February 9, 2011 at 7:46 pm
Hello, I see a few posts on this [moving SQL 2008 from one domain to another] but am unsure on the easiest way to do this.
SQL 2008 STD (includes SSIS Packages)
Mixed Authentication
I know when the server is started for the first time the SQL Services will not start so I will have to go to SQL Configuration Manager and change the Service Accounts to accounts in the new domain.
What I am unclear on is the best way to handle the many Windows groups / user logins i.e [olddomain\bhope] that exist in the system.
I have confirmed the SIDS for the new domain accounts will be different so I don't think I can just "ALTER LOGIN" to rename them to the new domain.
Do I:
Script out all existing Windows logins
Change domains
Drop existing logins
Replace the domain name in the script and then create the new logins???
With the new SIDS will I just have to run something like "sp_change_users_login" to re-sync the databases users to the new Windows Accounts??
Any pointers would be appreciated...thanks
February 9, 2011 at 8:32 pm
What I am unclear on is the best way to handle the many Windows groups / user logins i.e [olddomain\bhope] that exist in the system.
Windows account you have to create at domain level and then need to configure in sql server. If the account already exists in domain then you just need to transfer the logins.
How to transfer the logins with their password and SID....please follow this link:- http://support.microsoft.com/kb/918992
PS:- Password will be transferred only for SQL login. Why not for windows? I am sure you know the reason.
----------
Ashish
February 10, 2011 at 12:39 am
thanks for the reply, where I am missing something is according the the Network admin the Windows accounts are going to be newly created on the new domain thus having different SIDS?
EXEC sp_help_revlogin" give me something like "CREATE LOGIN [domain\DBA] FROM WINDOWS WITH DEFAULT_DATABASE = [master]"
I can use these to create the new logins.
SQL accounts should be unaffected by the domain change so I assume because I can't have two accounts of the same name I would have to remove all existing logins and run the generated script (replacing the old domain with the new domain) ???
but I am still a bit unclear on whether sp_change_users_login would automatically map the new accounts (with the same name) to the existing database mappings -- or would all these have to be previously scripting and re-created?
thanks
February 10, 2011 at 1:31 am
it will be different SIDs for windows account which you will create in new domain
----------
Ashish
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply