I have a problem and I dont have an idea to solve it. I work with SQL Server and my students on Faculty of Information Technology.
I have create SQL Server login for domain group of users (about 60 od them). That mean I have SQL Server login like this DomainUsers
To whole group of users I had grant server role (dbcreator). I dont wish to import 60 login one by one and gice that permision.
Ok, student can create database without any problems
But, when they try to create database diagram (expanding database diagram node). They get a message that database need to have a valid owner (Hmm..ok its not a big deal to do it)
Quick check to some of database (Right click-->properties-->General-->Owner (ther is a DomainUserName (not name of group)..and that is ok
(Right click-->properties-->Files-->TextBox Owner. I try to enter same DomainUserName from step 5. But I get this message
TITLE: Microsoft SQL Server Management Studio
------------------------------
Set owner failed for Database '1110_EvidencijaKnjiga'. (Microsoft.SqlServer.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Set+owner+Database&LinkId=20476
An exception occurred in SMO. (Microsoft.SqlServer.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&LinkId=20476
------------------------------
The login 'DomeinUserName' does not exist on this server.
------------------------------
BUTTONS:
OK
------------------------------
This is wired. Ok I know that that user is not login but group is. Step 5 show that user, but step 6 have empty owner options and dose not allowe me to enter same user.
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
I have one domoain in the forest. The domain level is set to Windows 2000 native mode and forest level is set to mixed mode. My SQL server 2005 server joined to this domain. I added a brand new domain local group and add a normal user account to this domain local group. I login to the SQL server 2005 server and make a query "SELECT * FROM sys.login_token". I cannot see my domain local group in sys.login_token. However, if I add my account to a global group, I can see it there.
Then, I setup another forest. This time, I have domain level set to Windows 2003 mode and forest level is set to Windows 2003 native mode. I do the same testing. This time, I can see my domain local group in sys.login_token.
Why does SQL server 2005 has this limitation? Is it a bug?
We're building out a new SQL cluster and I'm working with our AD team to develop a secure environment using Windows Authentication only. I have created three "Global AD Groups" SQL Admins, SQL Read Only, SQL Service Accounts". The AD guys receive a request to add users to the groups and the DBA's grand SQL rolls to the accounts which map through the groups. So, in SQL security the 3 groups exist with the Admin group being assigned to the SA SQL roll. The DBA's have their AD domain accounts added as members to the SQL Admins group and that group is added to SQL as with the "SA roll".
The real question :-)
We use service accounts s-application to connect our application boxes to their respective SQL databases. If the service Global Group exists in SQL Logins, and the AD account is a member of the Group how would the DBA's grant "database rolls" to the AD accounts in the group? Wouldn't they just issue GRANT statements? I've detailed our setup better bellow.
SQL Admins Container - SQL Admins - AD Account
SQL SERVER - SQL Admins Container (Granted SQL server SA Roll)
I am trying to configure Reporting Services to allow a domain group access to reports. I am able to configure the domain and group (mydomaingrpname) in both Report Manager and BIDS. I'm sure I entered the correct name because I purposely misspelled it and received an error. I think this tells me it is finding the group correctly.
However, when my test user goes to Report Manager, there are no folders displayed. I checked and he is in the domain group I am using. If I explicitly add him (mydomainandy) to the folders, he can see them and execute the reports.
After searching the forums and other websites, I have checked IIS is using Windows Integrated Security and not anonymous access.
Hi am i am facing problem adding a domain group to the reporting services. while setting the security of a report, i am getting the rsUnknownUserName error while adding a domain group. the group is valid and it does exists. i tried creating a windows group on the machine running reporting services and tried adding the domain group and it accepted. but the reporting services is not accepting. can somebody tell me whats the problem with this. i am able to add other domain group belonging to the same domain and the SSRS accepts but not this particular domain group which is like any other domain group.
The title says it all. Given that I have created a login for a domain group, and a database user for that login. What I want to do is retrieving the domain username for the active user. USER_NAME retrieves the database username, suser_name returns (of course) NULL as this is not a sql user.
The goal is to use domain group logins, while still allowing for logging what user performed which action.
This question is regarding a brand new out-of-the-box SQL Server 2005 Workgroup Edition install. The old SQL Server 2000 server is working properly with regard to the issue we're having:
We are using Windows Authentication, and have created SQL logins for about
40 different groups on our domain. We've given those logins the appropriate
permissions on the databases they're supposed to be able to access. The SQL Server is not a domain controller, but is a member of the domain, and domain logins do work for Windows-login purposes on this box.
The problem is that when users try to connect to the SQL server, they are denied access. An error 18456 is thrown, and logged in the Application event log
stating "Login failed for user OURDOMAIN heuser" (example values). The
domain user is properly a member of group added as a login to SQL Server, and we've confirmed that there are not conflicting permissions that would deny those
users access via another route. These same groups are working fine on the SQL Server 2000 box.
This is only a problem for domain-based groups. If we create a local group
on the SQL server machine, through Computer Management -> Local Users and
Groups, then make the same domain users a member of THAT group, and finally then follow the same process to add that local group to SQL Server Logins and set
the database privileges, it works!!
Our group memberships change frequently, and are used for a lot more than
just SQL server permissions. So, using local groups and maintaining
membership in both places is not really feasible. Any ideas why a local
machine group containing domain user accounts would work fine, but a domain
If I have a domain user DOMAINuser1 who belongs to multiple window groups say DOMAINLookupConfigUsers and DOMAINAuditConfigUsers. In sqlserver, I would create two logins - DOMAINLookupConfigUsers and DOMAINAuditConfigUsers and matching users in the database. Then I grant LookupConfig role to the LookupConfigUsers user and AuditConfig role to the AuditConfigUsers user in the database. When DOMAINuser1 logs in, will it have both roles? I try to set this up but it does not seem to work. The domain user only picks up one of the role. Am I on the right track? If not, what is the proper way to grant multiple roles to a user when it belongs to multiple groups and each group has different privileges in the database.
I have tried rebooting the system, I have ran the script to look for duplicate sids and am still having the issue when trying to add a domain group to SQL. I get the Error 15401: Windows NT user or group'miTrust Legal' not found. Check the name again. Running SQL 2000 Std, with SP3a, and the collation is set to SQL_Latin1_General_CP850_BIN, which makes this instance case sensitive, and the group name is spelt right and am following the case sensitivity of the name as well.
I have been struggling with this one for awhile now.I have a domain group which only must view the steps and history of all agent jobs.I have added the group to the sqlagentreadergroup.I have created a new role and denied this role,add job,update job,delete job etc execute permissions.But the user still can change ,delete or create a new job.
All the groups and users in th new role,does not have sysadmin rights.
we have sql 2012 enterprise version
What else can i try.I need this for audit purposes.
I'm totally stuck on this issue and would really appreciate any advice. Here's what's going on...
I'm trying to install SP2 on a SQL 2005 Std x64 cluster and all the components upgrade except the DB Engine, which fails with this error saying the domain group (not the service account) could not be validated for the full-text search service.
I've rebooted both nodes. I've verified that the domain group exists. I even removed the full text search component and I still get the same error.
I've reviewed this: http://support.microsoft.com/kb/915846 But the ftsgroup registry value mentioned does not exists. I assume it only shows up after sp2 is installed.
Interestingly, I couldn't uninstall full-text search unless I passed the FTSCLUSTERGROUP parameter to the setup.exe command line remove command.
The OS is Windows Server 2003 Ent x64 SP2. Not a domain controller. I'm upgrading from the RTM version of SQL Server.
I've posted the relevant parts of the summary and log files below.
Thanks in advance for any ideas!
- Chris
-------------------------------------
Summary.txt ==========
Product : Database Services (MSSQLSERVER) Product Version (Previous): 1399 Product Version (Final) : Status : Failure Log File : C:Program FilesMicrosoft SQL Server90Setup BootstrapLOGHotfixSQL9_Hotfix_KB921896_sqlrun_sql.msp.log Error Number : 28130 Error Description : MSP Error: 28130 A domain group is missing for one or more services. To install SQL Server 2005 as a failover cluster, domain groups must be specified for all the clustered services being installed .To proceed, enter the missing domain group information. The domain group cannot be validated for the service Full-Text Search.
Failed to validate group name for FTSCLUSTERGROUP. Error 87 Error Code: 0x80070057 (87) Windows Error Text: The parameter is incorrect. Source File Name: sqlcadomaingroupdialog.cpp Compiler Timestamp: Sat Oct 7 09:43:40 2006 Function Name: validateSetDomainGroups Source Line Number: 484
MSI (s) (A8!98) [12:17:17:610]: Transforming table Error. MSI (s) (A8!98) [12:17:17:610]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:610]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 Error Code: 87 MSI (s) (A8!98) [12:17:17:626]: Transforming table Error. MSI (s) (A8!98) [12:17:17:626]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Transforming table Error. MSI (s) (A8!98) [12:17:17:642]: Note: 1: 2262 2: Error 3: -2147287038 MSI (s) (A8!98) [12:17:17:642]: Product: Microsoft SQL Server 2005 (64-bit) -- Error 28130. A domain group is missing for one or more services. To install SQL Server 2005 as a failover cluster, domain groups must be specified for all the clustered services being installed .To proceed, enter the missing domain group information. The domain group cannot be validated for the service Full-Text Search.
Error 28130. A domain group is missing for one or more services. To install SQL Server 2005 as a failover cluster, domain groups must be specified for all the clustered services being installed .To proceed, enter the missing domain group information. The domain group cannot be validated for the service Full-Text Search. <EndFunc Name='LaunchFunction' Return='87' GetLastError='0'> MSI (s) (A88) [12:17:17:642]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:642]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 MSI (s) (A88) [12:17:17:658]: Transforming table InstallExecuteSequence. MSI (s) (A88) [12:17:17:658]: Note: 1: 2262 2: InstallExecuteSequence 3: -2147287038 Action ended 12:17:17: Validate_ServiceAccounts.3EA9D9BF_D9D2_4023_B2A7_9E2137B2FB1B. Return value 3. Action ended 12:17:17: INSTALL. Return value 3. Property(S): ProductCode = {26F1A218-3158-4107-B3A6-37FD61CEE969} Property(S): ProductLanguage = 1033 Property(S): Manufacturer = Microsoft Corporation Property(S): ProductVersion = 9.2.3042.00
We are trying to set up SQLAgent Proxy account. If the SQLServer service id is a domain admin, do we still have to add it to the local administrators group?
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master) -A sql server 2005 on a win server 2003 in "sub domain" AD -A linked server to "sub domain" AD -A linked server login using a "sub domain" admin acccount -A view to this linked server -A grant on masterDomain/Domain Users to the database -A grant on subDomain/Domain Users to the database -We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts. Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT * FROM OPENQUERY(ADSI, 'SELECT displayname, givenName, sn, cn (etc...) FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com'' WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error: Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.
I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.
- I have try following the KB265808 - no success. - Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:
TITLE: Connect to Server ------------------------------
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476
Question: Could Windows 2003 security be blocking access? I'm using sa account to access.
Also, sa account does not seems to work for remote access. It is ok when accessing locally.
I have an SSRS 2012 table report with groups; each group is broken ie. one group for one page, and there are multiple groups in multiple pages.
'GroupName' column has multiple values - X,Y,Z,......
I need to group 'GroupName' with X,Y,Z,..... ie value X in page 1,value Y in page 2, value Z in page 3...
Now, I need to display another column (ABC) in this table report (outside the group column 'GroupName'); this outside column itself is another column header (not a group header) in the table (report) and it derives its name partly from the 'GroupName' values:
Example:
Value X for GroupName in page 1 will mean, in page 1, column Name of ABC column must be ABC-X Value Y for GroupName in page 2 will mean, in page 2, column Name of ABC column must be ABC-Y Value Z for GroupName in page 3 will mean, in page 3, column Name of ABC column must be ABC-Z
ie the column name of ABC (Clm ABC) must be dynamic as per the GroupName values (X,Y,Z....)
Page1:
GroupName Clm ABC-X
X
Page2:
GroupName Clm ABC-Y
Y
Page3:
GroupName Clm ABC-Z
Z
I have been able to use First(ReportItems!GroupName.Value) in the Page Header to get GroupNames displayed in each page; I get X in page 1, Y in page 2, Z in page 3.....
However, when I use ReportItems (that refers to a group name) in the Report Body outside the group,
I get the following error:
Report item expressions can only refer to other report items within the same grouping scope or a containing grouping scope
I need to get the X, Y, Z ... in each page for the column ABC.
I have been able to use this - First(Fields!GroupName.Value); however, I get ABC-X, ABC-X, ABC-X in each of the pages for the ABC column, instead of ABC-X in page 1, ABC-Y in page 2, ABC-Z in page 3, ...
I am trying to create a new db diagram. I selected my db -->right-click on Diagrams--> New database diagram -->Select some of the existing tables in the wizard-->finish and....
I don't see anything else but an empty screen
When I tried to edit an existing database diagram, by right-clicking on it -->Add existing table and selecting a new table from the list, I got an error message: "Co Initialize has not been called."
Could you help me on this one, please? ;-) Thank you, Anastasia
Hi all,it happen to me a strange problem:i have a mdb file (in Access 2K) with SQL Server 2K linked tables whoruns on a workstation which is on a different domain that the SQLServer. It works.If i create a mdb file from a workstation which is a the domain of theSQL Server and then i run it a my non-domain workstation i have errormessage:Login failed for user '(null)'. Reason: Not associated with a trustedSQL Server connectionBut if i reattached my tables it works.If someone have an idea....PS: same ODBC on both machines
Is there a way to use an Oracle linked server to create a database diagram? Or do I have to bring the whole Oracle db into SQL7 and then create the diagram?
Subject says it all; how do I copy diagrams from one SQL2K database to another? (This is coming up because I'm converting collation sequences by DTSing data from DB1 to DB2, where DB1 was copied from SQL7 and DB2 was created with the collation I want. It gets tables and views, but not Diagrams and Stored Procedures. )
In our organization, we are using SQL Server 2005 Management studio as the client interface to access all our enterprise Databases.Most of the databases are built on SQL 2005 DB Server. However, We have one of the Database built on SQL Server 2000, which also has Database diagrams in it. Though We are able to view all the DB objects through SQL 2005 managment studio interface, but unable to view the diagrams. I understand that, the binary data of the diagrams are stored in "dtproperties" table on SQL 2000 but in SQL 2005, it is stored in "sysobjects"(not sure) table and both are entirely different.
Following are my questions. 1.Since the DB is still on SQL 2000,How can we view the diagram objects thru the SQL 2005 Enterprise manager.
2.For the migration process of SQL 2000 to SQL 2005, How can i migrate the database diagrams.
Hi All I am using SQL server 2000 and I would like to create Database diagrams but It doesn't give me any option to crate one. It only shows "Working with SQL Server 2000 diagrams" and "Refresh" with no "create new diagram" and in other servers it but its only in my desktop that doesn't and I have full access
I'm using SQL Server 2000 and yesterday I seem to have lost mydiagrams. Not the diagram icons themselves, but the data diagrams yousee when you double click the icon.I tried reinstallling Enterprise manager, unregistereing andregistering the database without success.Any help appreciated.Thanks,Tom
I upsized an access backend to sql 2005. In the process, the relationships were lost. When I go to the database in Sql, right click on database diagrams, all I get is refresh and a link to go to learn about database diagrams. How can I recreate the diagrams?
I am trying to follow this walkthrough<br><br>http://msdn2.microsoft.com/en-us/library/ms233763(VS.80).aspx<br>And getting nowhere as it says I need to set up database diagrams which I cannot due to not being in db_owner role, or not being valid db user etc etc.I cannot find out how to set this up for the database I created so far in t his tutorial.I have searched and searched and got nowhere.I then went into SSMSE by chance and found a load of roles but none named db_owner. I then tried to add my database file but SSMSE wont let me drill down into the required folderI weep!!!!Please can anyone help?
When I start SQL Server Management Studio from my development PC and connect to a remote SQL-server, I do NOT see any Diagrams. When I use Remote Desktop and connect to the server, and the open SQL, I see the diagrams. Is there a way to get the diagrams to work on my local machine?