Error 15401 adding login to SQL Server

dbwmn2001_at_yahoo.com
Date: 03/23/05

  • Next message: Chris Weber [Security MVP]: "Re: Web and SQL Security"
    Date: 23 Mar 2005 10:00:29 -0800
    
    

    I have a SAP Server running SQL2000 on Windows 2003.
    Recently I migrated the server from a NT4 Domain to a AD Domain using
    ADMT (with SID Migration for users) and everything seems ok.
    Now, after one month, I have to shut down the old NT4 domain and before
    doing it I have to replace the old logins in SQL with the correspondent
    users in the new domain.
    I applied a script which returned Error 15401: Windows NT user or group
    NEWDOM\User not found. Check the name again.

    I checked the KB article 324321
    http://support.microsoft.com/default.aspx?scid=kb;en-us;324321
    I applied the suggestion to verify if
    SELECT name FROM sysxlogins WHERE sid = SUSER_SID 'NEWDOM\User')
    returns a row, but this is not happening.

    Then I tried to create the new login from the Enterprise Manager. So I
    browse for the user and I'm able to find it (It exists! It's the same
    user I use to login on the server) but when I apply the changes I get
    the same 15401 Error.

    So it seems that the KB article is not useful because:

    1) There is no duplicate security identifier
    2) It's not an authentication failure because I can login and browse
    the AD. Also if I choose another AD user it works!
    3) I don't think it's a case sensitivity problem because it happens
    also from EM. By the way, I verified the SAMAccountName AD property of
    the user and the name is all UpperCase.

    I checked lots of posts dealing with this matter but they don't seem to
    apply.

    Any help would be greatly appreciated

    Thanks
      Dave


  • Next message: Chris Weber [Security MVP]: "Re: Web and SQL Security"

    Relevant Pages

    • Re: ASP.NET User.Identity.Name value after a domain username chang
      ... Can you point me to any resources I can use about getting the SID of the ... WebRequest user without using the username as the base of a lookup (since I ... access a website on the server. ... I have a very confusing issue when the domain login of a user is changed ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: SQL User SID format?
      ... When you move databases to another server, you can remap users to logins ... capability to remap a user to a login with new ALTER USER syntax - I ... The new ALTER USER syntax works for remapping both SQL and Windows ... this means you already have access to a SID from the syslogins catalog; ...
      (microsoft.public.sqlserver.security)
    • Re: create new login
      ... LOGIN to change the SID, but>unfortunately, ... created a new ID for the application to use on the QA SQL server. ... it's also possible to use one of ALTER USER and ALTER ...
      (microsoft.public.sqlserver.security)
    • Re: Shared folders in a different domain
      ... The only error I get is when I try to login from the Domain2 server using ... When I go into the share permissions I see a SID where the Domain 1 group ... indication of connectivity issues, ...
      (microsoft.public.windows.server.general)
    • Re: Converting User SIDS from SQL 2000 to SQL 2005
      ... server, ... DECLARE @charvalue varchar ... SELECT sid, name, xstatus, password FROM master..sysxlogins ... BEGIN -- NT login is denied access ...
      (microsoft.public.sqlserver.security)