MSSQLServerADHelper Service

The MSSQLServerADHelper service performs two functions:

• It adds and removes the objects used to register instances of Microsoft® SQL Server™ 2000 relational database engine or Analysis server in the Microsoft Windows® 2000 Active Directory™.
  
  
• It ensures that the Windows account under which a SQL Server service is running has permissions to update all of the Active Directory objects for the instance, as well as any replication publications and databases for that instance.

The service is dynamically started by an instance of SQL Server or the Analysis Manager when needed. The service is stopped as soon as it has completed its work.

Active Directory objects in a computer container can be created or removed only by programs that have been assigned either domain administration rights or that are running under the localsystem Windows account. Few sites run their SQL Server service under either of these types of accounts. A service application that does not perform network administration, such as SQL Server, is rarely granted full domain administration rights. The localsystem account cannot be given any privileges on remote computers; therefore, running SQL Server under this account would prevent much of the SQL Server distributed functionality from working. The MSSQLServerADHelper service is run under the localsystem account so that it can add and remove objects registering SQL Server entities in the Active Directory.

There is only one MSSQLServerADHelper service on a computer. The single service handles the Active Directory objects for all instances of the SQL Server relational database engine and all Analysis Manager applications running on the computer.

Registering SQL Server Analysis Servers

Analysis servers are registered from the Analysis Manager, which is a Microsoft Management Console (MMC) application. When users of Analysis Manager request that an Analysis server be registered in the Active Directory, the application dynamically starts the MSSQLServerADHelper service and requests that it create an MS-SQL-OLAPServer object in the Active Directory. The helper service is stopped after the object has been completed, and the Analysis Manager finishes filling in the information for the object. For more information, see Using Active Directory with Analysis Services.

Registering SQL Server Relational Components

All management of the registrations of instances of SQL Server, and the databases and replication publications in each instance, are made using system stored procedures on the instance of SQL Server. SQL Server Enterprise Manager calls the system stored procedures when users specify Active Directory actions in the user interface. The procedures used are:

• sp_ActiveDirectory_SCP. Manages the registration of an instance of the relational database engine.
  
  
• sp_addpublication, sp_addmergepublication, sp_changepublication, or sp_changemergepublication. Manage the registration of replication publications.
  
  
• sp_ActiveDirectory_Obj. Manages the registration of a database.

Each of these system stored procedures internally call an internal component that use the Active Directory Services Interface (ADSI) to manage the objects. When an MS-SQL-SQLServer object must be added or removed from the Active Directory, or permissions granted, the SQL Server ADSI component calls the MSSQLServerADHelper service to perform the task. The SQL Server service uses the SQL Server ADSI component to dynamically start the MSSQLServerADHelper service as needed.

The SQL Server service dynamically calls the MSSQLServerADHelper service at these times:

• When an MS-SQL-SQLServer object must be created in the Active Directory to register an instance of SQL Server, the SQL Server service calls MSSQLServerADHelper to create the object. MSSQLServerADHelper creates the object and gives update permissions to the Windows account under which the SQL Server service is running, and then MSSQLServerADHelper stops. The SQL Server service now has the permissions needed to maintain the object until it is removed. These permissions include creating MS-SQL-SQLPublication and MS-SQL-SQLDatabase objects as children of the MS-SQL-SQLServer object.
  
  
• If an administrator changes the Windows account under which the SQL Server service runs, the SQL Server service detects this the next time it attempts to update any information in objects that existed in the Active Directory before the account change. The SQL Server service automatically starts MSSQLServerADHelper. That service reassigns update permissions on the all the objects related to the current instance of SQL Server to the new Windows account.
  
  
• When a request is made to delete an MS-SQL-SQLServer object, the SQL Server ADSI component calls the MSSQLServerADHelper service to delete the object and any children that are still present.

The SQL Server service must be run under a Windows account that has permissions to start the MSSQLServerADHelper service. By default, members of the local Power Users and local Administrator's groups have this permission.