Re: Domain Migration and Logins

From: Bala Neerumalla[MSFT] (balnee@online.microsoft.com)
Date: 03/15/03

• Next message: Bala Neerumalla[MSFT]: "Re: Windows authentication failed on SQL2000 +NT4"
• Previous message: Bala Neerumalla[MSFT]: "Re: Login failed for user '(null)'"
• In reply to: BVB: "Domain Migration and Logins"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Bala Neerumalla[MSFT]" <balnee@online.microsoft.com>
Date: Fri, 14 Mar 2003 22:12:13 -0800

I dont know how migration works, but my guess is that the new account
domain2\DBAUser has the same SID as the old user account domain1\DBAUser.
When you have migrated the user accounts, it only effects the AD. Your SQL
server doesnt know anything about this and it has the static information
stored in its DB (like login name and its corresponding SID). So when user
domain2\DBAUser tries to login SQL Server verifies the SID and lets him in.

I didnt understand your last part "Current Activity tab on SQL Server 7.0
installation". Can you elaborate a bit on this?

Thanks,
Bala.

"BVB" <vladdie@voynospamager.net> wrote in message
news:OI1sYwc3CHA.1896@TK2MSFTNGP10.phx.gbl...
> Greetings,
> Here's the situation, two domains, domain1 NT4, domain 2 ActiveDirectory.
> One SQLServer7 box in domain1. SQLServer Security set to mixed mode.
>
> DBA NT user account in domain 1 (domain1\DBAUser )has system administrator
> access and no problems connecting. DBA User account is migrated to domain
2
> (Active Directory). domain1\DBAUser becomes domain2\DBAUser. Enterprise
> manager security tab shows domain1\DBAUser as authorized and priveleged.
> domain2\DBAUser does Not show up in security tab, yet has full access as
> assigned to domain1\DBAUser and domain2\DBAUser shows up in the Current
> Activity tab on SQLServer7.0 installation.
>
> How did this happen? Is it a security risk? I'm really curious and
> concerned.
>
> TIA
> BVB
>
>

---

• Next message: Bala Neerumalla[MSFT]: "Re: Windows authentication failed on SQL2000 +NT4"
• Previous message: Bala Neerumalla[MSFT]: "Re: Login failed for user '(null)'"
• In reply to: BVB: "Domain Migration and Logins"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Data migration without trusts ... Each user account has a unique SID, and the NTFS authorization is based ... which mainly consists of SID ... not their SIDs directly when viewing the NTFS permissions? ... In addition, as for user profile, the USFT (User State Migration Tool) is ... (microsoft.public.windows.server.migration) RE: How to use ADMT3? ... we will use it to assign sid to all the folders ... since the email only need the user account ... resource domain migration to Windows Server 2003 ... (microsoft.public.windows.server.migration) Re: NTFS File Encryption Question ... I am certainly no expert on EFS and the XP implementation, ... know it is tied to the SID of the user account in question. ... >>>What do I need to do to be able to access these files on my laptop? ... (microsoft.public.windowsxp.general) RE: ADMT Question / Migration Question ... >we need to touch the clients too in the same row? ... It is recommended to perform the migration in the following order: ... is the old user account left in the NT4 Domain or do ... >c.) read the ADMT white paper, but still not sure: ... (microsoft.public.windows.server.migration) RE: NT4 domain password migration to 2003 AD domain ... allow non complex password in order to migrate user accounts from NT4 ... When you migrate from NT4 to 2003, in User Account Migration Winzard, there ... NT4 domain password migration to 2003 AD domain ... (microsoft.public.windows.server.migration)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)