CREATE ASSEMBLY System.DirectoryServices.AccountManagement.dll without enabling TRUSTWORTHYCREATE DATABASE...

What's a good word to describe a public place that looks like it wouldn't be rough?

CREATE ASSEMBLY System.DirectoryServices.AccountManagement.dll without enabling TRUSTWORTHY

Citing paywalled articles accessed via illegal web sharing

Incorporating research and background: How much is too much?

Can a person refuse a presidential pardon?

A starship is travelling at 0.9c and collides with a small rock. Will it leave a clean hole through, or will more happen?

How should I handle players who ignore the session zero agreement?

How to prevent cleaner from hanging my lock screen in Ubuntu 16.04

One Half of Ten; A Riddle

How can I deliver in-universe written lore to players without it being dry exposition?

Why would space fleets be aligned?

Advice for a new journal editor

Brexit and landing cards

Why did the villain in the first Men in Black movie care about Earth's Cockroaches?

How do you funnel food off a cutting board?

Simple text-based tic-tac-toe

It took me a lot of time to make this, pls like. (YouTube Comments #1)

Can placing a counter on a creature after it has been assigned as an attacker remove it from combat

If I delete my router's history can my ISP still provide it to my parents?

What is causing the chain skip after chain replacement?

How can animals be objects of ethics without being subjects as well?

Which one of these password policies is more secure?

Why would the Pakistan airspace closure cancel flights not headed to Pakistan itself?

Roman Numerals equation 1



CREATE ASSEMBLY System.DirectoryServices.AccountManagement.dll without enabling TRUSTWORTHY


CREATE DATABASE Permission denied in database 'master' errorWhat could trigger that a login created from a certificate is not visible in metadataOracle GoldenGate add trandata errorsGrant Admin to an Active Directory account in SQL Server.NET SQLCLR Assembly not working in SQL Server 2016 (Error msg 10314)Assembly is not authorized for PERMISSION_SET=UNSAFE when creating a CLR assemblyUPDATE STATISTICS and User-Defined Types (UDT) from AssembliesRestore SQL Server DB encrypted by EKM - where's the asymmetric key?Assembly deployment with permission UNSAFE or EXTERNAL_ACCESS using asymmetric keyError publishing SQLCLR C# Function using Visual Studio 2017













2















First, this is for SQL Server 2016. If I was on 2017+, I would be using sp_add_trusted_assembly. Just wanted to clarify that before asking the question.



How do you register the assembly System.DirectoryServices.AccountManagement.dll without using TRUSTWORTHY ON? I cannot get it to work using an asymmetric key generated off of System.DirectoryServices.dll. The AccountManagement dll is signed differently than System.DirectoryServices.dll.



I've even tried creating a separate asymmetric key off of System.DirectoryServices.AccountManagement.dll but that results in:




Msg 15468, Level 16, State 7, Line XXXXX

An error occurred during the generation of the asymmetric key.




Here is a test script I have written to try to create this assembly.



USE master

IF DB_ID('CLR_Test') IS NULL BEGIN
CREATE DATABASE CLR_Test
END
GO

USE [CLR_Test]
GO

EXEC sp_configure @configname=clr_enabled, @configvalue=1
GO
RECONFIGURE
GO

/*************************************************************************************/
-- DROP OBJECTS IF FOUND FIRST
/*************************************************************************************/

-- DROP System.DirectoryServices.AccountManagement
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
END

-- DROP System.DirectoryServices.Protocols
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
DROP ASSEMBLY [System.DirectoryServices.Protocols]
END

-- DROP System.DirectoryServices
IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
DROP ASSEMBLY [System.DirectoryServices]
END
GO
IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
BEGIN
RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
DROP USER [MSFT_CLR_Login]
END
GO
USE [master]
GO
IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
BEGIN
RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
DROP LOGIN [MSFT_CLR_Login]
END
GO
IF (EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
BEGIN
--DROP ASYMMETRIC KEY [ClrKey]
RAISERROR( 'DROP ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
DROP ASYMMETRIC KEY [MSFT_CLR_Key]
END
GO

/*************************************************************************************/
-- CREATE THE OBJECTS
/*************************************************************************************/
USE [master]
GO
IF (NOT EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
BEGIN
--DROP ASYMMETRIC KEY [ClrKey]
RAISERROR( 'CREATE ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
CREATE ASYMMETRIC KEY [MSFT_CLR_Key]
FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
END
GO
IF (NOT EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
BEGIN
RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
CREATE LOGIN [MSFT_CLR_Login] FROM ASYMMETRIC KEY [MSFT_CLR_Key]
END
GO

RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
GO
RAISERROR( 'GRANT EXTERNAL ASSEMBLY', 0, 1) WITH NOWAIT
GRANT EXTERNAL ACCESS ASSEMBLY TO [MSFT_CLR_Login]
GO

USE CLR_Test
GO

IF NOT EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
BEGIN
RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]
END
GO

/*************************************************************************************/
-- CREATE THE CLR OBJECTS
/*************************************************************************************/

USE CLR_Test
GO

/****************************************************************************/
-- [System.DirectoryServices]
/****************************************************************************/
CREATE ASSEMBLY [System.DirectoryServices]
FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
WITH PERMISSION_SET = UNSAFE

/****************************************************************************/
-- [System.DirectoryServices.Protocols]
/****************************************************************************/
CREATE ASSEMBLY [System.DirectoryServices.Protocols]
FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
WITH PERMISSION_SET = UNSAFE

/****************************************************************************/
-- [System.DirectoryServices.AccountManagement]
/****************************************************************************/
CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
WITH PERMISSION_SET = UNSAFE



/*
-- NOR CAN YOU CREATE AN ASSYMETRIC KEY OFF System.DirectoryServices.AccountManagement.dll

CREATE ASYMMETRIC KEY [MSFT_SDA_CLR_Key]
FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'

-- results in:
-- Msg 15468, Level 16, State 7, Line 130
-- An error occurred during the generation of the asymmetric key.
*/









share|improve this question





























    2















    First, this is for SQL Server 2016. If I was on 2017+, I would be using sp_add_trusted_assembly. Just wanted to clarify that before asking the question.



    How do you register the assembly System.DirectoryServices.AccountManagement.dll without using TRUSTWORTHY ON? I cannot get it to work using an asymmetric key generated off of System.DirectoryServices.dll. The AccountManagement dll is signed differently than System.DirectoryServices.dll.



