Domain Permission Issues
Feb 26, 2004
If you can assist -- I need to find and read a whitepaper or the like about "Domain Permissions". It seems that I continually have trouble with permission issues when attempting connectivity to any SQL database.
I do have some good reading materials about Windows authenication and authorization, but the Domain Permission piece of the puzzle is still missing.
If you know of some good on line articles to read, please post the URL's. Thanks in advance for the advice.
[The last episode says it all. I logged on to a server (W2K Server) as the administrator (machine level), installed SQL Server 2000 (Developer) cleanly, using Local System and Windows Authentication. Using Enterprise Mgr attempted to open the server to add a database and got the error message that the connection could not be made. However, when using Enterprise Mgr from another machine (logged in as me with domain admin rights) to open that server, there was not any problem. I do realize that if I had logged in with the domain admin rights there would not have been a problem, but that is not the issue. I want to learn the "why" behind why the original attempt did not work]
View 1 Replies
ADVERTISEMENT
Sep 28, 2007
Hi,
We have the followoing:
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master)
-A sql server 2005 on a win server 2003 in "sub domain" AD
-A linked server to "sub domain" AD
-A linked server login using a "sub domain" admin acccount
-A view to this linked server
-A grant on masterDomain/Domain Users to the database
-A grant on subDomain/Domain Users to the database
-We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts.
Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT *
FROM OPENQUERY(ADSI,
'SELECT displayname, givenName, sn, cn (etc...)
FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com''
WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
EXEC sp_addlinkedsrvlogin @rmtsrvname ='ADSI', @useself='false',
@rmtuser='subDomainAdminAccnt', @rmtpassword='sunDomainAdminAccntPassword';
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error:
Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
View 7 Replies
View Related
Nov 6, 2007
Hi ,
We are using SBS2000 with SQL 2000 and Terminal server .
In the Terminal server ,we have an application that connect to sbs (sql) .
The Problem is that User without Domain Admin permission can not modify in database.
How Is it possible to grant full access to SQL2000 without giving users domain admin access?
Thanks ,
Samuel
View 5 Replies
View Related
Apr 5, 2007
I have a root domain and child domain.
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
Any ideas on how to fix this ?
View 1 Replies
View Related
Jun 19, 2015
we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.
View 6 Replies
View Related
Dec 13, 2005
I have an application that uses Integrated Windows authentication. My Web.config looks like below
<add key="dbconnection" value=" server=XXX;Initial Catalog=XXX;persist security info=False;Integrated Security=SSPI;Pooling=true" />
When users try to access my application, they get the below error:
Execute permission denied on object 'SprocName', database 'DBNAME',Owner,'dbo'
The Only way I could get rid off the error is if I set DBO permissions for the user group on the databse.
Can someone suggest how to set up a security group with the ‘necessary’ permissions on SQL SERVER (ie read,write execute Sproc etc) and not too many extra ones, like DBO.
Thanks,
View 2 Replies
View Related
Sep 19, 2007
SQL Server 2005 anomoly?
In SQL Server Management Studio I granted specific permissions to user "A" to do Select, Insert, Update, Delete on Table "B" -
When I logged on as User "A" and attempted the Insert imto table "B" I got the following error:
"Insert Permission Denied on Table B, Database C, Schema dbo"
Is this a problem with the dbo schema?
Then I went back and created a stored proccedure "D" with the exact same Insert statement inside the procedure. I granted User "A" execute permission on the stored procedure "D".
I then logged on as User A and executed Stored Procedure "D". No Problem - stored procedure executed fine with the Insert.
I attempted the Insert statement again - straight SQL - as User "A" and got the same error as above ("Insert Permission Denied.....")
Strange behavior - cannot do a SQL. Insert even though user has permissions but can execute a store procedure with the same Insert statement.
What gives?
View 2 Replies
View Related
Sep 26, 2006
I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.
- I have try following the KB265808 - no success.
- Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:
TITLE: Connect to Server
------------------------------
Cannot connect to ardsqldatawh.
------------------------------
ADDITIONAL INFORMATION:
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476
Question: Could Windows 2003 security be blocking access? I'm using sa account to access.
Also, sa account does not seems to work for remote access. It is ok when accessing locally.
Any help would be appreciated.
949jc
View 1 Replies
View Related
Jul 20, 2005
Hi all,it happen to me a strange problem:i have a mdb file (in Access 2K) with SQL Server 2K linked tables whoruns on a workstation which is on a different domain that the SQLServer. It works.If i create a mdb file from a workstation which is a the domain of theSQL Server and then i run it a my non-domain workstation i have errormessage:Login failed for user '(null)'. Reason: Not associated with a trustedSQL Server connectionBut if i reattached my tables it works.If someone have an idea....PS: same ODBC on both machines
View 1 Replies
View Related
Mar 2, 2006
Currently running a SQL 2000 server in 2000 domain and want to migrate it to a new 2003 domain of the same name.
How do I go about it and is there any problems with this plan?
View 1 Replies
View Related
Jul 11, 2007
Hi
I'm trying to set up replication from one SQL server to another.
The publishing server is not a member of a domain and is located in a hosting center (but we have full control over the server). I can set up a Snapshot publication just fine.
The subscribing server is located in another remote location and is a member of a domain. Here I can also set up the subscription without errors.
The errors, I think, comes when the snapshot is about to be created, the error is, on the publisher server:
[298] SQLServer Error: 18456, Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. [SQLSTATE 28000]
And the snapshot is not created.
Is it even possible to set up replication like this. I need to transfer the data from one sql server to another so we have a working "backup" so to speek if the other server does not respond.
View 1 Replies
View Related
May 10, 2001
Guys,
I have problem in adding the user. The domain name "scs" that I am logged on a machine with user name "rao", But I am not able this user to SQL Server as scs/rao, it gives that the not found.
Your suggestions greatly appreciated.
Rao
View 3 Replies
View Related
Jun 13, 2007
Hi All,
I am in the process of installing SQL Server 2005. Under Service Account I am selecting the domain user account option. It asks for the username, password and the domain name. How can I find out what the domain name is?
Thanks.
View 1 Replies
View Related
Jan 26, 2004
In mssql-ds.xml, we have attribute <datasources>
and in
<connection- url>jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=DEV01</connection-url>
I also have a domain name "test" in which i have a table "loginTest", how do i specify domain name in <connection-url>
-Thanx
View 1 Replies
View Related
Jun 18, 2008
How do I get the domain name of a sql server 2005 instance please?
Thanks
View 3 Replies
View Related
Nov 7, 2007
A while back I asked this in the SQL security forum, but did not receive any replies. I feel that this is a fairly basic, common question, so I am posting it here in the hopes that this forum has higher traffic and that someone here will know the answer.
I am trying to connect as follows:
Server: Windows 2003, SQL 2005, on a domain
Client: Windows 2008 Beta, not on any domain
I created an account with the same user name as the domain user on the client machine. And then I logged in as that user and went to Manage Network Password. I entered the correct domain credentials. Verified that this worked for file shares. However, SQL does not appear to be recognizing this and it tells me:
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
I have verified that this domain account is working properly with SQL when the client is also on the domain.
Q: How can I get this Windows authentication scenario to work where the client is not on the domain and the SQL server is on the domain?
(Note: A similar case that can also occur frequently is that the server and client are on different domains.)
View 3 Replies
View Related
Dec 13, 1999
A couple of newbie questions:
1) Do Domain Admins have SA rights by default in SQL7? If so, is there a way to keep domain admins out of particular databases.
2) Is it possible to create a database or table that even SA can't get into?
