Re: NT > 2003 domain name changes
anonymous_at_discussions.microsoft.com
Date: 10/21/03
- Next message: hrhoe: "Service Account for xp_cmdshell & osql"
- Previous message: John Bell: "Re: NT > 2003 domain name changes"
- In reply to: John Bell: "Re: NT > 2003 domain name changes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Oct 2003 08:09:16 -0700
Access is already predominantly controlled via NT groups,
rather than users. Unfortunately, there's quite a lot of
them!
>-----Original Message-----
>Hi
>
>As Ryan has already suggested using groups will simplfy
this process
>significantly.
>
>John
>
>"njc" <anonymous@discussions.microsoft.com> wrote in
message
>news:0ac301c397b2$13987fc0$a101280a@phx.gbl...
>> Hi there!
>>
>> Of course I have!! I've read just about everything I
can
>> get hold of about this ;-)
>>
>> Can't use the DTS option as it doesn't retain the SID, I
>> would have to use sp_help_revlogins and modify the
script
>> output to reflect the domain name change.
>>
>> This would leave me with a procedure that goes something
>> like
>>
>> -restore database to SQL2K
>> -use sp_help_revlogins to generate a list of logins from
>> the SQL7 server.
>> -with the resulting script output:
>> - cut out logins that do not apply to the database at
hand
>> - search and replace OldDomainName with NewDomainName.
>> -run script on target server
>>
>> I should have ended up with database users and logins
that
>> are the same, retain the correct permissions, have the
>> correct domain name stored in SQL server, and retain the
>> original SID.
>>
>> At the moment I *think* this is the only way to do it -
>> but I'm convinced that someone out there has discovered
a
>> less protracted method of doing it!!!
>>
>>
>>
>> >-----Original Message-----
>> >Hi
>> >
>> >Have you read
>> >http://support.microsoft.com/default.aspx?kbid=246133#4
>> >
>> >John
>> ><anonymous@discussions.microsoft.com> wrote in message
>> >news:073101c397a8$76d757f0$a601280a@phx.gbl...
>> >> The SIDS are migrating from one DC to another (new)
>> one -
>> >> sidhistories is being used within the migration to AD
>> >> to "piggy back" the old SID on the new.
>> >>
>> >> The SQL Servers are moving from SQL7 to SQL2K as
well as
>> >> moving physical machine.
>> >>
>> >> Basically, I want to take x number of databases that
use
>> >> windows authentication over to a new sql server on a
new
>> >> domain which house the old users & groups, using the
>> same
>> >> SIDS.
>> >>
>> >> Within SQL Server, I need the the windows logins
>> >> OLDDOMAIN\Group to be replaced by NEWDOMAIN\Group,
>> whilst
>> >> maintaining the same SIDs and permissions so that
user
>> >> access is not disrupted.
>> >>
>> >> hmm.
>> >>
>> >> Am I over complicating things this?
>> >>
>> >> (thanks for your help to date btw, although I'm still
>> not
>> >> 100% sure about the required solution, it's certainly
>> >> focussing my thoughts!! :-)
>> >>
>> >>
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >Ooops, I read a bit further - if the sids are
staying
>> the
>> >> same on the DC,
>> >> >then no action is required on your part.
>> >> >
>> >> >
>> >> >--
>> >> >Kevin Connell, MCDBA
>> >> >--------------------------------------------------
>> >> >The views expressed here are my own
>> >> >and not of my employer.
>> >> >----------------------------------------------------
>> >> >"Kevin" <ReplyTo@Newsgroups.only> wrote in message
>> >> >news:uMdpCV0lDHA.2068@TK2MSFTNGP09.phx.gbl...
>> >> >> nope, the sid of the login is the sid on the DC.
It
>> >> updates the sid in
>> >> >> sysusers with the sid from syslogins.
>> >> >>
>> >> >>
>> >> >> --
>> >> >> Kevin Connell, MCDBA
>> >> >> --------------------------------------------------
>> >> >> The views expressed here are my own
>> >> >> and not of my employer.
>> >> >> --------------------------------------------------
-- >> >> >> "njc" <anonymous@discussions.microsoft.com> wrote in >> >> message >> >> >> news:063c01c39717$239b7b20$a001280a@phx.gbl... >> >> >> > >> >> >> > I already thought of that one, but my >> understanding of >> >> >> > sp_change_users_login is that it changes the SID of >> >> the >> >> >> > login to the SID of the user, which means I lose >> the >> >> >> > original SID. >> >> >> > >> >> >> > Our NT > AD migration will retain the same user & >> >> group >> >> >> > SIDS. I also understand that SQL Server holds the >> >> >> > domain/username data locally for the purpose of >> >> >> > performance (e.g. when system_user is called it >> >> doesn't >> >> >> > need to make a call to the domain controller to get >> >> the >> >> >> > username), and that all authentication is achieved >> >> using >> >> >> > SID only. >> >> >> > >> >> >> > Thus whatever solution I deliver must restore the >> >> logins >> >> >> > linked to the users, with the same SIDs as before, >> >> >> > otherwise windows authentication won't work - have >> I >> >> got >> >> >> > this right? >> >> >> > >> >> >> > >> >> >> > >> >> >> > >-----Original Message----- >> >> >> > >You'll need to drop the old logins, add the new >> >> ones, and >> >> >> > then us >> >> >> > >sp_change_users_login for each login/user >> >> combination. >> >> >> > > >> >> >> > >-- >> >> >> > >Kevin Connell, MCDBA >> >> >> > >----------------------------------------------- --- >> >> >> > >The views expressed here are my own >> >> >> > >and not of my employer. >> >> >> > >----------------------------------------------- --- >> -- >> >> >> > >"NJC" <anonymous@discussions.microsoft.com> wrote >> in >> >> >> > message >> >> >> > >news:092b01c39704$510521a0$a101280a@phx.gbl... >> >> >> > >> Hi >> >> >> > >> >> >> >> > >> We are migrating our infrastructure from NT > >> 2003 >> >> >> > >> Server. The domain name will change as part of >> >> this >> >> >> > >> process. Additionally, our SQL Server databases >> >> will >> >> >> > move >> >> >> > >> to a new machine at the same time. >> >> >> > >> >> >> >> > >> When I restore the database to 2003/SQL 2000 >> >> (having >> >> >> > >> backed it up from NT\SQL7), how do I change the >> >> database >> >> >> > >> logins from OldDomain\Username to >> >> NewDomain\username >> >> >> > >> without dumping the logins and recreating them. >> >> >> > >> >> >> >> > >> Help! >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> > > >> >> >> > > >> >> >> > >. >> >> >> > > >> >> >> >> >> >> >> >> > >> >> > >> >> >. >> >> > >> > >> > >> >. >> > > > >. >
- Next message: hrhoe: "Service Account for xp_cmdshell & osql"
- Previous message: John Bell: "Re: NT > 2003 domain name changes"
- In reply to: John Bell: "Re: NT > 2003 domain name changes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