    I've even tried creating a separate asymmetric key off of System.DirectoryServices.AccountManagement.dll but that results in:




    Msg 15468, Level 16, State 7, Line XXXXX

    An error occurred during the generation of the asymmetric key.




    Here is a test script I have written to try to create this assembly.



    USE master

    IF DB_ID('CLR_Test') IS NULL BEGIN
    CREATE DATABASE CLR_Test
    END
    GO

    USE [CLR_Test]
    GO

    EXEC sp_configure @configname=clr_enabled, @configvalue=1
    GO
    RECONFIGURE
    GO

    /*************************************************************************************/
    -- DROP OBJECTS IF FOUND FIRST
    /*************************************************************************************/

    -- DROP System.DirectoryServices.AccountManagement
    IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
    RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
    DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
    END

    -- DROP System.DirectoryServices.Protocols
    IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
    RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
    DROP ASSEMBLY [System.DirectoryServices.Protocols]
    END

    -- DROP System.DirectoryServices
    IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
    RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
    DROP ASSEMBLY [System.DirectoryServices]
    END
    GO
    IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
    BEGIN
    RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
    DROP USER [MSFT_CLR_Login]
    END
    GO
    USE [master]
    GO
    IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
    BEGIN
    RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
    DROP LOGIN [MSFT_CLR_Login]
    END
    GO
    IF (EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
    BEGIN
    --DROP ASYMMETRIC KEY [ClrKey]
    RAISERROR( 'DROP ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
    DROP ASYMMETRIC KEY [MSFT_CLR_Key]
    END
    GO

    /*************************************************************************************/
    -- CREATE THE OBJECTS
    /*************************************************************************************/
    USE [master]
    GO
    IF (NOT EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
    BEGIN
    --DROP ASYMMETRIC KEY [ClrKey]
    RAISERROR( 'CREATE ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
    CREATE ASYMMETRIC KEY [MSFT_CLR_Key]
    FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
    END
    GO
    IF (NOT EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
    BEGIN
    RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
    CREATE LOGIN [MSFT_CLR_Login] FROM ASYMMETRIC KEY [MSFT_CLR_Key]
    END
    GO

    RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
    GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
    GO
    RAISERROR( 'GRANT EXTERNAL ASSEMBLY', 0, 1) WITH NOWAIT
    GRANT EXTERNAL ACCESS ASSEMBLY TO [MSFT_CLR_Login]
    GO

    USE CLR_Test
    GO

    IF NOT EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
    BEGIN
    RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
    CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]
    END
    GO

    /*************************************************************************************/
    -- CREATE THE CLR OBJECTS
    /*************************************************************************************/

    USE CLR_Test
    GO

    /****************************************************************************/
    -- [System.DirectoryServices]
    /****************************************************************************/
    CREATE ASSEMBLY [System.DirectoryServices]
    FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
    WITH PERMISSION_SET = UNSAFE

    /****************************************************************************/
    -- [System.DirectoryServices.Protocols]
    /****************************************************************************/
    CREATE ASSEMBLY [System.DirectoryServices.Protocols]
    FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
    WITH PERMISSION_SET = UNSAFE

    /****************************************************************************/
    -- [System.DirectoryServices.AccountManagement]
    /****************************************************************************/
    CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
    FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
    WITH PERMISSION_SET = UNSAFE



    /*
    -- NOR CAN YOU CREATE AN ASSYMETRIC KEY OFF System.DirectoryServices.AccountManagement.dll

    CREATE ASYMMETRIC KEY [MSFT_SDA_CLR_Key]
    FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'

    -- results in:
    -- Msg 15468, Level 16, State 7, Line 130
    -- An error occurred during the generation of the asymmetric key.
    */









    share|improve this question



























      2












      2








      2








      First, this is for SQL Server 2016. If I was on 2017+, I would be using sp_add_trusted_assembly. Just wanted to clarify that before asking the question.



      How do you register the assembly System.DirectoryServices.AccountManagement.dll without using TRUSTWORTHY ON? I cannot get it to work using an asymmetric key generated off of System.DirectoryServices.dll. The AccountManagement dll is signed differently than System.DirectoryServices.dll.



      I've even tried creating a separate asymmetric key off of System.DirectoryServices.AccountManagement.dll but that results in:




      Msg 15468, Level 16, State 7, Line XXXXX

      An error occurred during the generation of the asymmetric key.




      Here is a test script I have written to try to create this assembly.



      USE master

      IF DB_ID('CLR_Test') IS NULL BEGIN
      CREATE DATABASE CLR_Test
      END
      GO

      USE [CLR_Test]
      GO

      EXEC sp_configure @configname=clr_enabled, @configvalue=1
      GO
      RECONFIGURE
      GO

      /*************************************************************************************/
      -- DROP OBJECTS IF FOUND FIRST
      /*************************************************************************************/

      -- DROP System.DirectoryServices.AccountManagement
      IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
      RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
      DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
      END

      -- DROP System.DirectoryServices.Protocols
      IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
      RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
      DROP ASSEMBLY [System.DirectoryServices.Protocols]
      END

      -- DROP System.DirectoryServices
      IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
      RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
      DROP ASSEMBLY [System.DirectoryServices]
      END
      GO
      IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
      BEGIN
      RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      DROP USER [MSFT_CLR_Login]
      END
      GO
      USE [master]
      GO
      IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
      BEGIN
      RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      DROP LOGIN [MSFT_CLR_Login]
      END
      GO
      IF (EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
      BEGIN
      --DROP ASYMMETRIC KEY [ClrKey]
      RAISERROR( 'DROP ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
      DROP ASYMMETRIC KEY [MSFT_CLR_Key]
      END
      GO

      /*************************************************************************************/
      -- CREATE THE OBJECTS
      /*************************************************************************************/
      USE [master]
      GO
      IF (NOT EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
      BEGIN
      --DROP ASYMMETRIC KEY [ClrKey]
      RAISERROR( 'CREATE ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
      CREATE ASYMMETRIC KEY [MSFT_CLR_Key]
      FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
      END
      GO
      IF (NOT EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
      BEGIN
      RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      CREATE LOGIN [MSFT_CLR_Login] FROM ASYMMETRIC KEY [MSFT_CLR_Key]
      END
      GO

      RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
      GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
      GO
      RAISERROR( 'GRANT EXTERNAL ASSEMBLY', 0, 1) WITH NOWAIT
      GRANT EXTERNAL ACCESS ASSEMBLY TO [MSFT_CLR_Login]
      GO

      USE CLR_Test
      GO

      IF NOT EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
      BEGIN
      RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]
      END
      GO

      /*************************************************************************************/
      -- CREATE THE CLR OBJECTS
      /*************************************************************************************/

      USE CLR_Test
      GO

      /****************************************************************************/
      -- [System.DirectoryServices]
      /****************************************************************************/
      CREATE ASSEMBLY [System.DirectoryServices]
      FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
      WITH PERMISSION_SET = UNSAFE

      /****************************************************************************/
      -- [System.DirectoryServices.Protocols]
      /****************************************************************************/
      CREATE ASSEMBLY [System.DirectoryServices.Protocols]
      FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
      WITH PERMISSION_SET = UNSAFE

      /****************************************************************************/
      -- [System.DirectoryServices.AccountManagement]
      /****************************************************************************/
      CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
      FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
      WITH PERMISSION_SET = UNSAFE



      /*
      -- NOR CAN YOU CREATE AN ASSYMETRIC KEY OFF System.DirectoryServices.AccountManagement.dll

      CREATE ASYMMETRIC KEY [MSFT_SDA_CLR_Key]
      FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'

      -- results in:
      -- Msg 15468, Level 16, State 7, Line 130
      -- An error occurred during the generation of the asymmetric key.
      */









      share|improve this question
















      First, this is for SQL Server 2016. If I was on 2017+, I would be using sp_add_trusted_assembly. Just wanted to clarify that before asking the question.



      How do you register the assembly System.DirectoryServices.AccountManagement.dll without using TRUSTWORTHY ON? I cannot get it to work using an asymmetric key generated off of System.DirectoryServices.dll. The AccountManagement dll is signed differently than System.DirectoryServices.dll.



      I've even tried creating a separate asymmetric key off of System.DirectoryServices.AccountManagement.dll but that results in:




      Msg 15468, Level 16, State 7, Line XXXXX

      An error occurred during the generation of the asymmetric key.




      Here is a test script I have written to try to create this assembly.



      USE master

      IF DB_ID('CLR_Test') IS NULL BEGIN
      CREATE DATABASE CLR_Test
      END
      GO

      USE [CLR_Test]
      GO

      EXEC sp_configure @configname=clr_enabled, @configvalue=1
      GO
      RECONFIGURE
      GO

      /*************************************************************************************/
      -- DROP OBJECTS IF FOUND FIRST
      /*************************************************************************************/

      -- DROP System.DirectoryServices.AccountManagement
      IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
      RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
      DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
      END

      -- DROP System.DirectoryServices.Protocols
      IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
      RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
      DROP ASSEMBLY [System.DirectoryServices.Protocols]
      END

      -- DROP System.DirectoryServices
      IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
      RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
      DROP ASSEMBLY [System.DirectoryServices]
      END
      GO
      IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
      BEGIN
      RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      DROP USER [MSFT_CLR_Login]
      END
      GO
      USE [master]
      GO
      IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
      BEGIN
      RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      DROP LOGIN [MSFT_CLR_Login]
      END
      GO
      IF (EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
      BEGIN
      --DROP ASYMMETRIC KEY [ClrKey]
      RAISERROR( 'DROP ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
      DROP ASYMMETRIC KEY [MSFT_CLR_Key]
      END
      GO

      /*************************************************************************************/
      -- CREATE THE OBJECTS
      /*************************************************************************************/
      USE [master]
      GO
      IF (NOT EXISTS(SELECT 1 FROM master.sys.asymmetric_keys WHERE name = 'MSFT_CLR_Key'))
      BEGIN
      --DROP ASYMMETRIC KEY [ClrKey]
      RAISERROR( 'CREATE ASYMMETRIC KEY [MSFT_CLR_Key]', 0, 1) WITH NOWAIT
      CREATE ASYMMETRIC KEY [MSFT_CLR_Key]
      FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
      END
      GO
      IF (NOT EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
      BEGIN
      RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      CREATE LOGIN [MSFT_CLR_Login] FROM ASYMMETRIC KEY [MSFT_CLR_Key]
      END
      GO

      RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
      GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
      GO
      RAISERROR( 'GRANT EXTERNAL ASSEMBLY', 0, 1) WITH NOWAIT
      GRANT EXTERNAL ACCESS ASSEMBLY TO [MSFT_CLR_Login]
      GO

      USE CLR_Test
      GO

      IF NOT EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
      BEGIN
      RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
      CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]
      END
      GO

      /*************************************************************************************/
      -- CREATE THE CLR OBJECTS
      /*************************************************************************************/

      USE CLR_Test
      GO

      /****************************************************************************/
      -- [System.DirectoryServices]
      /****************************************************************************/
      CREATE ASSEMBLY [System.DirectoryServices]
      FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
      WITH PERMISSION_SET = UNSAFE

      /****************************************************************************/
      -- [System.DirectoryServices.Protocols]
      /****************************************************************************/
      CREATE ASSEMBLY [System.DirectoryServices.Protocols]
      FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
      WITH PERMISSION_SET = UNSAFE

      /****************************************************************************/
      -- [System.DirectoryServices.AccountManagement]
      /****************************************************************************/
      CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
      FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
      WITH PERMISSION_SET = UNSAFE



      /*
      -- NOR CAN YOU CREATE AN ASSYMETRIC KEY OFF System.DirectoryServices.AccountManagement.dll

      CREATE ASYMMETRIC KEY [MSFT_SDA_CLR_Key]
      FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'

      -- results in:
      -- Msg 15468, Level 16, State 7, Line 130
      -- An error occurred during the generation of the asymmetric key.
      */






      sql-server sql-server-2016 security active-directory sql-clr






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 1 hour ago









      Solomon Rutzky

      48.7k581177




      48.7k581177










      asked 1 hour ago









      SpaceGhost440SpaceGhost440

      8317




      8317






















          2 Answers
          2






          active

          oldest

          votes


















          3














          No, an Asymmetric Key won't work, most likely because strong-naming assemblies changed in .NET 4.5 or somewhere around there, to now be Enhanced Strong Naming, which is not supported by SQL Server's CLR host (not without resigning it, which won't work here).



          The key is to use Certificates. Create a Certificate in master from the DLL, then create the Login from that Certificate, and finally grant the UNSAFE ASSEMBLY permission to that Login.



          It should be that simple (assuming, of course, that the DLL is pure-MSIL and not mixed, because only pure-MSIL assemblies can be loaded into SQL Server).



          Also:




          1. You shouldn't have to add / drop more than the main assembly, assuming that they are referenced by the main one. When adding assemblies via DLL (as opposed to a hex bytes / VARBINARY literal), SQL Server will grab any referenced assemblies that are in the same folder. It will set all of those auto-added assemblies to "visible = 0". Assemblies that are set to "visible = 0" that are referenced by a main assembly are automatically dropped if the main assembly is dropped.

          2. You don't need to grant both UNSAFE ASSEMBLY and EXTERNAL ACCESS ASSEMBLY permissions to the signature-based login. The UNSAFE ASSEMBLY permission assumes the EXTERNAL ACCESS ASSEMBLY permission such that you can set assemblies to either PERMISSION_SET if you have the UNSAFE ASSEMBLY permission.

          3. If using SQL Server 2017 or newer, there is no need to use the "trusted assemblies" feature. Please see my post here as to why and what should be done instead: SQLCLR vs. SQL Server 2017, Part 1: "CLR strict security" - The Problem. Of course, in this particular case it is a moot point since the proper approach is using the Certificate method as described above.




          Please note that in other answers to similar questions, whether answered by myself or others, the answer was always that TRUSTWORTHY had to be enabled. This was due to misinformation provided by the Microsoft documentation that I did not realize until more recently. I am working on correcting both my previous answers and that documentation.






          share|improve this answer


























          • Solomon is there a post you know of demonstrating the certificate method?

            – SpaceGhost440
            31 mins ago











          • @SpaceGhost440 I am working on that post now ;-)

            – Solomon Rutzky
            20 mins ago











          • Actually I spoke too soon, the System.DirectoryServices.AccountManagement assembly does not show up in sql server. Do I need to use two certs? One for System.DirectoryServices and another for System.DirectoryServices.AccountManagement?

            – SpaceGhost440
            17 mins ago











          • Can you try my script below to see if I made any mistakes? tried adding both dlls as certs and that does not work. It says the certificate is already added. Then I tried just using the AccountManagement dll for the certificate and that does not work either.

            – SpaceGhost440
            9 mins ago








          • 1





            NVM Solomon, my eyes deceived me. It is indeed there. You were spot on. PEBCAK error. :D

            – SpaceGhost440
            6 mins ago





















          1














          This answer is based upon Solomons suggestion above. The credit is all his. I rewrote my script as he suggested and it now works!!! TY SOLOMON! I am merely posting it as an example for others who come after me.



          USE master

          IF DB_ID('CLR_Test') IS NULL BEGIN
          CREATE DATABASE CLR_Test
          END
          GO

          USE [CLR_Test]
          GO

          EXEC sp_configure @configname=clr_enabled, @configvalue=1
          GO
          RECONFIGURE
          GO


          /*************************************************************************************/
          -- DROP OBJECTS IF FOUND FIRST
          /*************************************************************************************/

          -- DROP System.DirectoryServices.AccountManagement
          IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
          RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
          DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
          END

          -- DROP System.DirectoryServices.Protocols
          IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
          RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
          DROP ASSEMBLY [System.DirectoryServices.Protocols]
          END

          -- DROP System.DirectoryServices
          IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
          RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
          DROP ASSEMBLY [System.DirectoryServices]
          END
          GO
          IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
          BEGIN
          RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
          DROP USER [MSFT_CLR_Login]
          END
          GO
          USE [master]
          GO
          IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
          BEGIN
          RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
          DROP LOGIN [MSFT_CLR_Login]
          END
          GO
          IF (EXISTS(SELECT 1 FROM master.sys.certificates WHERE name = 'MSFT_CLR_Cert'))
          BEGIN
          --DROP ASYMMETRIC KEY [ClrKey]
          RAISERROR( 'DROP CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
          DROP CERTIFICATE [MSFT_CLR_Cert]
          END
          GO

          /*************************************************************************************/
          -- CREATE THE OBJECTS
          /*************************************************************************************/
          USE [master]
          GO

          RAISERROR( 'CREATE CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
          CREATE CERTIFICATE [MSFT_CLR_Cert] FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'

          RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
          CREATE LOGIN [MSFT_CLR_Login] FROM CERTIFICATE [MSFT_CLR_Cert]

          RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
          GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
          GO

          USE CLR_Test
          GO

          RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
          CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]


          /*************************************************************************************/
          -- CREATE THE CLR OBJECTS
          /*************************************************************************************/

          USE CLR_Test
          GO

          /****************************************************************************/
          -- [System.DirectoryServices]
          /****************************************************************************/
          CREATE ASSEMBLY [System.DirectoryServices]
          FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
          WITH PERMISSION_SET = UNSAFE

          /****************************************************************************/
          -- [System.DirectoryServices.Protocols]
          /****************************************************************************/
          CREATE ASSEMBLY [System.DirectoryServices.Protocols]
          FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
          WITH PERMISSION_SET = UNSAFE

          /****************************************************************************/
          -- [System.DirectoryServices.AccountManagement]
          /****************************************************************************/
          CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
          FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
          WITH PERMISSION_SET = UNSAFE





          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "182"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230993%2fcreate-assembly-system-directoryservices-accountmanagement-dll-without-enabling%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            3














            No, an Asymmetric Key won't work, most likely because strong-naming assemblies changed in .NET 4.5 or somewhere around there, to now be Enhanced Strong Naming, which is not supported by SQL Server's CLR host (not without resigning it, which won't work here).



            The key is to use Certificates. Create a Certificate in master from the DLL, then create the Login from that Certificate, and finally grant the UNSAFE ASSEMBLY permission to that Login.



            It should be that simple (assuming, of course, that the DLL is pure-MSIL and not mixed, because only pure-MSIL assemblies can be loaded into SQL Server).



            Also:




            1. You shouldn't have to add / drop more than the main assembly, assuming that they are referenced by the main one. When adding assemblies via DLL (as opposed to a hex bytes / VARBINARY literal), SQL Server will grab any referenced assemblies that are in the same folder. It will set all of those auto-added assemblies to "visible = 0". Assemblies that are set to "visible = 0" that are referenced by a main assembly are automatically dropped if the main assembly is dropped.

            2. You don't need to grant both UNSAFE ASSEMBLY and EXTERNAL ACCESS ASSEMBLY permissions to the signature-based login. The UNSAFE ASSEMBLY permission assumes the EXTERNAL ACCESS ASSEMBLY permission such that you can set assemblies to either PERMISSION_SET if you have the UNSAFE ASSEMBLY permission.

            3. If using SQL Server 2017 or newer, there is no need to use the "trusted assemblies" feature. Please see my post here as to why and what should be done instead: SQLCLR vs. SQL Server 2017, Part 1: "CLR strict security" - The Problem. Of course, in this particular case it is a moot point since the proper approach is using the Certificate method as described above.




            Please note that in other answers to similar questions, whether answered by myself or others, the answer was always that TRUSTWORTHY had to be enabled. This was due to misinformation provided by the Microsoft documentation that I did not realize until more recently. I am working on correcting both my previous answers and that documentation.






            share|improve this answer


























            • Solomon is there a post you know of demonstrating the certificate method?

              – SpaceGhost440
              31 mins ago











            • @SpaceGhost440 I am working on that post now ;-)

              – Solomon Rutzky
              20 mins ago











            • Actually I spoke too soon, the System.DirectoryServices.AccountManagement assembly does not show up in sql server. Do I need to use two certs? One for System.DirectoryServices and another for System.DirectoryServices.AccountManagement?

              – SpaceGhost440
              17 mins ago











            • Can you try my script below to see if I made any mistakes? tried adding both dlls as certs and that does not work. It says the certificate is already added. Then I tried just using the AccountManagement dll for the certificate and that does not work either.

              – SpaceGhost440
              9 mins ago








            • 1





              NVM Solomon, my eyes deceived me. It is indeed there. You were spot on. PEBCAK error. :D

              – SpaceGhost440
              6 mins ago


















            3














            No, an Asymmetric Key won't work, most likely because strong-naming assemblies changed in .NET 4.5 or somewhere around there, to now be Enhanced Strong Naming, which is not supported by SQL Server's CLR host (not without resigning it, which won't work here).



            The key is to use Certificates. Create a Certificate in master from the DLL, then create the Login from that Certificate, and finally grant the UNSAFE ASSEMBLY permission to that Login.



            It should be that simple (assuming, of course, that the DLL is pure-MSIL and not mixed, because only pure-MSIL assemblies can be loaded into SQL Server).



            Also:




            1. You shouldn't have to add / drop more than the main assembly, assuming that they are referenced by the main one. When adding assemblies via DLL (as opposed to a hex bytes / VARBINARY literal), SQL Server will grab any referenced assemblies that are in the same folder. It will set all of those auto-added assemblies to "visible = 0". Assemblies that are set to "visible = 0" that are referenced by a main assembly are automatically dropped if the main assembly is dropped.

            2. You don't need to grant both UNSAFE ASSEMBLY and EXTERNAL ACCESS ASSEMBLY permissions to the signature-based login. The UNSAFE ASSEMBLY permission assumes the EXTERNAL ACCESS ASSEMBLY permission such that you can set assemblies to either PERMISSION_SET if you have the UNSAFE ASSEMBLY permission.

            3. If using SQL Server 2017 or newer, there is no need to use the "trusted assemblies" feature. Please see my post here as to why and what should be done instead: SQLCLR vs. SQL Server 2017, Part 1: "CLR strict security" - The Problem. Of course, in this particular case it is a moot point since the proper approach is using the Certificate method as described above.




            Please note that in other answers to similar questions, whether answered by myself or others, the answer was always that TRUSTWORTHY had to be enabled. This was due to misinformation provided by the Microsoft documentation that I did not realize until more recently. I am working on correcting both my previous answers and that documentation.






            share|improve this answer


























            • Solomon is there a post you know of demonstrating the certificate method?

              – SpaceGhost440
              31 mins ago











            • @SpaceGhost440 I am working on that post now ;-)

              – Solomon Rutzky
              20 mins ago











            • Actually I spoke too soon, the System.DirectoryServices.AccountManagement assembly does not show up in sql server. Do I need to use two certs? One for System.DirectoryServices and another for System.DirectoryServices.AccountManagement?

              – SpaceGhost440
              17 mins ago











            • Can you try my script below to see if I made any mistakes? tried adding both dlls as certs and that does not work. It says the certificate is already added. Then I tried just using the AccountManagement dll for the certificate and that does not work either.

              – SpaceGhost440
              9 mins ago








            • 1





              NVM Solomon, my eyes deceived me. It is indeed there. You were spot on. PEBCAK error. :D

              – SpaceGhost440
              6 mins ago
















            3












            3








            3







            No, an Asymmetric Key won't work, most likely because strong-naming assemblies changed in .NET 4.5 or somewhere around there, to now be Enhanced Strong Naming, which is not supported by SQL Server's CLR host (not without resigning it, which won't work here).



            The key is to use Certificates. Create a Certificate in master from the DLL, then create the Login from that Certificate, and finally grant the UNSAFE ASSEMBLY permission to that Login.



            It should be that simple (assuming, of course, that the DLL is pure-MSIL and not mixed, because only pure-MSIL assemblies can be loaded into SQL Server).



            Also:




            1. You shouldn't have to add / drop more than the main assembly, assuming that they are referenced by the main one. When adding assemblies via DLL (as opposed to a hex bytes / VARBINARY literal), SQL Server will grab any referenced assemblies that are in the same folder. It will set all of those auto-added assemblies to "visible = 0". Assemblies that are set to "visible = 0" that are referenced by a main assembly are automatically dropped if the main assembly is dropped.

            2. You don't need to grant both UNSAFE ASSEMBLY and EXTERNAL ACCESS ASSEMBLY permissions to the signature-based login. The UNSAFE ASSEMBLY permission assumes the EXTERNAL ACCESS ASSEMBLY permission such that you can set assemblies to either PERMISSION_SET if you have the UNSAFE ASSEMBLY permission.

            3. If using SQL Server 2017 or newer, there is no need to use the "trusted assemblies" feature. Please see my post here as to why and what should be done instead: SQLCLR vs. SQL Server 2017, Part 1: "CLR strict security" - The Problem. Of course, in this particular case it is a moot point since the proper approach is using the Certificate method as described above.




            Please note that in other answers to similar questions, whether answered by myself or others, the answer was always that TRUSTWORTHY had to be enabled. This was due to misinformation provided by the Microsoft documentation that I did not realize until more recently. I am working on correcting both my previous answers and that documentation.






            share|improve this answer















            No, an Asymmetric Key won't work, most likely because strong-naming assemblies changed in .NET 4.5 or somewhere around there, to now be Enhanced Strong Naming, which is not supported by SQL Server's CLR host (not without resigning it, which won't work here).



            The key is to use Certificates. Create a Certificate in master from the DLL, then create the Login from that Certificate, and finally grant the UNSAFE ASSEMBLY permission to that Login.



            It should be that simple (assuming, of course, that the DLL is pure-MSIL and not mixed, because only pure-MSIL assemblies can be loaded into SQL Server).



            Also:




            1. You shouldn't have to add / drop more than the main assembly, assuming that they are referenced by the main one. When adding assemblies via DLL (as opposed to a hex bytes / VARBINARY literal), SQL Server will grab any referenced assemblies that are in the same folder. It will set all of those auto-added assemblies to "visible = 0". Assemblies that are set to "visible = 0" that are referenced by a main assembly are automatically dropped if the main assembly is dropped.

            2. You don't need to grant both UNSAFE ASSEMBLY and EXTERNAL ACCESS ASSEMBLY permissions to the signature-based login. The UNSAFE ASSEMBLY permission assumes the EXTERNAL ACCESS ASSEMBLY permission such that you can set assemblies to either PERMISSION_SET if you have the UNSAFE ASSEMBLY permission.

            3. If using SQL Server 2017 or newer, there is no need to use the "trusted assemblies" feature. Please see my post here as to why and what should be done instead: SQLCLR vs. SQL Server 2017, Part 1: "CLR strict security" - The Problem. Of course, in this particular case it is a moot point since the proper approach is using the Certificate method as described above.




            Please note that in other answers to similar questions, whether answered by myself or others, the answer was always that TRUSTWORTHY had to be enabled. This was due to misinformation provided by the Microsoft documentation that I did not realize until more recently. I am working on correcting both my previous answers and that documentation.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited 1 hour ago

























            answered 1 hour ago









            Solomon RutzkySolomon Rutzky

            48.7k581177




            48.7k581177













            • Solomon is there a post you know of demonstrating the certificate method?

              – SpaceGhost440
              31 mins ago











            • @SpaceGhost440 I am working on that post now ;-)

              – Solomon Rutzky
              20 mins ago











            • Actually I spoke too soon, the System.DirectoryServices.AccountManagement assembly does not show up in sql server. Do I need to use two certs? One for System.DirectoryServices and another for System.DirectoryServices.AccountManagement?

              – SpaceGhost440
              17 mins ago











            • Can you try my script below to see if I made any mistakes? tried adding both dlls as certs and that does not work. It says the certificate is already added. Then I tried just using the AccountManagement dll for the certificate and that does not work either.

              – SpaceGhost440
              9 mins ago








            • 1





              NVM Solomon, my eyes deceived me. It is indeed there. You were spot on. PEBCAK error. :D

              – SpaceGhost440
              6 mins ago





















            • Solomon is there a post you know of demonstrating the certificate method?

              – SpaceGhost440
              31 mins ago











            • @SpaceGhost440 I am working on that post now ;-)

              – Solomon Rutzky
              20 mins ago











            • Actually I spoke too soon, the System.DirectoryServices.AccountManagement assembly does not show up in sql server. Do I need to use two certs? One for System.DirectoryServices and another for System.DirectoryServices.AccountManagement?

              – SpaceGhost440
              17 mins ago











            • Can you try my script below to see if I made any mistakes? tried adding both dlls as certs and that does not work. It says the certificate is already added. Then I tried just using the AccountManagement dll for the certificate and that does not work either.

              – SpaceGhost440
              9 mins ago








            • 1





              NVM Solomon, my eyes deceived me. It is indeed there. You were spot on. PEBCAK error. :D

              – SpaceGhost440
              6 mins ago



















            Solomon is there a post you know of demonstrating the certificate method?

            – SpaceGhost440
            31 mins ago





            Solomon is there a post you know of demonstrating the certificate method?

            – SpaceGhost440
            31 mins ago













            @SpaceGhost440 I am working on that post now ;-)

            – Solomon Rutzky
            20 mins ago





            @SpaceGhost440 I am working on that post now ;-)

            – Solomon Rutzky
            20 mins ago













            Actually I spoke too soon, the System.DirectoryServices.AccountManagement assembly does not show up in sql server. Do I need to use two certs? One for System.DirectoryServices and another for System.DirectoryServices.AccountManagement?

            – SpaceGhost440
            17 mins ago





            Actually I spoke too soon, the System.DirectoryServices.AccountManagement assembly does not show up in sql server. Do I need to use two certs? One for System.DirectoryServices and another for System.DirectoryServices.AccountManagement?

            – SpaceGhost440
            17 mins ago













            Can you try my script below to see if I made any mistakes? tried adding both dlls as certs and that does not work. It says the certificate is already added. Then I tried just using the AccountManagement dll for the certificate and that does not work either.

            – SpaceGhost440
            9 mins ago







            Can you try my script below to see if I made any mistakes? tried adding both dlls as certs and that does not work. It says the certificate is already added. Then I tried just using the AccountManagement dll for the certificate and that does not work either.

            – SpaceGhost440
            9 mins ago






            1




            1





            NVM Solomon, my eyes deceived me. It is indeed there. You were spot on. PEBCAK error. :D

            – SpaceGhost440
            6 mins ago







            NVM Solomon, my eyes deceived me. It is indeed there. You were spot on. PEBCAK error. :D

            – SpaceGhost440
            6 mins ago















            1














            This answer is based upon Solomons suggestion above. The credit is all his. I rewrote my script as he suggested and it now works!!! TY SOLOMON! I am merely posting it as an example for others who come after me.



            USE master

            IF DB_ID('CLR_Test') IS NULL BEGIN
            CREATE DATABASE CLR_Test
            END
            GO

            USE [CLR_Test]
            GO

            EXEC sp_configure @configname=clr_enabled, @configvalue=1
            GO
            RECONFIGURE
            GO


            /*************************************************************************************/
            -- DROP OBJECTS IF FOUND FIRST
            /*************************************************************************************/

            -- DROP System.DirectoryServices.AccountManagement
            IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
            RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
            DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
            END

            -- DROP System.DirectoryServices.Protocols
            IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
            RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
            DROP ASSEMBLY [System.DirectoryServices.Protocols]
            END

            -- DROP System.DirectoryServices
            IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
            RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
            DROP ASSEMBLY [System.DirectoryServices]
            END
            GO
            IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
            BEGIN
            RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
            DROP USER [MSFT_CLR_Login]
            END
            GO
            USE [master]
            GO
            IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
            BEGIN
            RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
            DROP LOGIN [MSFT_CLR_Login]
            END
            GO
            IF (EXISTS(SELECT 1 FROM master.sys.certificates WHERE name = 'MSFT_CLR_Cert'))
            BEGIN
            --DROP ASYMMETRIC KEY [ClrKey]
            RAISERROR( 'DROP CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
            DROP CERTIFICATE [MSFT_CLR_Cert]
            END
            GO

            /*************************************************************************************/
            -- CREATE THE OBJECTS
            /*************************************************************************************/
            USE [master]
            GO

            RAISERROR( 'CREATE CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
            CREATE CERTIFICATE [MSFT_CLR_Cert] FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'

            RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
            CREATE LOGIN [MSFT_CLR_Login] FROM CERTIFICATE [MSFT_CLR_Cert]

            RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
            GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
            GO

            USE CLR_Test
            GO

            RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
            CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]


            /*************************************************************************************/
            -- CREATE THE CLR OBJECTS
            /*************************************************************************************/

            USE CLR_Test
            GO

            /****************************************************************************/
            -- [System.DirectoryServices]
            /****************************************************************************/
            CREATE ASSEMBLY [System.DirectoryServices]
            FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
            WITH PERMISSION_SET = UNSAFE

            /****************************************************************************/
            -- [System.DirectoryServices.Protocols]
            /****************************************************************************/
            CREATE ASSEMBLY [System.DirectoryServices.Protocols]
            FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
            WITH PERMISSION_SET = UNSAFE

            /****************************************************************************/
            -- [System.DirectoryServices.AccountManagement]
            /****************************************************************************/
            CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
            FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
            WITH PERMISSION_SET = UNSAFE





            share|improve this answer




























              1














              This answer is based upon Solomons suggestion above. The credit is all his. I rewrote my script as he suggested and it now works!!! TY SOLOMON! I am merely posting it as an example for others who come after me.



              USE master

              IF DB_ID('CLR_Test') IS NULL BEGIN
              CREATE DATABASE CLR_Test
              END
              GO

              USE [CLR_Test]
              GO

              EXEC sp_configure @configname=clr_enabled, @configvalue=1
              GO
              RECONFIGURE
              GO


              /*************************************************************************************/
              -- DROP OBJECTS IF FOUND FIRST
              /*************************************************************************************/

              -- DROP System.DirectoryServices.AccountManagement
              IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
              RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
              DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
              END

              -- DROP System.DirectoryServices.Protocols
              IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
              RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
              DROP ASSEMBLY [System.DirectoryServices.Protocols]
              END

              -- DROP System.DirectoryServices
              IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
              RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
              DROP ASSEMBLY [System.DirectoryServices]
              END
              GO
              IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
              BEGIN
              RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
              DROP USER [MSFT_CLR_Login]
              END
              GO
              USE [master]
              GO
              IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
              BEGIN
              RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
              DROP LOGIN [MSFT_CLR_Login]
              END
              GO
              IF (EXISTS(SELECT 1 FROM master.sys.certificates WHERE name = 'MSFT_CLR_Cert'))
              BEGIN
              --DROP ASYMMETRIC KEY [ClrKey]
              RAISERROR( 'DROP CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
              DROP CERTIFICATE [MSFT_CLR_Cert]
              END
              GO

              /*************************************************************************************/
              -- CREATE THE OBJECTS
              /*************************************************************************************/
              USE [master]
              GO

              RAISERROR( 'CREATE CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
              CREATE CERTIFICATE [MSFT_CLR_Cert] FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'

              RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
              CREATE LOGIN [MSFT_CLR_Login] FROM CERTIFICATE [MSFT_CLR_Cert]

              RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
              GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
              GO

              USE CLR_Test
              GO

              RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
              CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]


              /*************************************************************************************/
              -- CREATE THE CLR OBJECTS
              /*************************************************************************************/

              USE CLR_Test
              GO

              /****************************************************************************/
              -- [System.DirectoryServices]
              /****************************************************************************/
              CREATE ASSEMBLY [System.DirectoryServices]
              FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
              WITH PERMISSION_SET = UNSAFE

              /****************************************************************************/
              -- [System.DirectoryServices.Protocols]
              /****************************************************************************/
              CREATE ASSEMBLY [System.DirectoryServices.Protocols]
              FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
              WITH PERMISSION_SET = UNSAFE

              /****************************************************************************/
              -- [System.DirectoryServices.AccountManagement]
              /****************************************************************************/
              CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
              FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
              WITH PERMISSION_SET = UNSAFE





              share|improve this answer


























                1












                1








                1







                This answer is based upon Solomons suggestion above. The credit is all his. I rewrote my script as he suggested and it now works!!! TY SOLOMON! I am merely posting it as an example for others who come after me.



                USE master

                IF DB_ID('CLR_Test') IS NULL BEGIN
                CREATE DATABASE CLR_Test
                END
                GO

                USE [CLR_Test]
                GO

                EXEC sp_configure @configname=clr_enabled, @configvalue=1
                GO
                RECONFIGURE
                GO


                /*************************************************************************************/
                -- DROP OBJECTS IF FOUND FIRST
                /*************************************************************************************/

                -- DROP System.DirectoryServices.AccountManagement
                IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
                RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
                DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
                END

                -- DROP System.DirectoryServices.Protocols
                IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
                RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
                DROP ASSEMBLY [System.DirectoryServices.Protocols]
                END

                -- DROP System.DirectoryServices
                IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
                RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
                DROP ASSEMBLY [System.DirectoryServices]
                END
                GO
                IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
                BEGIN
                RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                DROP USER [MSFT_CLR_Login]
                END
                GO
                USE [master]
                GO
                IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
                BEGIN
                RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                DROP LOGIN [MSFT_CLR_Login]
                END
                GO
                IF (EXISTS(SELECT 1 FROM master.sys.certificates WHERE name = 'MSFT_CLR_Cert'))
                BEGIN
                --DROP ASYMMETRIC KEY [ClrKey]
                RAISERROR( 'DROP CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
                DROP CERTIFICATE [MSFT_CLR_Cert]
                END
                GO

                /*************************************************************************************/
                -- CREATE THE OBJECTS
                /*************************************************************************************/
                USE [master]
                GO

                RAISERROR( 'CREATE CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
                CREATE CERTIFICATE [MSFT_CLR_Cert] FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'

                RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                CREATE LOGIN [MSFT_CLR_Login] FROM CERTIFICATE [MSFT_CLR_Cert]

                RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
                GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
                GO

                USE CLR_Test
                GO

                RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]


                /*************************************************************************************/
                -- CREATE THE CLR OBJECTS
                /*************************************************************************************/

                USE CLR_Test
                GO

                /****************************************************************************/
                -- [System.DirectoryServices]
                /****************************************************************************/
                CREATE ASSEMBLY [System.DirectoryServices]
                FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
                WITH PERMISSION_SET = UNSAFE

                /****************************************************************************/
                -- [System.DirectoryServices.Protocols]
                /****************************************************************************/
                CREATE ASSEMBLY [System.DirectoryServices.Protocols]
                FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
                WITH PERMISSION_SET = UNSAFE

                /****************************************************************************/
                -- [System.DirectoryServices.AccountManagement]
                /****************************************************************************/
                CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
                FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
                WITH PERMISSION_SET = UNSAFE





                share|improve this answer













                This answer is based upon Solomons suggestion above. The credit is all his. I rewrote my script as he suggested and it now works!!! TY SOLOMON! I am merely posting it as an example for others who come after me.



                USE master

                IF DB_ID('CLR_Test') IS NULL BEGIN
                CREATE DATABASE CLR_Test
                END
                GO

                USE [CLR_Test]
                GO

                EXEC sp_configure @configname=clr_enabled, @configvalue=1
                GO
                RECONFIGURE
                GO


                /*************************************************************************************/
                -- DROP OBJECTS IF FOUND FIRST
                /*************************************************************************************/

                -- DROP System.DirectoryServices.AccountManagement
                IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.AccountManagement') BEGIN
                RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.AccountManagement]', 0, 1) WITH NOWAIT
                DROP ASSEMBLY [System.DirectoryServices.AccountManagement]
                END

                -- DROP System.DirectoryServices.Protocols
                IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices.Protocols') BEGIN
                RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices.Protocols]', 0, 1) WITH NOWAIT
                DROP ASSEMBLY [System.DirectoryServices.Protocols]
                END

                -- DROP System.DirectoryServices
                IF EXISTS(SELECT 1 FROM sys.assemblies WHERE name = 'System.DirectoryServices') BEGIN
                RAISERROR( 'DROP ASSEMBLY [System.DirectoryServices]', 0, 1) WITH NOWAIT
                DROP ASSEMBLY [System.DirectoryServices]
                END
                GO
                IF EXISTS(SELECT 1 FROM sys.database_principals dp WHERE dp.name = 'MSFT_CLR_Login')
                BEGIN
                RAISERROR( 'DROP USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                DROP USER [MSFT_CLR_Login]
                END
                GO
                USE [master]
                GO
                IF (EXISTS(SELECT 1 FROM master.sys.syslogins WHERE name = 'MSFT_CLR_Login'))
                BEGIN
                RAISERROR( 'DROP LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                DROP LOGIN [MSFT_CLR_Login]
                END
                GO
                IF (EXISTS(SELECT 1 FROM master.sys.certificates WHERE name = 'MSFT_CLR_Cert'))
                BEGIN
                --DROP ASYMMETRIC KEY [ClrKey]
                RAISERROR( 'DROP CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
                DROP CERTIFICATE [MSFT_CLR_Cert]
                END
                GO

                /*************************************************************************************/
                -- CREATE THE OBJECTS
                /*************************************************************************************/
                USE [master]
                GO

                RAISERROR( 'CREATE CERTIFICATE [MSFT_CLR_Cert]', 0, 1) WITH NOWAIT
                CREATE CERTIFICATE [MSFT_CLR_Cert] FROM EXECUTABLE FILE = 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'

                RAISERROR( 'CREATE LOGIN [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                CREATE LOGIN [MSFT_CLR_Login] FROM CERTIFICATE [MSFT_CLR_Cert]

                RAISERROR( 'GRANT UNSAFE ASSEMBLY', 0, 1) WITH NOWAIT
                GRANT UNSAFE ASSEMBLY TO [MSFT_CLR_Login]
                GO

                USE CLR_Test
                GO

                RAISERROR( 'CREATE USER [MSFT_CLR_Login]', 0, 1) WITH NOWAIT
                CREATE USER [MSFT_CLR_Login] FOR LOGIN [MSFT_CLR_Login]


                /*************************************************************************************/
                -- CREATE THE CLR OBJECTS
                /*************************************************************************************/

                USE CLR_Test
                GO

                /****************************************************************************/
                -- [System.DirectoryServices]
                /****************************************************************************/
                CREATE ASSEMBLY [System.DirectoryServices]
                FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.dll'
                WITH PERMISSION_SET = UNSAFE

                /****************************************************************************/
                -- [System.DirectoryServices.Protocols]
                /****************************************************************************/
                CREATE ASSEMBLY [System.DirectoryServices.Protocols]
                FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.Protocols.dll'
                WITH PERMISSION_SET = UNSAFE

                /****************************************************************************/
                -- [System.DirectoryServices.AccountManagement]
                /****************************************************************************/
                CREATE ASSEMBLY [System.DirectoryServices.AccountManagement]
                FROM 'C:WindowsMicrosoft.NETFrameworkv4.0.30319System.DirectoryServices.AccountManagement.dll'
                WITH PERMISSION_SET = UNSAFE






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 22 mins ago









                SpaceGhost440SpaceGhost440

                8317




                8317






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Database Administrators Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f230993%2fcreate-assembly-system-directoryservices-accountmanagement-dll-without-enabling%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Benedict Cumberbatch Contingut Inicis Debut professional Premis Filmografia bàsica Premis i...

                    Monticle de plataforma Contingut Est de Nord Amèrica Interpretacions Altres cultures Vegeu...

                    Escacs Janus Enllaços externs Menú de navegacióEscacs JanusJanusschachBrainKing.comChessV