User On Trusted Domain Does Have Permission To Access Linked Server On AD Deployed In Another Domain

Sep 28, 2007

Hi,
We have the followoing:

-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master)
-A sql server 2005 on a win server 2003 in "sub domain" AD
-A linked server to "sub domain" AD
-A linked server login using a "sub domain" admin acccount
-A view to this linked server
-A grant on masterDomain/Domain Users to the database
-A grant on subDomain/Domain Users to the database
-We want all connections done through "Windows Authentication" not "Database Authentication".

Queries on the view work fine using "sub domain" user accounts.
Queries on the view fail using "master domain" user accounts (including master domain admin accounts)


"Msg 7399, Level 16, State 1, Line 1

The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."

All connections are done through "Windows Authentication" not "Database Authentication".

Can we establish cross domain connectivity with "Windows Authentication" ?


Below are details of the implementation:

SELECT TOP (100) PERCENT *
FROM OPENQUERY(ADSI,
'SELECT displayname, givenName, sn, cn (etc...)
FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com''
WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')

EXEC sp_addlinkedsrvlogin @rmtsrvname ='ADSI', @useself='false',
@rmtuser='subDomainAdminAccnt', @rmtpassword='sunDomainAdminAccntPassword';

In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:

"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'

Error:
Msg 7399, Level 16, State 1, Line 1

The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.

Msg 7320, Level 16, State 2, Line 1

Cannot execute the query "SELECT displayname, givenName, sn, cn

FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'

WHERE

objectCategory = 'Person'

AND objectClass = 'user'

" against OLE DB provider "ADsDSOObject" for linked server "ADSI".

View 7 Replies


ADVERTISEMENT

None-Domain Server Cannot Access SQL2005 Data On Windows 2003 Domain Server

Sep 26, 2006

I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.



- I have try following the KB265808 - no success.
- Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:

TITLE: Connect to Server
------------------------------

Cannot connect to ardsqldatawh.

------------------------------
ADDITIONAL INFORMATION:

An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476


Question: Could Windows 2003 security be blocking access? I'm using sa account to access.

Also, sa account does not seems to work for remote access. It is ok when accessing locally.

Any help would be appreciated.
949jc

View 1 Replies View Related

Problems With Change Sql Permissions After Migrating Domain User/group Accounts Into Root Domain

Apr 5, 2007

I have a root domain and child domain.



After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.



This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.



Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?



I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.



I believe it is something to do with the SID not matching.



Any ideas on how to fix this ?

View 1 Replies View Related

SQL Security :: Domain Migration Altered SA Or Domain Admin Access To DBs

Jun 19, 2015

we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any  password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.

View 6 Replies View Related

Domain User Access Check

Jun 20, 2008

How to find out whether a domain user has access to sql server or not?

Many domain groups have access to my sql server. I need to check whether a user has access to server or not.

Probably I need to check which windows group the user belongs. This looks more like an o/s question than DB. How do you guys manage this scenario?


------------------------
I think, therefore I am - Rene Descartes

View 4 Replies View Related

SQL 2012 :: Give User / Domain Group Only View Access On Agent Role?

May 20, 2014

I have been struggling with this one for awhile now.I have a domain group which only must view the steps and history of all agent jobs.I have added the group to the sqlagentreadergroup.I have created a new role and denied this role,add job,update job,delete job etc execute permissions.But the user still can change ,delete or create a new job.

All the groups and users in th new role,does not have sysadmin rights.

we have sql 2012 enterprise version

What else can i try.I need this for audit purposes.

View 7 Replies View Related

Trusted Domain Logins

Nov 3, 1999

We have a local group the consists of users from a trusted domain.. THis is a one way trust, us trusting them.. When I add that local group as a trusted SQL login the users cannot access the database... We have narrowed it down to the security by verifying the user can log in using a test sql account and hit the database.. Any ideas??? IS it possible to map an account to a Local group on the domain or does it have to be a global group????

Thanks in Advance
David

View 1 Replies View Related

6.5 Upgrade To 7 Through Trusted Domain?

Sep 9, 1999

HELP!

I am trying to perform an upgrade to 7.0. I have a two-way trusted domain in place. When I try to proceed with through the upgrade wizard I received the following error message:

"unable to connect to the export server.."

Basicly what I have is a SQL 6.5 in DOMAIN A and I created a SQL 7 in DOMAIN B. I want to upgrade the database from DOMAIN A to DOMAIN B. Is it possible to do so or does the SQL 7 needs to be in the same domain as the 6.5?

Thanks for any help. I will take any pointer someone can give me at this point.

Kenold Pierre-Louis
Kenold@asan.com

View 1 Replies View Related

Replication In Different Trusted Domain

Nov 26, 2007

I have following configuratiions

1. Two trusted domains(Domain 1 and Domain 2) connected through 128kbps intranet in two different buildings.
2. A Computer(Machine 1) running SQL server 2000 connected with Domain 1.
3. An application which connects to sql server and with its related database on Machine 1.
4. I want to replicate data onto a computer (Machine 2) on Domain 2.so that users of domain 1 and domain 2 can have a synchronize database. And whenever they visit each other in different building they have their data availabe to them.

Please Help

View 4 Replies View Related

Windows Authentication Fails For Trusted Domain

Nov 16, 2006

Greetings,

One of my users gets the following error when he tries to connect to my SQL Server 2000 database using windows authentication via Query Analyzer:

[Micorsoft][ODBC SQL Server Driver][SQL Server] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

Me and the server are located in Colorado and are on the NADomain. User is in London on the EURDomain. The EURDomain has a one way trust to the NADomain to use NADomain resources. I have granted access to the database to the user via Enterpise Manager as EURDomainuserid. All the literature I've read says this should be sufficient to connect but isn't. User can connect with SQL Server authentication. Users on the NADomain in Toronto can connect just fine with Windows Authentication. EURDomain user can access other file server resources in the same building as the SQL Server in Colorado.

SQL Server version is:

Microsoft SQL Server 2000 - 8.00.818 (Intel X86) Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)

EURDomain Client ODBC version is 2000.85.1022.00 and MDAC is 2.8.

Any help is greatly appreciated.

View 5 Replies View Related

How Can Connect SSAS W/o Domain Trusted Connection?

May 16, 2006

I got error: An existing connection was forcibly closed by the remote host!!

string connstr = "Provider=MSOLAP.3;Data Source=amsserver;Password=;User ID=administrator;Initial Catalog=MIP2ASProject";

Client in XP, with AS9.0 provider installed, server is sqlserver 2005 in win2003 xp1.

Both machines are not under domain controller...

View 7 Replies View Related

Domain Trust - Login Failed: Not A Trusted Sql Connection

Nov 21, 2005

(Cross post from newsgroup)
Attempting to implement Windows authentication between trusted domains. . .
I have a domain trust set up between two domains connected via persistent vpn:

View 4 Replies View Related

Domain Permission Issues

Feb 26, 2004

If you can assist -- I need to find and read a whitepaper or the like about "Domain Permissions". It seems that I continually have trouble with permission issues when attempting connectivity to any SQL database.

I do have some good reading materials about Windows authenication and authorization, but the Domain Permission piece of the puzzle is still missing.

If you know of some good on line articles to read, please post the URL's. Thanks in advance for the advice.

[The last episode says it all. I logged on to a server (W2K Server) as the administrator (machine level), installed SQL Server 2000 (Developer) cleanly, using Local System and Windows Authentication. Using Enterprise Mgr attempted to open the server to add a database and got the error message that the connection could not be made. However, when using Enterprise Mgr from another machine (logged in as me with domain admin rights) to open that server, there was not any problem. I do realize that if I had logged in with the domain admin rights there would not have been a problem, but that is not the issue. I want to learn the "why" behind why the original attempt did not work]

View 1 Replies View Related

Permission Domain Admin

Nov 6, 2007

Hi ,
We are using SBS2000 with SQL 2000 and Terminal server .
In the Terminal server ,we have an application that connect to sbs (sql) .
The Problem is that User without Domain Admin permission can not modify in database.
How Is it possible to grant full access to SQL2000 without giving users domain admin access?