Thanks
JD
View 1 Replies
View Related
Mar 30, 2000
1. How could I change the Domain within SQL Server.
2. When the NT Server changed to a new domain, Does the SQL server change also? Could someone help me. Thank you.
View 2 Replies
View Related
Sep 10, 2002
SQL2K SP2 on Win2K Server in single native-mode domain
I'm trying to change MSSQLServer and SQLServerAgent to run under a domain account instead of LocalSystem. SQL is not running on the DC. I get Error 22042:xp_SetSQLSecurity() returned error -2147023564, 'No mapping between account names and security ID's was done'.
The SQL machine is part of the domain. I'm logged in as a Domain Admin.
What is the problem?
View 2 Replies
View Related
Feb 24, 2002
I can map to a domain to the server where I have a sql Server database from my machine which is in another domin.
However, I cannot register the sql server with enterprise manager from the same machine. I am assuming that it is not a permission problem since I could not get the registration to work logging on as SA or with windows authorization. What should be looked at?
View 1 Replies
View Related
Jul 25, 2012
We have a network setup with two domain controllers, DC1 and DC2, working independently from eachother along with a DBserver1 that runs a BCM database and is a member of DC1. For certain reasons we would like to demote the DBserver1 and join it on the domain of DC2. What are the steps required in order to properly move a BCM Database running on SQL2005 to a new domain, where the security data lies in the active directory of DC1?
View 1 Replies
View Related
Mar 15, 2004
Hi,
I have a IIS server on "A" Domain. My application is hosted on on a machine which is under that domain.
I have a DB server, SQL server 2000 on B Domain. The server is a named instance of SQL Server 2000. I have a default SQL Server 7.0 on that same machine.
For the application i am trying to connect from the IIS to database server, but i am unable to connect to the named instance, but i can connect to the default 7.0 instance.
The connection string used for the application is as follows:
oConn.open "Driver={SQL
Server};Server=server_nameinstance_name;Database= db_name;uid=user_name;pwd=password;"
I am getting SQL Server does not exists error messege on page...
Please help, me if any one knows how to connect to the database server which is on different domain and is a named instance using the connection string in ASP page..
Please help, this is urgent.
Regards
Jay
View 13 Replies
View Related
Aug 29, 2006
Dear Friends, please tell me how can i gain domain knowledge in erp related modules?
View 3 Replies
View Related
Jul 20, 2005
What are gotchas for starting Sql & the agent with a Local system accountversus a system Domain account.
View 3 Replies
View Related
Apr 20, 2007
Novice wants to learn why it is not recommended to install sql 2005 express on to a 2003 domain controller. I have installed sql 2005 express on a 2003 domain controller and when I tried to run management studio it failed to run. there seems to be no problem with the engine, oh I also installed books online I wonder... can there be an issue with the books online and management studio I remember there were problems in the beta era. Now I am wondering if it's a good idea at all I feel like I have been left at train station with all my luggage, I have all this equipment... work stations, a server, printers and no resolution to my problem. most of all I want to learn why I shouldn't install sql on a domain controller... can someone please explain in detail.
dbarselow
View 5 Replies
View Related
Feb 15, 2007
I am trying to migrate users accounts from a 2000 Server to 2003 server I am changing domain names and the new domain a is a child domain off a parent domain. I have created a trust on both domain servers and the parent domain and I have created administrative users on each domain I am using the ADMIT migration tool and can get all the way through it then get an access denied when it trys to create the accounts. The knowledge bases on this say I need a Domain Admin user on each domains for the other domain. Being in a child domain it does not let me create this I have created users and added the admistrative group for each user this should give the rights to create the users on the new domain, but still am getting the access denied.
Does anyone know what I am missing on this? Any help would be greatly appreciated.
thanks,
Shawn
View 3 Replies
View Related
May 17, 2007
Windows Server 2003
SQL Server 2005 Enterprise SP2
The mirroring wizard insists I enter a fully qualitifeid domain name for my servers. But my servers are not on a domain - I just address them as machinenameinstancename, which the wizard convertrs to TCP://machinename:5022. When I click Start Mirroring it tells me that this is not a FQDN, which is true. How do I make this work?
Cheers,
Mike
View 3 Replies
View Related
Mar 21, 2006
Hi, all
I need a help here please.
Im using SQL Server 2000 on a server, and theres clients that need to connect to the sql server, and the clients are the users that have domain ids.
Firstly i run the sqlserver under local system user (default).And the clients which is login into a domain and can automatically login with windows authentification. But before i have already added the domain name for the client in the security login of sql server.
Then, i change the sqlserver services to be run under a local user with no admin right. After that, i cannot use windows authentification, i have to use sa. The reference i used for applying this is written in this url : http://support.microsoft.com/default.aspx?scid=kb;en-us;Q283811
The problem is i need to use both the sqlservices to be run under local with no admin right user and i need to use windows authentification.
Please help.
Thank you very much
Felix Adhitya
View 6 Replies
View Related
Jan 15, 2007
I have SQL 2000 running on windows 2000 using NT4 authentication all my users authenticate to the NT4 including their access to SQL 2000, we are moving to a new domain using windows 2003 server and Active Direcory.
We will be a an OU in a much larger domain (about 30K users) since we need to be able to be up and running with ability to authenticate and run all our apps including SQL server authentication in the event we loose our connectivity to the rest of the world should a natural disaster hit us.
Here is my dilema, when I see my users in SQL security they all have domainuserdID where the domain is my old domain.
How do I move all my SQL users with their rights to the new Windows2K3 SQL server that will authenticate to a Windows2K3 Active Directory.
I have 300 users and I do not want to have to create each one all over again in SQL, they allready exist in Active Directory I migrated all the users last week but i still have them authenticating to the old domain till I can resolve the SQL issue.
What is an easy and proper way to what I need to do
Thanks
Xavier
View 5 Replies
View Related
Dec 15, 2006
Greetings,
SSL was recently applied to the domain the reports are behind. I have been trying to get the "unsecure dialog" to not appear when viewing a RS report.
The report is embeded in a div tag in the aspx page. When accessing the site via https everything still works, if left unchanged, except the "unsecure content" dialog is displayed before the report renders.
When I change the URL of the div tag to https:\<RSSERVER><REPORTCOMMAND>, I get the following error:
"Content was blocked because it was not signed by a valid security certificate."
Anyone know what I need to do to make this work?
View 1 Replies
View Related
Jan 31, 2008
My company has a large-ish website and we are migrating to new
servers. There will be a web server (accessible to the world) backed
by a SQL Server 2005 Standard server (only accessible by the web server and
through VPN/Remote Desktop to administrators and our internal
network). We can either put the database server (which is not in a
cluster) on our domain or leave it in a workgroup. My first thought
is leave it in a workgroup simply for security and reliability (i.e.
if the DC goes down or loses connectivity), but people here are
disagreeing with me.
Should I put the database server (which is not used internally at all)
on the domain or leave it in a workgroup?
View 1 Replies
View Related
Apr 20, 2007
Arnie I have sql express, 2003 R2 as a domain controller, a laptop I use as a remote connection to the server. What I want to accomplish is to connect to a website using the server as a branch headquarters type of connections. I was told to look into using sharepoint services. I noticed my server has this service. Can't I use sql in this type of senario. I want to be able to have content uploaded to the web site by verious employees then have that content scanned and cleaned if needed and made available for my server. And from there I would have what I need to continue my publishing the content.
View 1 Replies
View Related
Apr 14, 2008
have a an sbs 2k3 domain network with sql server 205 installed on the sbs2k3 machine and clients on the network has sql express edition. i recently installed another server outside the domain for my webserver which is directly connected to the router of which is the same router where the sbs2k3 is connected too. i installed an sql server 2005 on the webserver..
my question is, how do my clients on the sbs2k3 network be able to connect to my webserver?
thnaks
View 16 Replies
View Related