Querying Active Directory From SSRS To Customize The User
Experience And Secure Reports
Slide 2
Introduction Wes Springob (No relation to Mr. Squarepants) BI
Consultant at New York Life Originally from Pittsburgh, now New
Port Richey Wife Ashley, Portrait Photographer http://SQLWes.com
http://twitter.com/SQLWes http://LinkedIn.com/in/SQLWes
Slide 3
Disclosure: Extensive use of SSRS Proficient T-SQL Developer
LDAP novice 0 AD administration experience Recently exploring
reporting of data sources that arent SQL Server Have been wanting
to work with AD Data in SSRS for years, but only recently have had
the opportunity. The names have been changed to protect the
innocent = No live demo of Active Directory
Slide 4
Use Case Why would you need to secure a report with AD? Doesnt
the Report Server do that for you? Short answer, yes it does:
Slide 5
We can do more
Slide 6
System of record Many database systems store a users Active
Directory ID. But they also store a lot more, unfortunately, to
support the application. Where in most cases, we should be going
back to query AD to ensure we are using the most current
values.
Slide 7
Tools A SQL Server with SSRS installed Management Studio Visual
Studio, BIDS or Report Builder to create RDLs Active Directory
Explorer 1.Aids in writing LDAP queries 2.Free tool, downloadable
from Technet 3.Any domain account typically has sufficient, Read
Only, rights to query AD
Slide 8
Approaches Linked Servers / T-SQL CLR /
System.DirectoryServices Namespace Custom Code in the RDL /
System.DirectoryServices Namespace Query AD Directly as a Data
source From within the RDL / T-SQL
Slide 9
What is LDAP? Lightweight Directory Access Protocol is an open,
vendor-neutral, industry standard application protocol for
accessing and maintaining distributed directory information
services over an Internet Protocol (IP) network. - - Wikipedia Used
to query or filter Active Directory from T-SQL or.Net code. Neither
AD or LDAP are RDBMS AD is Optimized for fast reads
Slide 10
Active Directory Explorer Definitions: dn = Distinguished Name
dc = domain component ou = organizational unit cn = common name sn
= surname (last name) givenName = (First Name)
Slide 11
Linked Servers
Slide 12
OpenQuery
Slide 13
Creating the report
Slide 14
Creating the AD data source
Slide 15
Creating the dataset
Slide 16
Creating the Query Expression
Slide 17
Preview
Slide 18
Solving the Use Case
Slide 19
Queries?
Slide 20
Additional LDAP Queries
Slide 21
Resources: Active Directory Explorer Download:
http://technet.microsoft.com/en-us/sysinternals/bb963907.aspx This
Slide Deck: http://SQLWes.com