Thanks ,
Samuel

View 5 Replies View Related

Access SQL Server On A Different Domain

Feb 18, 2004

Is there a way to access a SQL Server running on a different domain? I can access the same SQL Server from my machine, which is on a different domain using the ODBC connection, but when I try to access it using an application written in VB6.0 then I get the SQL Server does not exist error. I'm using the SQL Authentication method.

View 3 Replies View Related

Login Failed For User &&<&&<domain&&>&&>&&<&&<server Name&&>&&>$

Aug 2, 2005

 am working on asp application which basically is an interface to the report server. I am currently unable to determine the source of the problem so it may have nothing to do with reporting services.

View 4 Replies View Related

Login Failed For User '&&<&&<domain&&>&&>&&<&&<server&&>&&>$'.

Aug 2, 2005

I am working on asp application which basically is an interface to the report server. I am currently unable to determine the source of the problem so it may have nothing to do with reporting services.

View 11 Replies View Related

How Do I Allow Access To SQL Server On A Different NT Domain From The Client?

Jul 6, 2001

I want to give a client access to a SQL Server 7 database sitting on a different NT domain without setting up a trust relationship between the two domains. Has anyone tried doing this?

View 2 Replies View Related

Access Sql Server Over Network But Not In Domain

Apr 1, 2008

Hi,

I'm trying to access an SQL server 2005 database over the network. I'm at a client location plugged into their network, but when I log into my laptop I'm not logging into their domain. I have to access their network by typing in the name and password they gave me.

I cannot seem to access the database from my computer. I try to create an ODBC data source in the administrative tools, but the drop down list of detected SQL servers does not show the server I am trying to connect to. The weird thing is, it does show many other SQL servers on their network... just not the one that I'm trying to connect to. And I know that the one I want to connect to is working correctly because if I remote desktop into one of their machines (which is logged onto their domain), I can see it fine in the drop down.

Does anybody know how I can get a connection to this database from my computer, even though I'm not on the domain?

Thanks!

View 5 Replies View Related

Domain User Privilege For Connecting SQL Server 2000

Mar 30, 2006

Hi,

My server administrator has created a few users as domain user privilege for connecting SQL server from my application. However it faild to connect, and

with Domain Admin privilege, my app is running ok.

I asked admin person to upgrade domain user privilege to connect SQL server,

but he couldn't do this for security reason, and told it should work with domain user.

Is it true for domain user to connect SQL server without any problem?

Do I need to add the user, domain user, into Logins of Security inside SQL server Enterprise Manager?

Or inside users of my database section of SQL server EManager?



Thanks,

dixon



View 1 Replies View Related

Client On Domain Cannot Access SQL Server On Workgroup

Oct 12, 2007

Hi,

I have a quick question regarding domains and workgroups.

Currently I am working on an issue in the office of a small business. Right now there are 3 client computers that connect to a dell server running windows std. server 2003. The server has sql running on it that takes care of the invoicing system. Two out of the three work stations are able to use the database fine, but there is one that is unable to connect to the database. The only different that I could find is that the two workstations that DO work are currently set to use a workgroup, whereas the one workstation that does NOT work is set to use a domain...... I tried switching that computer to workgroup, but then I was unable to login as the normal user that I had always logged in as before.....

What can I do to solve this dilemma?

Any help would be greatly appreciated!

I apologize if this is the wrong forum for this, and if it is, if someone would point me to the correct one I would appreciate it.

Thanks
-steve

View 4 Replies View Related

Access Otehr Sql Server Ina Domain W/ Query Analyzer

Mar 2, 2006

Hi everybody,

I do not know if this is the correct area to post this topic? So, How to access
different sql server with query analyzer? Usually, when to install sql server, it
access the database server locally installed, now I like to access other sql server
within a domain using query analyzer. How to configure this in order I could use
query analyzer to access other sql server within a domain? Thanks in advanced.



den2005

View 1 Replies View Related

Can We Access Reporting Server By URL In The Enviornment Of Domain Control?

