0

We have a Azure environment and a SQL MI instance (with SSMS) and a Azure AD (EntraID) that is handled by the security team at our company.

Today we are reading Active Directory data via SQL Server 2019 in Stored Procedure using "SELECT * FROM ''LDAP://<YourDomain>/DC=<YourDC>,DC=<YourDC>''"

It a pretty straight forward and simple task to do with an on-prem AD/SQL Server.

But how would we do it with Entra ID? Is it a possibility? Is there a feature or an add-on that can be installed within Database Engine (SSMS) or something?

I would like to do it via Stored Procedures in SSMS

Improve this question
6
  • FYI, SSMS isn't the data engine, it's an IDE (like) application. Calling SSMS a database engine is like calling Visual Studio a programming language.
    – Thom A
    Commented Apr 7 at 11:40
  • Why did you get stuck on SSMS? I just said that I use SSMS to access the SQL MI instance and not another GUI tool. Now that we've sorted that out, do you have an answer to the question?
    – Nils
    Commented Apr 7 at 11:49
  • 1
    Possibly relevant learn.microsoft.com/en-us/entra/identity/domain-services/…
    – Charlieface
    Commented Apr 7 at 11:52
  • @Nils the comment is there it educate you, as you state "can be installed withing DatabaseEngie [sic] (SSMS) or something?" SSMS is not the database engine. Thinking SSMS is the data engine can lead to misunderstandings.
    – Thom A
    Commented Apr 7 at 11:54
  • English is not my first language, and as I said in my comment above "I use SSMS to access the SQL MI instance and not another GUI tool". once again: - Now that we have resolved it, do you have any answer to the question?
    – Nils
    Commented Apr 7 at 12:04

1 Answer 1

Reset to default
0

To query Microsoft Entra ID from within SQL Server using T-SQL, you will need to integrate with Entra authentication and rely on external queries through linked servers or APIs, as direct LDAP access is not supported.

You can use make use of Microsoft Graph API to fetch users to list users in the tenant.

Below is the command:

GET https://graph.microsoft.com/v1.0/users?$filter=companyName in ('CompanyName')&$select=givenName,surname,officeLocation,employeeId&$count=true
ConsistencyLevel: Eventual

As you mentioned in the below query you are trying get the domain details

"SELECT * FROM ''LDAP://<YourDomain>/DC=<YourDC>,DC=<YourDC>''"

You can try Using powershell:

Import-Module Microsoft.Graph.Identity.DirectoryManagement
Get-MgDomain
Connect-MgGraph -Scopes "Domain.Read.All"

Results:

enter image description here

Reference: Get a user Get domain\username from microsoft graph Microsoft Graph API: get user organization

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.