportmanager. Click properties and add the proper role assignments.

|||

Greg,

Under Properties->Security, I have the following:

BUILTIN\Administrators

> Browser, Content Manager, My Reports, Publisher, Report Builder

D620xp\Guest Browser, Everyone

How do I proceed from here ?

Any help is appreciated !

Thanks,

Sundar

|||

Sundar1234 wrote:

Greg,

Under Properties->Security, I have the following:

BUILTIN\Administrators

> Browser, Content Manager, My Reports, Publisher, Report Builder

D620xp\Guest Browser, Everyone

How do I proceed from here ?

Any help is appreciated !

Thanks,

Sundar

Although I've never needed to do this, I would think that you would want D620xp\Guest to have access to My Reports, Report Builder, Browser, Everyone.

Possibly even Content Manager and Publisher if you trust them with that.

Right now your rights for the Guest account are too restrictive.