Domain Change (User Logins Broken)
Jan 22, 2008
Is there a way to change a logins based on domain users, we just changed domains so all the domainlogin logins are not working anymore. Do I have to reapply every security on every database object? There has to be a fix for this, its a common thing.
Any help is greatly appreciated, everything i googled applied to SQL Server 2000 and system tables that dont exist in 2005
View 3 Replies
ADVERTISEMENT
Apr 5, 2007
I have a root domain and child domain.
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
Any ideas on how to fix this ?
View 1 Replies
View Related
Sep 28, 2007
Hi,
We have the followoing:
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master)
-A sql server 2005 on a win server 2003 in "sub domain" AD
-A linked server to "sub domain" AD
-A linked server login using a "sub domain" admin acccount
-A view to this linked server
-A grant on masterDomain/Domain Users to the database
-A grant on subDomain/Domain Users to the database
-We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts.
Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT *
FROM OPENQUERY(ADSI,
'SELECT displayname, givenName, sn, cn (etc...)
FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com''
WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
EXEC sp_addlinkedsrvlogin @rmtsrvname ='ADSI', @useself='false',
@rmtuser='subDomainAdminAccnt', @rmtpassword='sunDomainAdminAccntPassword';
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error:
Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
View 7 Replies
View Related
Nov 3, 1999
We have a local group the consists of users from a trusted domain.. THis is a one way trust, us trusting them.. When I add that local group as a trusted SQL login the users cannot access the database... We have narrowed it down to the security by verifying the user can log in using a test sql account and hit the database.. Any ideas??? IS it possible to map an account to a Local group on the domain or does it have to be a global group????
Thanks in Advance
David
View 1 Replies
View Related
Sep 29, 2007
I recently changed the name of my pc to MYNEWPC ...but in SQL Server 2005 Security/Logins there are a couple of logins pointing to the old name...would i need to add these, change these or do something to make it point to the new pc name?
Here is what I see that needs to be changed from MYOLDPC to MYNEWPC, how do i go about doing this..is this needed?
MYOLDPCSQLServer2005SQLAgentUser$MYOLDPC$MSSQLSERVER
MYOLDPCSQLServer2005MSSQLUser$MYOLDPC$MSSQLSERVER
MYOLDPCSQLServer2005MSFTEUser$MYOLDPC$MSSQLSERVER
View 1 Replies
View Related
Dec 27, 2006
This question is regarding a brand new out-of-the-box SQL Server 2005 Workgroup Edition install. The old SQL Server 2000 server is working properly with regard to the issue we're having:
We are using Windows Authentication, and have created SQL logins for about
40 different groups on our domain. We've given those logins the appropriate
permissions on the databases they're supposed to be able to access.
The SQL Server is not a domain controller, but is a member of the domain, and domain logins do work for Windows-login purposes on this box.
The problem is that when users try to connect to the SQL server, they are denied access. An error 18456 is thrown, and logged in the Application event log
stating "Login failed for user OURDOMAIN heuser" (example values). The
domain user is properly a member of group added as a login to SQL Server, and we've
confirmed that there are not conflicting permissions that would deny those
users access via another route. These same groups are working fine on the SQL Server 2000 box.
This is only a problem for domain-based groups. If we create a local group
on the SQL server machine, through Computer Management -> Local Users and
Groups, then make the same domain users a member of THAT group, and finally then
follow the same process to add that local group to SQL Server Logins and set
the database privileges, it works!!
Our group memberships change frequently, and are used for a lot more than
just SQL server permissions. So, using local groups and maintaining
membership in both places is not really feasible. Any ideas why a local
machine group containing domain user accounts would work fine, but a domain
group containing the same accounts would not?
Thanks in advance.
View 20 Replies
View Related
Mar 30, 2000
1. How could I change the Domain within SQL Server.
2. When the NT Server changed to a new domain, Does the SQL server change also? Could someone help me. Thank you.
View 2 Replies
View Related
Mar 3, 2005
I have a client who we are upgrading from ms sql 7 to 2000. At the same time we are doing this, we are moving off an old domain, and old servers.
When I try to use DTS to move the whole database, it fails becaue the users don't exist on the new domain ( ie.. olddomainjay is not a user. That user is now newdomainjay).
What can I do to migrate the databases and not the permissions?
View 11 Replies
View Related
Sep 21, 2007
Any help will be appreciated.
To clarify few things I have no previous MS SQL experience, did some Oracle and MySQL work.
