Re: Active Directory SQL integration

From: Steve Thompson (stevethompson_at_nomail.please)
Date: 12/20/04 

Date: Mon, 20 Dec 2004 10:52:38 -0500

Have you seen:

http://support.microsoft.com/default.aspx?scid=kb;en-us;246133

I believe you could use the stored procedure to migrate the "old" AD
accounts to the new ones. In concept refreshing AD accounts is similar to
migrating databases between servers.

Steve

"tw-Nashville" <twNashville@discussions.microsoft.com> wrote in message
news:C9CD31C7-83AE-4CE6-814C-0C62ADE6B1DE@microsoft.com...
> Our infrastructure group is changing all account names in Active
Directory.
> For purposes of example in this post, an account named MyDomain\oldAccount
> would change to MyDomain\newAccount. However, in SQL Server's
> master..sysxlogins table, the name column continues to contain their old
AD
> login (MyDomain\oldAccount). The user, by using MyDomain\newAccount,
will
> continue to be able to login to SQL Server, because his/her SID has not
> changed. If the user has rights to be able to create objects, he/she can
> create new objects, but they will have the old account
(MyDomain\oldAccount)
> name on them in the database.
>
> My problem is this. As users come and go, I need to be able to determine
> whether a SQL Server user is valid. More importantly, we remove any
objects
> those old users created, as they are no longer needed. Also, if a user
> calls with access problems, I need to be able to reliably identify how
they
> get to SQL Server.
>
> Once the account has been changed, AD will no longer recognize
> MyDomain\oldAccount, so they look like invalid users if I try to find
them.
>
> So here are the bottom-line questions:
> 1. How do I use the SID in SQL Server to find an account in AD?
> 2. How do I change the name on the sysxlogins table and all sysusers
tables
> in the various databases to which the user has access?
>
> Thank you in advance for your assistance,
>
> tw

Relevant Pages

  • Re: Joining tables from two databases
    ... Hitchhiker's Guide to Visual Studio and SQL Server ... account with rights to both tables. ... to create a connection I need to use a connection ... Are these 2 databases are SQL Server? ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Databases connections not working more with all web sites
    ... First check for permission problems. ... account for one of the sites with a problem to an account with administrator ... > Databases connections, both, for MS SQL Server 2000 and MS Access ...
    (microsoft.public.inetserver.asp.db)
  • Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
    (microsoft.public.sqlserver.security)
  • Re: Joining tables from two databases
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... Hitchhiker's Guide to Visual Studio and SQL Server ... I'm not really following how you are solving it using a service account. ... Are these 2 databases are SQL Server? ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: public role???
    ... The guest user account cannot be removed from ... > databases, but not ... then that's the way SQL Server ...
    (microsoft.public.sqlserver.security)