SQL Linked Server Query for AD Returns Msg 7321

4
votes

So I have a SQL query that pulls data from our Active Directory without any issues (slimmed way down for posting purposes):

SELECT TOP 901 * 
FROM OpenQuery(ADSI, 'SELECT title, displayName, sAMAccountName, givenName, sn 
               FROM ''LDAP://DC=[STUFF],DC=[MOAR STUFF],DC=com'' 
               where objectCategory = ''Person'' AND objectClass = ''User''')

This pulls records as expected. I need to pull records from other domains where we have a trust, so I should only need to change the LDAP string. But doing so just returns a generic

"An error occurred while preparing the query...for execution against OLE DB provider "ADSDSOObject" for linked server "ADSI"**" (Msg 7321, Level 16, State 2).

I say generic, because I can type just about anything into that SELECT statement (to mess it up), and I'll get the same message.

I've tried with and without the FQDN in the string. I've confirmed the login being used with the linked server has read access. Any ideas?

Thanks in advance!

-Karl

1
sqlsql-serveractive-directoryadsi

1 Answers

1
votes

So it appears this "Cross Forest SQL Query" doesn't handle external accounts too well - even if the account is granted Domain Admin. The solution was to get a local account on the trusted domain. Using that local account with the linked server did the trick. In my case, I'm using a separate linked server for each domain. I reckon there would be a more elegant solution, but it hasn't occurred to me yet.