RE: Keeping Domain & SQL Access In Sync
From: Mike Epprecht (SQL MVP) (mike_at_epprecht.net)
Date: 07/19/05
- Previous message: Colette: "Keeping Domain & SQL Access In Sync"
- In reply to: Colette: "Keeping Domain & SQL Access In Sync"
- Next in thread: Colette: "RE: Keeping Domain & SQL Access In Sync"
- Reply: Colette: "RE: Keeping Domain & SQL Access In Sync"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Jul 2005 08:41:03 -0700
Hi
Why don't you rather use Domain Groups?
Give a domain group the correct access, and add the user to the group. A
user can be in multiple groups and when the NT accounts gets added or
removed, there is no maintenance from the DBA side.
Regards
--------------------------------
Mike Epprecht, Microsoft SQL Server MVP
Zurich, Switzerland
MVP Program: http://www.microsoft.com/mvp
Blog: http://www.msmvps.com/epprecht/
"Colette" wrote:
> Does anyone know of a sample script I could get access to that would
> automatically compare disabled/deleted domain accounts to the SQL Security
> Logins and keep them "in sync" without any interaction from the SQL
> administrator? We're wanting to eliminate the need of sending manual
> notifications to the SQL administrator of terminated employees and running
> the sp_denylogin. Instead, we want to just create a script that would go out
> to all of our SQL servers and automatically remove accounts no longer active
> in the domain itself. Does Active Directory provide any tools to do this?
>
> Any help would be greatly appreciated.
>
> Thanks.
>
> Colette
- Previous message: Colette: "Keeping Domain & SQL Access In Sync"
- In reply to: Colette: "Keeping Domain & SQL Access In Sync"
- Next in thread: Colette: "RE: Keeping Domain & SQL Access In Sync"
- Reply: Colette: "RE: Keeping Domain & SQL Access In Sync"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
