So I've been digging around trying to find an answer to this, but I think our scenario is slightly different from what I've been reading.
We have a SQL 2005 server sitting in domain globalspec.net. Services are started under a globalspec domain user service account.
Our AD 2008 R2 Servers are also sitting in globalspec.net
We have created a linked server for ADSI access using a forced security context of Globalspec\IntranetServices
When I log in to SQL Management Studio as a local user, I can run an openquery and everything works just fine.
However, when I log into SQL Management Studio as a user in the IHS domain and try to run an openquery, i get the following error:
Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADSDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7321, Level 16, State 2, Line 1
An error occurred while preparing the query "
where objectCategory = 'Person'
objectClass = 'user'
" for execution against OLE DB provider "ADSDSOObject" for linked server "ADSI".
To me, this makes no sense, since I'm forcing the LDAP lookup to use a globalspec domain account.
So I create a new ADSI2 linked server, but changed the security user to an IHS account. When I query this, I only get the Message 7321, Level 16, State 2, Line 1 as above.
I've gone to the globalspec.net domain and delegated read access to the IHS user, as well as the IHS service account. I have verified that both these accounts can read from the globalspec.net Active Directory.
Based on the error message, this issue can occur if IHS user doesn’t have permission to execute the command on the linked server. I suggest logging on the linked server with IHS user account directly, execute the commands and check whether we can get the
desired result. Additionally, we can map the current IHS user to another user on the linked server who has permission to execute the commands. For more detail information, you can refer to the following link: