SQL链接服务器查询AD的返回消息7321 [英] SQL Linked Server Query for AD Returns Msg 7321
问题描述
所以,我必须从我们的Active Directory中提取数据,没有任何问题(瘦身一路下跌张贴目的)的SQL查询:
So I have a SQL query that pulls data from our Active Directory without any issues (slimmed way down for posting purposes):
SELECT TOP 901 *
FROM OpenQuery(ADSI, 'SELECT title, displayName, sAMAccountName, givenName, sn
FROM ''LDAP://DC=[STUFF],DC=[MOAR STUFF],DC=com''
where objectCategory = ''Person'' AND objectClass = ''User''')
这拉的记录如预期。我需要从其他领域,我们有一个信任拉记录,所以我的应的只需要更改LDAP字符串。但这样做只会返回一个通用
This pulls records as expected. I need to pull records from other domains where we have a trust, so I should only need to change the LDAP string. But doing so just returns a generic
,而preparing查询......执行对OLE DB提供程序时出现错误。
"An error occurred while preparing the query...for execution against OLE DB provider "ADSDSOObject" for linked server "ADSI"**" (Msg 7321, Level 16, State 2).
我说一般,因为我可以输入任何东西到该SELECT语句(以搞砸了),我会得到相同的消息。
I say generic, because I can type just about anything into that SELECT statement (to mess it up), and I'll get the same message.
我试过有和没有的FQDN的字符串研究。我已经被证实与链接服务器使用的登录具有读取访问权限。任何想法?
I've tried with and without the FQDN in the string. I've confirmed the login being used with the linked server has read access. Any ideas?
在此先感谢!
-Karl
推荐答案
所以,看来这跨林SQL查询不处理外部账户太好了 - 即使该帐户被授予域管理员。解决的办法是让在受信任域的本地帐户。使用本地帐户链接服务器并获得成功。就我而言,我使用一个单独的链接服务器的各个领域。我估计会有一个更好的解决方案,但它并没有发生在我呢。
So it appears this "Cross Forest SQL Query" doesn't handle external accounts too well - even if the account is granted Domain Admin. The solution was to get a local account on the trusted domain. Using that local account with the linked server did the trick. In my case, I'm using a separate linked server for each domain. I reckon there would be a more elegant solution, but it hasn't occurred to me yet.
这篇关于SQL链接服务器查询AD的返回消息7321的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!