Re: NT > 2003 domain name changes
From: njc (anonymous_at_discussions.microsoft.com)
Date: 10/21/03
- Next message: jilly: "Re-Registering remote servers after password is changed"
- Previous message: John Bell: "Re: NT > 2003 domain name changes"
- In reply to: John Bell: "Re: NT > 2003 domain name changes"
- Next in thread: John Bell: "Re: NT > 2003 domain name changes"
- Reply: John Bell: "Re: NT > 2003 domain name changes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Oct 2003 02:02:38 -0700
Hi there!
Of course I have!! I've read just about everything I can
get hold of about this ;-)
Can't use the DTS option as it doesn't retain the SID, I
would have to use sp_help_revlogins and modify the script
output to reflect the domain name change.
This would leave me with a procedure that goes something
like
-restore database to SQL2K
-use sp_help_revlogins to generate a list of logins from
the SQL7 server.
-with the resulting script output:
- cut out logins that do not apply to the database at hand
- search and replace OldDomainName with NewDomainName.
-run script on target server
I should have ended up with database users and logins that
are the same, retain the correct permissions, have the
correct domain name stored in SQL server, and retain the
original SID.
At the moment I *think* this is the only way to do it -
but I'm convinced that someone out there has discovered a
less protracted method of doing it!!!
>-----Original Message-----
>Hi
>
>Have you read
>http://support.microsoft.com/default.aspx?kbid=246133#4
>
>John
><anonymous@discussions.microsoft.com> wrote in message
>news:073101c397a8$76d757f0$a601280a@phx.gbl...
>> The SIDS are migrating from one DC to another (new)
one -
>> sidhistories is being used within the migration to AD
>> to "piggy back" the old SID on the new.
>>
>> The SQL Servers are moving from SQL7 to SQL2K as well as
>> moving physical machine.
>>
>> Basically, I want to take x number of databases that use
>> windows authentication over to a new sql server on a new
>> domain which house the old users & groups, using the
same
>> SIDS.
>>
>> Within SQL Server, I need the the windows logins
>> OLDDOMAIN\Group to be replaced by NEWDOMAIN\Group,
whilst
>> maintaining the same SIDs and permissions so that user
>> access is not disrupted.
>>
>> hmm.
>>
>> Am I over complicating things this?
>>
>> (thanks for your help to date btw, although I'm still
not
>> 100% sure about the required solution, it's certainly
>> focussing my thoughts!! :-)
>>
>>
>>
>>
>> >-----Original Message-----
>> >Ooops, I read a bit further - if the sids are staying
the
>> same on the DC,
>> >then no action is required on your part.
>> >
>> >
>> >--
>> >Kevin Connell, MCDBA
>> >--------------------------------------------------
>> >The views expressed here are my own
>> >and not of my employer.
>> >----------------------------------------------------
>> >"Kevin" <ReplyTo@Newsgroups.only> wrote in message
>> >news:uMdpCV0lDHA.2068@TK2MSFTNGP09.phx.gbl...
>> >> nope, the sid of the login is the sid on the DC. It
>> updates the sid in
>> >> sysusers with the sid from syslogins.
>> >>
>> >>
>> >> --
>> >> Kevin Connell, MCDBA
>> >> --------------------------------------------------
>> >> The views expressed here are my own
>> >> and not of my employer.
>> >> ----------------------------------------------------
>> >> "njc" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >> news:063c01c39717$239b7b20$a001280a@phx.gbl...
>> >> >
>> >> > I already thought of that one, but my
understanding of
>> >> > sp_change_users_login is that it changes the SID of
>> the
>> >> > login to the SID of the user, which means I lose
the
>> >> > original SID.
>> >> >
>> >> > Our NT > AD migration will retain the same user &
>> group
>> >> > SIDS. I also understand that SQL Server holds the
>> >> > domain/username data locally for the purpose of
>> >> > performance (e.g. when system_user is called it
>> doesn't
>> >> > need to make a call to the domain controller to get
>> the
>> >> > username), and that all authentication is achieved
>> using
>> >> > SID only.
>> >> >
>> >> > Thus whatever solution I deliver must restore the
>> logins
>> >> > linked to the users, with the same SIDs as before,
>> >> > otherwise windows authentication won't work - have
I
>> got
>> >> > this right?
>> >> >
>> >> >
>> >> >
>> >> > >-----Original Message-----
>> >> > >You'll need to drop the old logins, add the new
>> ones, and
>> >> > then us
>> >> > >sp_change_users_login for each login/user
>> combination.
>> >> > >
>> >> > >--
>> >> > >Kevin Connell, MCDBA
>> >> > >--------------------------------------------------
>> >> > >The views expressed here are my own
>> >> > >and not of my employer.
>> >> > >--------------------------------------------------
-- >> >> > >"NJC" <anonymous@discussions.microsoft.com> wrote in >> >> > message >> >> > >news:092b01c39704$510521a0$a101280a@phx.gbl... >> >> > >> Hi >> >> > >> >> >> > >> We are migrating our infrastructure from NT > 2003 >> >> > >> Server. The domain name will change as part of >> this >> >> > >> process. Additionally, our SQL Server databases >> will >> >> > move >> >> > >> to a new machine at the same time. >> >> > >> >> >> > >> When I restore the database to 2003/SQL 2000 >> (having >> >> > >> backed it up from NT\SQL7), how do I change the >> database >> >> > >> logins from OldDomain\Username to >> NewDomain\username >> >> > >> without dumping the logins and recreating them. >> >> > >> >> >> > >> Help! >> >> > >> >> >> > >> >> >> > >> >> >> > > >> >> > > >> >> > >. >> >> > > >> >> >> >> >> > >> > >> >. >> > > > >. >
- Next message: jilly: "Re-Registering remote servers after password is changed"
- Previous message: John Bell: "Re: NT > 2003 domain name changes"
- In reply to: John Bell: "Re: NT > 2003 domain name changes"
- Next in thread: John Bell: "Re: NT > 2003 domain name changes"
- Reply: John Bell: "Re: NT > 2003 domain name changes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