I will have to move one Win 2000 server with MS SQL 2005 running one database to our AD 2003 environment. I was wondering if anybody already went through that kind of scenario, and what was the procedure.
Thanks
View 4 Replies
View Related
May 25, 2007
Hi There
I am trying to find resources of comsiderations / steps to take when changing a sql server instatnce's domain, the name will be the same but it is being moved to a new domain.
One thing i have realised is that replciation must be completely removed and reconfigured , since the sunscriber / distributor are all going to the new domain.
replcation still obviously referencing the old domain.
But what are all the other things that may be affected. A link to an article with details of how to move a sql server 2005 instance to a new domain would be great i just cant find one.
Thanx
View 4 Replies
View Related
Aug 14, 2007
Our network guys created a new domain as part of their migration from NT4 to active directory. They are asking us to modify our sql servers (2000) to use the new domain accounts. For example domain1/user is now domain2/user. Once this is complete the old domain will be disabled. My question is how difficult is this to accomplish in SQL? SQL has startup accounts, logins, DTS packages, Scheduled jobs, maintenance plans, etc. It seems to me that this is a major effort? Any help on the do's and don'ts would be greatly appreciated. Any articles would be helpful too. I could sure benefit from anyone who has been down this path before.
View 1 Replies
View Related
May 5, 2008
Within our Exchange Environment we use Blackberry. Our Blackberry Server is using SQL Server 2005 Express. We're migrating from Exch 5.5 to Exch 2003 (new server for 2003). Now the new Exch Server is in our new Active Directory Domain to which is not named the same as our NT Domain for obvious reasons.
Anyway, after I decomission the 5.5 Exch Server, I want to rename the Blackberry Server and move it to the new domain.
Will SQL Server 2005 Express squak at me for doing this??
Thanks All
View 1 Replies
View Related
Mar 9, 2006
hi guys, i just recently had our servers attached to a new domain. previously they were not on any domain. the server A is a domain controler itself.
the problem is that now i cant start my sql server agent. it gives this error.
SQLServerAgent could not be started (reason: Unable to connect to server '(local)'; SQLServerAgent cannot start).
previously I was using administrator account to start my services but now i am using the domain account.
can someone please advise me on this.
thanks!
View 1 Replies
View Related
Sep 5, 2007
Hi All,
I would like to rename a login SAMPLE-IT�ean to NEWDOMAIN�ean, but i get this message:
"The name change cannot be performed because the SID of the new name does not match the old SID of the principal."
the command is : alter login [SAMPLE-IT�ean] with name=[NEWDOMAIN�ean]
server is sql2005 std (initial base)
what can i do ( there are lot of db on this instance and there are lot of instance where I have to change the domain of the user...) ... and there are lot of user whom I have to change it...:-(
thnx
Csaba
View 1 Replies
View Related
May 22, 2008
Hi everyone, We currently have a server running SQL server 2000 and 2005 instances on our domain. The servers are used for a couple of different applications. Our network manager is implementing a domain change in the next few months, but isn't familiar with SQL servers. I was wondering if anyone knew about any possible issues with changing the domain the database server machine is connected to. The computer name won't change, and neither will the server instances. Many thanks in advance for any ideas / help on this
View 6 Replies
View Related
Jul 20, 2005
Hello everybody..Is there a way to fix the SQL Server 2000 installation when the Server afterthe server has been disjoined form its old domain and added to a new domainwith a different computer name too?Sounds like a joke, but stuff happens.TIA-arifi
View 3 Replies
View Related
May 8, 2008
Hi folks,
For the past couple of days, I have been trying to get my SQL Server to work with Distributed Views. I am created linked servers, linked server logins, set XACT Abort ON.
I am successful in running a select against the distributed view, but was unable to run an "INSERT"
When I try a simple insert, the query took 3:14 minutes. Then I get an error message like:
Server: Msg 7391, Level 16, State 1, Line 1
The operation could not be performed because the OLE DB provider 'SQLOLEDB' was unable to begin a distributed transaction.
[OLE/DB provider returned message: New transaction cannot enlist in the specified transaction coordinator. ]
OLE DB error trace [OLE/DB Provider 'SQLOLEDB' ITransactionJoin::JoinTransaction returned 0x8004d00a].
I have checked that MSDTC is running and configured under a domain account on both machines - running sQL 2000 and win2K
I have been unsuccessful still after tinkering for several days. I have checked my network configurations and noticed that when I try to ping the other machine by name, I don't get a response. I can only get a response to a ping when I enter the IP address directly.
Could this be a problem? Also, I noticed that for some strange reason, whenever I ping from either machine it is showing an external IP - always the same one no matter which computer name I try to ping. Something like 209.xxx.xxx.xxx instead of the 192.xxx.xxx.xxx that I expect.
Finally, I thought that problem was possibly due to incorrect Active Directory configuration. I tried to remove both machines from the domain by changing them to a workgroup "TEST" instead of the domain.
When I restarted the PC, I am unable to start SQL Server. It shows the Red Stop sign. When I try to start it, it gives an error like: Service could not start because one or more dependencies failed.
When I add the machine back to the domain, SQL server starts working on reboot.
Can anyone help me please.
Thanks.
View 7 Replies
View Related
Oct 22, 2007
We recently upgraded to SQL 2005 from SQL 2000. We have most of our issues ironed out however about every 1 minute there is a message in the Application Event log and the SQL log that states:
EVENT ID 18456 Login Failed for the users DOMAIN/ACCOUNT [CLIENT: <local machine>]
This is a state 16 message which I thought meant that the account does not have access to the default database. The account is actually the account that the SQL services run under.
Any ideas? We can't seem to figure this one out. We actually upgraded to 2005 from 2000 and had an error appear after every reboot that prevented the SQL Agent from running(This application has failed to start because GAPI32.dll was not found. Re-installing the application may fix this problem.) We did a full uninstall of SQL and reinstalled fresh and restored the databases from .bak files and that is when the EVENT ID 18546 started occuring every minute.
We don't have any SQL heavy hitters here so please be detailed with any possible solutions. That you very much for any help you can provide!
David
View 5 Replies
View Related
Sep 19, 2014
We have 2 node sql 2012 cluster and we have a scenario where domain,IPs,Hostanmes and SQL network name are changing.
1> Can SQL cluster role be brought online by changing the sql network name and its IP once windows team reconfigure the OS cluster or there will be any challenges.
2>should I uninstall sql cluster on both nodes then windows will destroy OS cluster and they then they need to change IP,hostname and domain and then fresh installation of sql cluster
View 1 Replies
View Related
Aug 4, 2006
I am using the Management Sudio Express and after I changed my domain password, I lost all of my SQL Server registrations.
I remember this was an old problem with SQL 2000 until a SP fixed it.
Any ideas?
-- VPDJ
View 1 Replies
View Related
Jul 1, 1999
How do you transfer the user logins with the encrypted passwords from one DB to another. Help!
View 1 Replies
View Related
Jul 31, 2012
I know that there is Microsoft KB to migrate SQL Logins but it doesnt take care of Login Server level permissions or User level permissions.Idera used to have a Free tool SQLPermisions.exe but it works only on Windows XP/Vista not on Windows 7. Any third party tool (free or paid) which can migrate SQL Logins and User permissions ?
View 14 Replies
View Related
May 2, 2007
We are moving from Oracle to SQL Server 2005 for our next release and I'm looking for content that describes creating Logins, creating User accounts and what approach to take if the database is using windows authentication vs. SQL authentication.
Any suggestions?
View 1 Replies
View Related
Apr 13, 2015
I've selected a domain-based attribute for one of the leaf member attributes in the same entity, aka parent id, since it's a self-referencing entity. However, I cannot find a way to display anything but the code value in the drop-down (see below).
Is there a way to change the display value so that I can choose the attribute from the entity from which I want the user to choose? In other words, I would like to display the hierarchy name instead of the code, which is really just the primary id.
View 5 Replies
View Related
Jan 21, 2007
ok, first, I know... I forgot to run a backup of the master database, and I forgot to run a script to caputure logins. Not that that is out of the way... I need to recreate the logins under the Securities tab below the databases. All the company databases have the user names and passwords assigned to them, but they are not able to login, because they are not able to authenticate to the SQL server first.
Is there a script that someone has that will copy the company database security info for the users and recreate them in the SQL security tab?
I know that I can rebuild them manually, but I need to delete them first in the application software, then delete them from the databases, and then recreate them in the application software... and as simple as that sounds... it is a slow moving process.
Any assistance would be greatly appreciated.
Thanks,
John
View 3 Replies
View Related
Sep 10, 2002
SQL2K SP2 on Win2K Server in single native-mode domain
I'm trying to change MSSQLServer and SQLServerAgent to run under a domain account instead of LocalSystem. SQL is not running on the DC. I get Error 22042:xp_SetSQLSecurity() returned error -2147023564, 'No mapping between account names and security ID's was done'.
The SQL machine is part of the domain. I'm logged in as a Domain Admin.
What is the problem?
View 2 Replies
View Related
Jul 27, 2006
I need to provide a UI to get the information to add a windows login to a SqlServer database. The CREATE LOGIN Sql statment requires the user name as "DomainNameUserName". I can get a list of users in XML using the following code:
public static XmlDocument GetAllADDomainUsers(string DomainPath)
{
string domain;
XmlDocument doc = new XmlDocument();
doc.LoadXml("<users/>");
XmlElement elem;
DirectoryEntry searchRoot;
ArrayList allUsers = new ArrayList();
if (DomainPath.Length == 0)
{
DirectoryEntry entryRoot = new DirectoryEntry("LDAP://RootDSE");
domain = entryRoot.Properties["defaultNamingContext"][0].ToString();
}
else
domain = DomainPath;
searchRoot = new DirectoryEntry("LDAP://" + domain);
DirectorySearcher search = new DirectorySearcher(searchRoot);
search.Filter = "(&(objectClass=user)(objectCategory=person))";
search.PropertiesToLoad.Add("samaccountname");
search.PropertiesToLoad.Add("distinguishedname");
search.Sort.PropertyName = "samaccountname";
search.Sort.Direction = SortDirection.Ascending;
SearchResult result;
SearchResultCollection resultCol = search.FindAll();
if (resultCol != null)
{
for(int counter=0; counter < resultCol.Count; counter++)
{
result = resultCol[counter];
if (result.Properties.Contains("samaccountname"))
{
elem = doc.CreateElement("user");
doc.DocumentElement.AppendChild(elem);
elem.SetAttribute("name", (String)result.Properties["samaccountname"][0]);
elem.SetAttribute("distinguishedName", (String)result.Properties["distinguishedname"][0]);
}
}
}
return doc;
}
This works for listing the names but how do I get the NetBIOS domain name for a selected user as required by SqlServer? I have tried using TranslateName from secur32.dll. That works on some machines but for some reason on other machines, it returns a blank. Is there another way?
Thanks for your help,
Rob
View 3 Replies
View Related
Feb 12, 2001
My SQL servers are using integrated windows nt security. Our user account is changing to a new domain. Is there an easy way to change the server logins to point to the new domain instead of removing the user and adding a new login from the new domain.
View 1 Replies
View Related
Mar 25, 2004
Hi
Im currently working on a intranet and trying to set up some security. The intranet acesses a SQL server 2000 database. I would like to know if there is a stored procedure(or other way) of returning all the domain groups that a user belongs to when passed the users NT login. I found xp_enumgroups which returns all the groups on the domain and also xp_logininfo which returns the users of a passed domain group. These are usful but i need to just pass the NT username and return all the Domain Groups. Any thoughts, ideas would be great!
Cheers
View 1 Replies
View Related
Apr 7, 2004
My SQL Server is running as a Domain user account and it asked me to enter the password for thr Domain user account when I was changing the Startup account from Local to Domain user.
My QUESTION here is:
Is there a way or command for me to change the password automatically on the Services account, if I change the password for the Domain User account/.
View 5 Replies
View Related
Nov 3, 2006
New to SQL Server. Plan to install SQL Server 2005 standard edition on Windows 2k3. After searched a lot of places, still don't understand what exactly "domain user account" is. Could someone explain it to me?
1. Is this a OS account where SQL Server is running?
2. Or, is this an account under domain controller on other machine? Is this an account on DNS srver? How do I create it?
3. Or, is this an account in SQL Server?
Where is this account located? How do I manage it?
TIA.
View 4 Replies
View Related
Apr 8, 2004
Is there an automatic way of changing the Domain user password getting used for running the SQL Server as a Domain user account? I'm taking about EM---Security----Domain User name and the password getting used for running the SQL Server?
View 1 Replies
View Related
Jun 20, 2008
How to find out whether a domain user has access to sql server or not?
Many domain groups have access to my sql server. I need to check whether a user has access to server or not.
Probably I need to check which windows group the user belongs. This looks more like an o/s question than DB. How do you guys manage this scenario?
------------------------
I think, therefore I am - Rene Descartes
View 4 Replies
View Related
