Using Active Directory to connect to a database.

Yes, assuming you are using windows for your web server.  And I'll assume server 2003 since your using IIS6.

You ColdFusion service needs to run as the domain user/password.

So, start menu -> run -> services.msc

Open the advance properties of the cold fusion service and set the user as domain\user and the password for the user.

The sql server will then need to allow this user the appropriate access, your DBA should be able to add this without issue.

Then your DSN is setup WITHOUT a user or password.  The credentials will be what the service is running under.

To take this to the next level, with windows 2008 server you can run the CF service as the "Network Service" user of the local machine. That account is actually domain\computername$ on the AD domain.  Then the sql server would need only need permissions for domain\computername$ and there is no need for a password.  When setting the service user/pass using services.msc you can specify "1"  as the password  and "Network Service" as the suer and things should start up OK.  (You'll need to add the "Network Service" permissions to the CF folder though). I don't think there are any security implications with this, but we have all our app servers firewalled, so it's not a huge concern for us, so that might take a little more investigation.  Plus we don't actually do this in production, we just tried it out in our lab.

Byron Mann

mannb@hostmysite.com

byronosity@gmail.com

Software Architect

hosting.com | hostmysite.com

http://www.hostmysite.com/?utm_source=bb