Dec 1, 2007



If the net is domain control.

Can we use reporting server as usual?

Or need some special setting about it for protect it working well?

Thanks

View 1 Replies View Related

Trouble Logging In To SQL Server 2005 Express With Domain User Account

Sep 22, 2006

Hi all,

I have a SQL Server 2005 Express edition instance set up on one server, and IIS on another server.

The SQL Server process account is a domain user account, which I have added to the local groups that SQL Server created during installation (I originally used a local user account instead of domain account; however, the problem occurs with both).

SQL Server runs fine, and if I set my IIS application pool identity to a domain admin, my web app can access the database and retrieve the data necessary.

However, I have a domain user account that I want to use to run the app pool and retrieve the data. The domain user account is added to the IIS_WPG group on the web server. On the database server, I have created a login for the account, as well as added it to the db_datareader role of the database that is used for the site.

However, the user is not able to connect to the SQL Server. I get the "Login failed for user <user account>" error in ASP.NET. I also tried connecting with SQL Server Management Studio, and I get the same error. I checked and the user has connect permission to the database server.

With admin accounts, there are no problems logging in, etc.

Any pointers are appreciated,

Thanks,

SA.

Edit: I was able to find out that the State is 11 for the error. According to http://blogs.msdn.com/sql_protocols/archive/2006/02/21/536201.aspx, this indicates "Valid login but server access failure." I am not sure how to resolve this.

View 1 Replies View Related

Linked Servers - Domain IDs

Sep 28, 2006

Is there an issue with using domain IDs with linked servers in 2KSP3 ? For some reason I get login failures using domain ids across linked servers, but sql logins with the exact permissions work fine. ?????

View 2 Replies View Related

How To Give Permissions To A Regular Domain User To Manage SQL Server Database Service?

Jan 22, 2008

After SQL Server 2005 Database Engine is installed by domain administrator, how to give permissions to a regular domain user so that user can control SQL Server Database service?

View 3 Replies View Related

SQL EXPRESS Reporting Server (Access Denied - Windows 2000 Server Domain Controller)

Apr 4, 2007

Subject problem has me quite vexed.



I am receiving the following error when attempting to access reporting services... to sum things up real nice and tidy-



I get three login prompts - then the access denied response. It is almost as if it is unable to authenticate the user... anyway... here's the actual error response, I'd really appreciate any input/insight/resolution.




Server Error in '/Reports' Application.


Access to the path 'C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportManagerin' is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportManagerin' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:





An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:





[UnauthorizedAccessException: Access to the path 'C:Program FilesMicrosoft SQL ServerMSSQL.2Reporting ServicesReportManagerin' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +2014163
System.IO.Directory.InternalGetFileDirectoryNames(String path, String userPathOriginal, String searchPattern, Boolean includeFiles, Boolean includeDirs, SearchOption searchOption) +1817
System.IO.Directory.GetDirectories(String path, String searchPattern, SearchOption searchOption) +36
Microsoft.ReportingServices.Diagnostics.Localization.GetInstalledCultures() +112
Microsoft.ReportingServices.Diagnostics.Localization..cctor() +66

[TypeInitializationException: The type initializer for 'Microsoft.ReportingServices.Diagnostics.Localization' threw an exception.]
Microsoft.ReportingServices.Diagnostics.Localization.SetCultureFromPriorityList(String[] localeList) +0
Microsoft.ReportingServices.UI.GlobalApp.Application_BeginRequest(Object sender, EventArgs e) +157
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64





Version Information: Microsoft .NET Framework Version:2.0.50727.42; ASP.NET Version:2.0.50727.210

View 1 Replies View Related

Run SQL As Domain User

Sep 10, 2002

SQL2K SP2 on Win2K Server in single native-mode domain

I'm trying to change MSSQLServer and SQLServerAgent to run under a domain account instead of LocalSystem. SQL is not running on the DC. I get Error 22042:xp_SetSQLSecurity() returned error -2147023564, 'No mapping between account names and security ID's was done'.

The SQL machine is part of the domain. I'm logged in as a Domain Admin.

What is the problem?

View 2 Replies View Related

How Do I Get A User's Domain?

Jul 27, 2006



I need to provide a UI to get the information to add a windows login to a SqlServer database. The CREATE LOGIN Sql statment requires the user name as "DomainNameUserName". I can get a list of users in XML using the following code:

public static XmlDocument GetAllADDomainUsers(string DomainPath)
{
string domain;
XmlDocument doc = new XmlDocument();
doc.LoadXml("<users/>");
XmlElement elem;

DirectoryEntry searchRoot;

ArrayList allUsers = new ArrayList();

if (DomainPath.Length == 0)
{
DirectoryEntry entryRoot = new DirectoryEntry("LDAP://RootDSE");
domain = entryRoot.Properties["defaultNamingContext"][0].ToString();
}
else
domain = DomainPath;

searchRoot = new DirectoryEntry("LDAP://" + domain);

DirectorySearcher search = new DirectorySearcher(searchRoot);
search.Filter = "(&(objectClass=user)(objectCategory=person))";
search.PropertiesToLoad.Add("samaccountname");
search.PropertiesToLoad.Add("distinguishedname");
search.Sort.PropertyName = "samaccountname";
search.Sort.Direction = SortDirection.Ascending;

SearchResult result;
SearchResultCollection resultCol = search.FindAll();
if (resultCol != null)
{
for(int counter=0; counter < resultCol.Count; counter++)
{
result = resultCol[counter];
if (result.Properties.Contains("samaccountname"))
{
elem = doc.CreateElement("user");
doc.DocumentElement.AppendChild(elem);
elem.SetAttribute("name", (String)result.Properties["samaccountname"][0]);
elem.SetAttribute("distinguishedName", (String)result.Properties["distinguishedname"][0]);
}
}
}
return doc;
}


This works for listing the names but how do I get the NetBIOS domain name for a selected user as required by SqlServer? I have tried using TranslateName from secur32.dll. That works on some machines but for some reason on other machines, it returns a blank. Is there another way?

Thanks for your help,
Rob

View 3 Replies View Related

Cross Domain Linked Report/SubReport Problem

Mar 31, 2008



Hi,

We have two domains in our organisation, both with transitive trust of one another.

In our main domain we have a report server which is available for all users across both domains to access and use. Most of the time there isn't a problem but I'm having a bit of an issue with users from our second domain accessing a linked report containing 13 subreports.

The main report is fine and all users can view this, however, all subreports show an error message to users in our second domain.

As a bit of an experiment I have even given one user Content Manager rights on the report server but this hasn't solved the problem. I have checked that permissions are correct on ther server, folders and data sources dozens of times and cannot find any reason why second domain users are having this problem.

If anyone has any suggestions on how to solve this I would be grateful for help.

With humble thanks in advance,

Paul

View 3 Replies View Related

Permission For Linked Server User

Aug 30, 2007

Dear,

What minimum permission do i need to grant to a Remote Login to create a linked server.

Regards
Sufian

View 7 Replies View Related

Changing User Domain

Feb 12, 2001

My SQL servers are using integrated windows nt security. Our user account is changing to a new domain. Is there an easy way to change the server logins to point to the new domain instead of removing the user and adding a new login from the new domain.

View 1 Replies View Related

Domain User Groups

Mar 25, 2004

Hi

Im currently working on a intranet and trying to set up some security. The intranet acesses a SQL server 2000 database. I would like to know if there is a stored procedure(or other way) of returning all the domain groups that a user belongs to when passed the users NT login. I found xp_enumgroups which returns all the groups on the domain and also xp_logininfo which returns the users of a passed domain group. These are usful but i need to just pass the NT username and return all the Domain Groups. Any thoughts, ideas would be great!

Cheers

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved