Synchronization of Windows Server 2008 Active Directory users from a SQL Server table

5 pts.
Active Directory
Active Directory Users
SQL Server
Windows Server 2008
I have a table in a SQL Server database than contains the data of all the users of my network. How can I create a procedure that will add-remove-modify users to the Windows Server 2008 using the data entered in that table?

Software/Hardware used:
Windows Server 2008 , MS sql server

Answer Wiki

Thanks. We'll let you know when a new response is added.

Your answer is in this MS tech article.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Juano
    Well, there is more than one way of skinning this cat. The potential approach will be based on your budget, your environment. Let me elaborate. If you have a large environment 30-40,000+ users, you will better server with a synchronization tool like ILM/FIM (newer name for MIIS) for your solution. These solutions are very powerful, can be complex and are relatively expensive. These tools engage with the Active Directory DirSync Control (API that allow the agent to communicate with a domain controller like if it is another domain controller) facilitating synchronization of attribute level changes as they occurs the environment. Another way is using LDIF to update active directory, however since your application is not interfacing with DirSync Control, your process would have to consume the complete object coming from AD. You could develop a process that call LDIFDE and extract all users and object including the subset of attributes you need to synchronize and import them to SQL. Then when changes in SQL are needed to be sent to AD you could develop a procedure to export your changes in an LDIF format ready for consumption by AD. Then call LDIFDE.exe to import the new objects, delete or process changes to AD. You will be able to generate deltas from SQL to AD, but would have to consume a full export from AD to be imported to SQL. As an experienced ILM consultant, I like to point out that although the process is crude, it works, is easily supportable and I have done it before. Although I was not provisioning objects to AD the process is the same. I was updating once a day all the user personal information that was being updated from a web application into an SQL DB. I was running a process updating 80,000 users daily and it took about 2.5 hours to complete. I hope this helps.
    135 pointsBadges:
  • Chippy088
    Could you not just update the sql db from AD daily, or when necessary. Seems like a lot of effort to keep a copy of the user list up-to-date.
    4,625 pointsBadges:
  • Brijesh

    For getting Active Directory users from a SQL Server table you can also setup Lightweight Directory Services which is used to be ADAM and then to replicate the AD schema and objects into an external LDAP DB which the users can query and get the information which allows you to be specific about what you can expose externally by only synchronizing objects that you want to publish and not exposing other AD objects.

    Hope this helps.
    14,450 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: