Domain User Belonging To Multiple Windows Group

Jul 19, 2007

If I have a domain user DOMAINuser1 who belongs to multiple window groups say DOMAINLookupConfigUsers and DOMAINAuditConfigUsers. In sqlserver, I would create two logins - DOMAINLookupConfigUsers and DOMAINAuditConfigUsers and matching users in the database. Then I grant LookupConfig role to the LookupConfigUsers user and AuditConfig role to the AuditConfigUsers user in the database. When DOMAINuser1 logs in, will it have both roles? I try to set this up but it does not seem to work. The domain user only picks up one of the role. Am I on the right track? If not, what is the proper way to grant multiple roles to a user when it belongs to multiple groups and each group has different privileges in the database.

View 4 Replies


ADVERTISEMENT

Problems With Change Sql Permissions After Migrating Domain User/group Accounts Into Root Domain

Apr 5, 2007

I have a root domain and child domain.



After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.



This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.



Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?



I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.



I believe it is something to do with the SID not matching.



Any ideas on how to fix this ?

View 1 Replies View Related

SQL 2012 :: Give User / Domain Group Only View Access On Agent Role?

May 20, 2014

I have been struggling with this one for awhile now.I have a domain group which only must view the steps and history of all agent jobs.I have added the group to the sqlagentreadergroup.I have created a new role and denied this role,add job,update job,delete job etc execute permissions.But the user still can change ,delete or create a new job.

All the groups and users in th new role,does not have sysadmin rights.

we have sql 2012 enterprise version

What else can i try.I need this for audit purposes.

View 7 Replies View Related

Backup/restore Table Belonging To One User/login

Sep 16, 2007

Hi!

I have a SQL 2000 database that has several tables with the same name but with different users/logins.

Example:

Database "Customers"

Table Customer with user / login CompanyA
Table Customer with user / login CompanyB

Table Contact with user / login CompanyA
Table Contact with user / login CompanyB


I need to split these into two different database's

Database "CustomersA"
Table Customer with user / login CompanyA
Table Contact with user / login CompanyA

Database "CustomersB"
Table Customer with user / login CompanyB

Table Contact with user / login CompanyB

Any good idea how to do this?


Ingar

View 5 Replies View Related

Need To Identify Which Group The Windows User Is Logging In

Jun 18, 2007

Hi

In our sql server we have around 40 windows group.
Say a Windows user = "X"
This X user does not have a direct windows login, he is present in one or more windows groups registered in the sql server.

I need to know throught which group he is logging in.

If I know this , this will help in my auditing process.

Thanks in advance.

Regards
Soorya

View 1 Replies View Related

SQL 2012 :: Checking Windows User Group

Jun 7, 2015

I am setting up security for access of database tables for members in a specific Windows User Group.I want to check in a SQL script if this Windows User group is added and if so, add database users and grant SELECT on specific tables.

I have tried this:

SELECT * FROM master.sys.syslogins WHERE name like '%FoeUsers' AND isntgroup = '1'

but that selects a SQL user or group and not a Windows Group.Is there a way to check if a Windows NT (active Directory) user group exists?

View 5 Replies View Related

Sql2005 Express 'windows NT User Or Group Not Found. Check The Name Again.

Feb 26, 2006

I have installed visual studio 2005 with sql express. My tutorial book asked me to do the following to be able to use sql.

sqlcmd -S mycomputernameSQLExpress -E

which worked and then I get

1>

where I am to put in

1> sp_grantlogin [mycomputernamemyusername]

2> go

after this i get the error.

Msg 15401, Level 11, State 1, Server mycomputernameSQLEXPRESS, Procedure sp_grantlogin, Line 49

Windows NT user or group 'mycomputernamemyusername' not found. Check the name again.

I used Local System for the user name as that is what I think I am seeing as the right user account.

Help?

View 4 Replies View Related

Could Not Obtain Information About Windows NT Group/user .......error Code 0x534...

Jul 10, 2006

== I asked this question directly to Remus and wanted to share the response to all of those people using this forum ==
We recently moved our database server from SQL Server 2000 to SQL Server 2005. All applications on our intranet development server stay the same [VS.NET 2003], but recently resources in our Dev DB server ran out of space. While doing a thorough investigation, I noticed ERRORLOG file was occupying about 35 Gig of HDD space. I immediately checked SQL Server error log and noticed an entry which says €“
===========================================================================================
Date 7/7/2006 4:45:37 PM
Log SQL Server (Current - 7/7/2006 4:45:00 PM)

Source spid77s

Message
The activated proc [dbo].[SqlQueryNotificationStoredProcedure-5eaf8465-d0cb-4be7-93b6-44bb979dd41c] running on queue BW_Content.dbo.SqlQueryNotificationService-5eaf8465-d0cb-4be7-93b6-44bb979dd41c output the following: 'Could not obtain information about Windows NT group/user 'BWCINCHoffK', error code 0x534.'
===========================================================================================

What is this SqlQueryNotificationService in my database? Is it a SQL Server 2005 thing? Why the same kind of stored procedure does not exist in other databases, but BW_Content? This error is getting repeated most probably every second and is filling up our server.
I believe our corporate IT people removed our domain accounts from BWCINC domain to BWCORP domain and probably some application which is using BWCINCHoffK credential is getting errored out. I tried to locate this application and was not successful.
Is there anyway that I can stop this ERRORLOG from growing? How can I delete these log entries so that I can make space on our Hard Drive? Is there an easy way in SQL Server 2005 to locate which application is creating this error?
Response from Remus:
The 'SqlQueryNotificationService-...' is the service created by SqlDependency when you call SqlDependency.Start (). The problem you describe appears because the 'dbo' user of the database is mapped to the login that originally created this database. The SqlDependency created queue has an EXECUTE AS OWNER clause, owner is 'dbo' and therefore this is equivalent to an EXECUTE AS USER = 'dbo'. The error you see is reported by the domain controller when asked to give information about the original account 'dbo' mapps to (that is, BWCINCHoffK'): Error code: (Win32) 0x534 (1332) - No mapping between account names and security IDs was done.

To solve the issue, change 'dbo' to match a correct login, using either sp_changedbowner or ALTER AUTHORIZATION ON DATABASE::[dbname] TO [somavalidlogin]
To find the databases that have this problem, run this query:

select name, suser_sname(owner_sid) from sys.databases
The databses that have the problem will show NULL on the second column.
A similar problem is described here: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=65711&SiteID=1

To remove the entries, use sp_cycle_errorlog to force a new errorlog file, then delete the huge log file.
---------------------------------------

I executed ALTER AUTHORIZATION ON DATABASE::[BW_Content] TO [sa];

I got this error in SQL Error Log once and the growth of ERRORLOG was stopped.
===============================================================
Date 7/10/2006 1:16:55 PM
Log SQL Server (Current - 7/10/2006 1:17:00 PM)
Source spid20s

Message

The query notification dialog on conversation handle '{6BDE95F7-0EFB-DA11-9064-000C2921B41B}.' closed due to the following error: '<?xml version="1.0"?><Error xmlns="http://schemas.microsoft.com/SQL/ServiceBroker/Error"><Code>-8490</Code><Description>Cannot find the remote service &apos;SqlQueryNotificationService-c15bb868-ed56-47d2-bf91-ce18b320989a&apos; because it does not exist.</Description></Error>'.
===============================================================

Should I be concerned about this error?

Thanks
-Binoy

View 20 Replies View Related

User On Trusted Domain Does Have Permission To Access Linked Server On AD Deployed In Another Domain

Sep 28, 2007

Hi,
We have the followoing:

-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master)
-A sql server 2005 on a win server 2003 in "sub domain" AD
-A linked server to "sub domain" AD
-A linked server login using a "sub domain" admin acccount
-A view to this linked server
-A grant on masterDomain/Domain Users to the database
-A grant on subDomain/Domain Users to the database
-We want all connections done through "Windows Authentication" not "Database Authentication".

Queries on the view work fine using "sub domain" user accounts.
Queries on the view fail using "master domain" user accounts (including master domain admin accounts)


"Msg 7399, Level 16, State 1, Line 1

The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."

All connections are done through "Windows Authentication" not "Database Authentication".

Can we establish cross domain connectivity with "Windows Authentication" ?


Below are details of the implementation:

SELECT TOP (100) PERCENT *
FROM OPENQUERY(ADSI,
'SELECT displayname, givenName, sn, cn (etc...)
FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com''
WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')

EXEC sp_addlinkedsrvlogin @rmtsrvname ='ADSI', @useself='false',
@rmtuser='subDomainAdminAccnt', @rmtpassword='sunDomainAdminAccntPassword';

In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:

"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'

Error:
Msg 7399, Level 16, State 1, Line 1

The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.

Msg 7320, Level 16, State 2, Line 1

Cannot execute the query "SELECT displayname, givenName, sn, cn

FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'

WHERE

objectCategory = 'Person'

AND objectClass = 'user'

" against OLE DB provider "ADsDSOObject" for linked server "ADSI".

View 7 Replies View Related

Login For Domain Local Group And Global Group

Jan 5, 2008

I have one domoain in the forest. The domain level is set to Windows 2000 native mode and forest level is set to mixed mode. My SQL server 2005 server joined to this domain. I added a brand new domain local group and add a normal user account to this domain local group. I login to the SQL server 2005 server and make a query "SELECT * FROM sys.login_token". I cannot see my domain local group in sys.login_token. However, if I add my account to a global group, I can see it there.

Then, I setup another forest. This time, I have domain level set to Windows 2003 mode and forest level is set to Windows 2003 native mode. I do the same testing. This time, I can see my domain local group in sys.login_token.

Why does SQL server 2005 has this limitation? Is it a bug?

View 1 Replies View Related

None-Domain Server Cannot Access SQL2005 Data On Windows 2003 Domain Server

Sep 26, 2006

I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.



- I have try following the KB265808 - no success.
- Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:

TITLE: Connect to Server
------------------------------

Cannot connect to ardsqldatawh.

------------------------------
ADDITIONAL INFORMATION:

An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476


Question: Could Windows 2003 security be blocking access? I'm using sa account to access.

Also, sa account does not seems to work for remote access. It is ok when accessing locally.

Any help would be appreciated.
949jc

View 1 Replies View Related

Error 15401: Windows NT Group Or Group Not Found

Sep 25, 2003

I have a user in SQL Server with a NT login of Mike
I changed his NT account to Mikel in User Manager

Now when I try to add Mikel, Im getting error 15401.

Do I need to delete NT login in SQL Server 'Mike' account first ?..before adding 'Mikel' ?

Can I go into the Master database and just change Mike login to Mikel ?

Thank you

View 3 Replies View Related

Using Windows Authentication Over Different Domain

Jul 16, 2007

Hi,

I have a client running in a Domain A and a SQL server running in Domain B using Windows security. We don't want to put SQL Server in the mixed authentication mode.



I created a local group on de SQL server. Gave the group correct rights.

Added users from Domain A to that group. Although he prompted me for username password from Domain A it did work.



There is currently no trust between those domains. What kind of a trust should it be ? I believe that a one way trust where B trusts A should be enough.



Any suggestions.



CE

View 1 Replies View Related

Windows Authentication - Different Domain

Jan 29, 2007

Hi:

I am trying to figure out if there is a way to connect via SQL Server Management Studio to a server sitting on a separate domain. So here is the situation. there is Server B which sits in a domain called DomainB. If I am in DomainA, I could typically remote into that server utilizing an IP address in DomainB, and even transfer files to that server. But how do I connect via SQL Server Management Studio(basically login as a different domain user) to Server B in DomainB from DomainA. Basically when I choose Windows Authentication from the dropdown list in SQL Server Management Studio, it grays out the username field, which is where I could type something like this domainBusernameondomainB, similar to how you would connect to a share on that server. Please let me know if there is a possibly solution to this. Also, our customer doesnot allow SQL Server Auth/Logins, so that is not an option. Thanks.

View 24 Replies View Related

SQL 2k5 ENT , Domain Global Group

May 30, 2007

We're building out a new SQL cluster and I'm working with our AD team to develop a secure environment using Windows Authentication only. I have created three "Global AD Groups" SQL Admins, SQL Read Only, SQL Service Accounts". The AD guys receive a request to add users to the groups and the DBA's grand SQL rolls to the accounts which map through the groups. So, in SQL security the 3 groups exist with the Admin group being assigned to the SA SQL roll. The DBA's have their AD domain accounts added as members to the SQL Admins group and that group is added to SQL as with the "SA roll".

The real question :-)

We use service accounts s-application to connect our application boxes to their respective SQL databases. If the service Global Group exists in SQL Logins, and the AD account is a member of the Group how would the DBA's grant "database rolls" to the AD accounts in the group? Wouldn't they just issue GRANT statements? I've detailed our setup better bellow.

SQL Admins Container
- SQL Admins
- AD Account

SQL SERVER
- SQL Admins Container (Granted SQL server SA Roll)

Database
- AD account (Granted DBO rights)

View 1 Replies View Related

Changing The Domain For A Windows Server

Dec 17, 2007

Hello ppl

We have a Windows server that has 64-bit SQL installed on it. It is placed in 'abc' domain right now.


Now I have to get that changed to 'xyz' domain. I know that Windows people can take care of this, but my question is do we have to worry about the SQL Server that's already installed on that server? Will it have any affect on that?

Thanks

Satya

View 2 Replies View Related

Windows Authentication From Non-domain Laptop

Apr 28, 2008

We have a SQL 2005 box that requires windows authentication but I have to connect a laptop that is not part of the domain. Is there any way to do this? Per company policy, the SQL server cannot be changed to use SQL Auth AND Windows Auth. Also per policy, the user's laptop cannot be joined to the domain since it's not a company laptop.

I've tried using the following command:
net use \SQLServerNameipc$ /user:DomainNameDomainAccount Password

and then using enterprise manager to register the sql server but it still says that the computer is not trusted.

Is there something else to this that I am missing or is this just not possible?

Thanks in advance for the help.

View 2 Replies View Related

Domain Groups And Windows Authentication

Nov 8, 2006

Hi

We are planning implementation of a currently Sybase db. The users (about 3600) will be i 5 domains and we want single sign-on through trusted connections. We want to use the database roles to define different user access on databases and tables. There will be around 2000 roles. We also want to add the users directly to the database roles without having to grant each user database access.

So I thought that I could add the user groups from all domains and then add each domain user account to specified database roles. Am I right here or what? The Windows authentication will lookup or check the users kerberos ticket during logon process and allow logon.

The documentation here is weak and I assume it's a windows authentication question but wondered if any of you guys had been down the same road.

For creating the groups I have the following options:

Create a domain group and put all the usergroups from the other domains in this group

Add user groups from all other domains directly into the SQL Server.

Any recommendations here?

View 3 Replies View Related

Changing The Domain For A Windows Server

Dec 17, 2007

Hi

We have a Windows server that has 64-bit SQL installed on it. It is placed in 'abc' domain right now.


Now I have to get that changed to 'xyz' domain. I know that Windows team can take care of this, but my question is do we have to worry about the SQL Server that's already installed on that server? Will it have any affect on that?

Thanks

Satya

View 1 Replies View Related

Problem With Domain Group And Diagrams

Apr 4, 2007

I have a problem and I dont have an idea to solve it. I work with SQL Server and my students on Faculty of Information Technology.

I have create SQL Server login for domain group of users (about 60 od them). That mean I have SQL Server login like this DomainUsers
To whole group of users I had grant server role (dbcreator). I dont wish to import 60 login one by one and gice that permision.
Ok, student can create database without any problems
But, when they try to create database diagram (expanding database diagram node). They get a message that database need to have a valid owner (Hmm..ok its not a big deal to do it)
Quick check to some of database (Right click-->properties-->General-->Owner (ther is a DomainUserName (not name of group)..and that is ok
(Right click-->properties-->Files-->TextBox Owner. I try to enter same DomainUserName from step 5. But I get this message

TITLE: Microsoft SQL Server Management Studio
------------------------------

Set owner failed for Database '1110_EvidencijaKnjiga'. (Microsoft.SqlServer.Smo)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Set+owner+Database&LinkId=20476

------------------------------
ADDITIONAL INFORMATION:

An exception occurred in SMO. (Microsoft.SqlServer.Smo)

For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&LinkId=20476

------------------------------

The login 'DomeinUserName' does not exist on this server.

------------------------------
BUTTONS:

OK
------------------------------


This is wired. Ok I know that that user is not login but group is. Step 5 show that user, but step 6 have empty owner options and dose not allowe me to enter same user.

How to fix this?

Thank you

View 3 Replies View Related

Domain Group Account Won't Work

Sep 17, 2007

Greetings,

I am trying to configure Reporting Services to allow a domain group access to reports. I am able to configure the domain and group (mydomaingrpname) in both Report Manager and BIDS. I'm sure I entered the correct name because I purposely misspelled it and received an error. I think this tells me it is finding the group correctly.

However, when my test user goes to Report Manager, there are no folders displayed. I checked and he is in the domain group I am using. If I explicitly add him (mydomainandy) to the folders, he can see them and execute the reports.

After searching the forums and other websites, I have checked IIS is using Windows Integrated Security and not anonymous access.

Any ideas?

Rob

View 7 Replies View Related

How Can I Add Domain Group To Reporting Service?

Feb 28, 2008

Hi,

I have some problem about adding domain group to reporting service.

At first, I create my report folder on report manager. Then I edit item security to this folder. I click "New Role Assignment".

Then I enter "domainmydomaingroup" to "Group or user name" textbox, and check "Browser" role. Click Ok.

But there is error occurs,

The user or group name "domainmydomaingroup" is not recognized. (rsUnknownUserName)

But if I enter directly to domain user such as "domainuser1", that is Ok.

How can I do to solve this problem?

Thank you very much.

View 1 Replies View Related

Unable To Add Domain Group Account

Oct 24, 2007

Hi am
i am facing problem adding a domain group to the reporting services.
while setting the security of a report, i am getting the rsUnknownUserName error while adding a domain group.
the group is valid and it does exists. i tried creating a windows group on the machine running reporting services and tried adding the domain group and it accepted. but the reporting services is not accepting.
can somebody tell me whats the problem with this.
i am able to add other domain group belonging to the same domain and the SSRS accepts but not this particular domain group which is like any other domain group.


View 3 Replies View Related

SQL Server - Windows Domain Change Issues

May 22, 2008

 Hi everyone, We currently have a server running SQL server 2000 and 2005 instances on our domain. The servers are used for a couple of different applications. Our network manager is implementing a domain change in the next few months, but isn't familiar with SQL servers. I was wondering if anyone knew about any possible issues with changing the domain the database server machine is connected to. The computer name won't change, and neither will the server instances.  Many thanks in advance for any ideas / help on this 

View 6 Replies View Related

What Happens To Windows Authentication If Domain Failure Occurs?

Jul 23, 2005

Hi,I have a peculiar problem (or maybe not). I have SQL clients installedon XP boxes. These XP boxes are a member of let us say "XYZ" domain.SQL Server is installed on one of the boxes having Windows 2000 Serverin the same network. The installation has been done on local domainaccount. Since SQl Server has been installed with Windowsauthentication, what happens if the XYZ domain fails. Will it bepossible for all clients to access the database present on SQL Serverin the Win 2K box. I think I have made myself clear upto some extent.Please throw light on how to accomplish the connectivity between SQLclients and server in case of domain failure.Regards,Vinodi

View 2 Replies View Related

Connecting To Sql Server (within Windows Domain) Through Linux?

Jul 20, 2005

Hi,I'm planning to develop a small intranet to provide our organizationwith documents online. I've decided to do this using jsp/servletsusing a tomcat server. For an operating system, I have chosen red hatlinux. However, I'd like to keep a small database on a sql server asa datasource. However, this sql server is already part of ourorganization's windows domain. I suspect I'll need to configure sambaso that other terminals on the windows domain will be able to reachthe intranet. What's the best manner in which to connect my linuxservlets to this sql server database? I suspect this may bedifficult, considering the sql server exists within a windows domain,but as a beginner, what do I know. Perhaps someone could point me inthe right direction.

View 4 Replies View Related

Windows Integrated Authentication - Domain Controller

Feb 24, 2007

If my SQL Server authentication is windows integrated authentication, whenever my application makes a connection to SQL server does it contact the windows active directory domain controller to authenticate the windows user account? How does windows integrated authentication work in the background?

View 9 Replies View Related

Integrated Security From Non-domain Windows 2008

Oct 23, 2007

I am trying to connect as follows:

Server: Windows 2003, SQL 2005, on a domain
Client: Windows 2008 Beta, not on any domain

I created an account with the same user name as the domain user on the client machine. And then I logged in as that user and went to Manage Network Password. I entered the correct domain credentials. Verified that this worked for file shares. However, SQL does not appear to be recognizing this and it tells me:

Login failed for user ''. The user is not associated with a trusted SQL Server connection.


I have verified that this domain account is working properly with SQL when the client is also on the domain.

How can I get this Windows authentication scenario to work where the client is not on the domain and the SQL server is on the domain?

View 5 Replies View Related

Cross Domain Windows Endpoint Authentication?

Feb 13, 2007

Hi There

I have service broker working 100% with an initiator - forwarder - target, all in the same domain using windows authentication on the endpoints, for all instances' the sql server service run under the same domain account, which in turn is granted connect on the various endpoints. This all works 100%

However i have a scenario where the initiator will be in a different trusted domain.

I need to know if i am correct in thinking that the initiator sql server servcie account can run under DomainAsqlservice, the target instance sql server servcie can run under DomainBsqlservice, then on the forwarder i simply grant connect on the forwarder endpoint to both DomainAsqlservice and DomainBsqlservice.

Is this correct, will this work?

Thanx

View 6 Replies View Related

Windows Authentication Fails For Trusted Domain

Nov 16, 2006

Greetings,

One of my users gets the following error when he tries to connect to my SQL Server 2000 database using windows authentication via Query Analyzer:

[Micorsoft][ODBC SQL Server Driver][SQL Server] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection.

Me and the server are located in Colorado and are on the NADomain. User is in London on the EURDomain. The EURDomain has a one way trust to the NADomain to use NADomain resources. I have granted access to the database to the user via Enterpise Manager as EURDomainuserid. All the literature I've read says this should be sufficient to connect but isn't. User can connect with SQL Server authentication. Users on the NADomain in Toronto can connect just fine with Windows Authentication. EURDomain user can access other file server resources in the same building as the SQL Server in Colorado.

SQL Server version is:

Microsoft SQL Server 2000 - 8.00.818 (Intel X86) Standard Edition on Windows NT 5.0 (Build 2195: Service Pack 4)

EURDomain Client ODBC version is 2000.85.1022.00 and MDAC is 2.8.

Any help is greatly appreciated.

View 5 Replies View Related

SQL Server On Windows 2003 Domain Controller

May 17, 2007

I am currently runinng Sql Server 2000 on a Windows 2003 domain controller. I cannot access my local sql server using windows authentication. All i receive is a cannot generate SSPI context error. I understand this is probably related to a security policy issue on the domain controller. Also Sqlserveragent service will not remain running and shutdowns immediately after it is started. This also produces an SSPI context error in the error log. If anyone can help with my configuartion of windows server 2003 such that sql server will recognize a valid sysadmin role for my domain admin account it would be greatly appreciated.

View 1 Replies View Related

How Can I Retrieve Domain Username For Group Login?

May 21, 2007

The title says it all. Given that I have created a login for a domain group, and a database user for that login. What I want to do is retrieving the domain username for the active user. USER_NAME retrieves the database username, suser_name returns (of course) NULL as this is not a sql user.

The goal is to use domain group logins, while still allowing for logging what user performed which action.

View 1 Replies View Related

Domain Group Logins Failing On SQL 2k5 Workgroup

Dec 27, 2006

This question is regarding a brand new out-of-the-box SQL Server 2005 Workgroup Edition install. The old SQL Server 2000 server is working properly with regard to the issue we're having:




We are using Windows Authentication, and have created SQL logins for about


40 different groups on our domain. We've given those logins the appropriate


permissions on the databases they're supposed to be able to access.
The SQL Server is not a domain controller, but is a member of the domain, and domain logins do work for Windows-login purposes on this box.




The problem is that when users try to connect to the SQL server, they are denied access. An error 18456 is thrown, and logged in the Application event log


stating "Login failed for user OURDOMAIN heuser" (example values). The

domain user is properly a member of group added as a login to SQL Server, and we've
confirmed that there are not conflicting permissions that would deny those


users access via another route. These same groups are working fine on the SQL Server 2000 box.




This is only a problem for domain-based groups. If we create a local group


on the SQL server machine, through Computer Management -> Local Users and


Groups, then make the same domain users a member of THAT group, and finally then
follow the same process to add that local group to SQL Server Logins and set


the database privileges, it works!!





Our group memberships change frequently, and are used for a lot more than


just SQL server permissions. So, using local groups and maintaining


membership in both places is not really feasible. Any ideas why a local


machine group containing domain user accounts would work fine, but a domain


group containing the same accounts would not?





Thanks in advance.

View 20 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved