Transcript to it.
Querying Active
Directory From SSRS
To Customize The User Experience And Secure Reports
Introduction
Wes Springob
(No relation to Mr. Squarepants)
Senior Business Intelligence Developer at American Express
Co-Leader of the PASS Business Intelligence Virtual Chapter (bi.sqlpass.org)
Originally from Pittsburgh, now New Port Richey
Wife Ashley, Portrait Photographer
http://SQLWes.com
http://twitter.com/SQLWes
http://LinkedIn.com/in/SQLWes
Disclosure:
Extensive use of SSRS
Proficient T-SQL Developer
LDAP novice
0 AD administration experience
Recently exploring reporting of data sources that aren’t SQL Server
Have been wanting to work with AD Data in SSRS for years, but only recently have had the opportunity.
The names have been changed to protect the innocent = No live demo of Active Directory
Use Case
Why would you need to secure a report with AD? Doesn’t the Report Server do that
for you?
Short answer, yes it does:
We can do more
System of record
Many database systems store a user’s Active Directory ID. But they also store a lot
more, unfortunately, to “support” the application. Where in most cases, we should be
going back to query AD to ensure we are using the most current values.
Tools
A SQL Server with SSRS installed
Management Studio
Visual Studio, BIDS or Report Builder to create RDL’s
Active Directory Explorer
1. Aids in writing LDAP queries
2. Free tool, downloadable from Technet
3. Any domain account typically has sufficient, Read Only, rights to query AD
Approaches
Linked Servers / T-SQL
CLR / System.DirectoryServices Namespace
Custom Code in the RDL / System.DirectoryServices Namespace
Query AD Directly as a Data source From within the RDL / T-SQL
What is LDAP?
Lightweight Directory Access Protocol
“is an open, vendor-neutral, industry standard application protocol for accessing and maintaining
distributed directory information services over an Internet Protocol (IP) network.” -- Wikipedia
Used to query or filter Active Directory from T-SQL or .Net code.
Neither AD or LDAP are RDBMS
AD is Optimized for fast reads
Active Directory
Explorer
Definitions:
dn = Distinguished Name
dc = domain component
ou = organizational unit
cn = common name
sn = surname (last name)
givenName = (First Name)
Linked Servers
OpenQuery
Creating the report
Creating the AD data source
Creating the dataset
Creating the Query Expression
Preview
Solving the Use Case
Queries?
Additional LDAP Queries
Resources:
Active Directory Explorer Download:
http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx
This Slide Deck:
http://SQLWes.com