none
Cross domain ADSI Linked Server Queries Failing

    Question

  • So I've been digging around trying to find an answer to this, but I think our scenario is slightly different from what I've been reading.

    We have a SQL 2005 server sitting in domain globalspec.net.  Services are started under a globalspec domain user service account.
    Our AD 2008 R2 Servers are also sitting in globalspec.net

    We have created a linked server for ADSI access using a forced security context of Globalspec\IntranetServices

    When I log in to SQL Management Studio as a local user, I can run an openquery and everything works just fine.

    However, when I log into SQL Management Studio as a user in the IHS domain and try to run an openquery, i get the following error:

    Msg 7399, Level 16, State 1, Line 1
    The OLE DB provider "ADSDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
    Msg 7321, Level 16, State 2, Line 1
    An error occurred while preparing the query "
    select  givenName,
    				sn,
    				sAMAccountName,
    				displayName,
    				mail,
    				telephoneNumber,
    				mobile,
    				physicalDeliveryOfficeName,
    				department,
    				division
    from    'LDAP://dc=globalspec,dc=net'
    where   objectCategory = 'Person'
            and
            objectClass = 'user'
    " for execution against OLE DB provider "ADSDSOObject" for linked server "ADSI". 

    To me, this makes no sense, since I'm forcing the LDAP lookup to use a globalspec domain account.

    So I create a new ADSI2 linked server, but changed the security user to an IHS account.  When I query this, I only get the Message 7321, Level 16, State 2, Line 1 as above.

    I've gone to the globalspec.net domain and delegated read access to the IHS user, as well as the IHS service account.  I have verified that both these accounts can read from the globalspec.net Active Directory.

    Any help is greatly appreciated!

    Max

    Thursday, August 01, 2013 8:57 PM

Answers