Determine trusted login GROUP of specific user

Question

Determine trusted login GROUP of specific user

dcwilson2009

SSC-Addicted

Points: 479
More actions
June 5, 2017 at 12:08 pm

#330856

I know how to get the login name (ie: TheDomain\SpecificLogin1,TheDomain\SpecificLogin2, etc.), but with Active Directory, these SpecificLogins are assigned to a GROUP, so the logins on the server maybe TheDomain\LoginOperatorsGroup, TheDomain\LoginDevelopersGroup, etc.
How can I retrieve this GROUP name? Obviously, they came through one of them, so I wanted to see which one. I actually wanted to clone one of the login's permissions, rights, and roles, etc. and modify them, but I am not sure which one.

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply

Sue_H SSC Guru Points: 90860 More actions · Answer 1

dcwilson2009 - Monday, June 5, 2017 12:08 PM
I know how to get the login name (ie: TheDomain\SpecificLogin1,TheDomain\SpecificLogin2, etc.), but with Active Directory, these SpecificLogins are assigned to a GROUP, so the logins on the server maybe TheDomain\LoginOperatorsGroup, TheDomain\LoginDevelopersGroup, etc.
How can I retrieve this GROUP name? Obviously, they came through one of them, so I wanted to see which one. I actually wanted to clone one of the login's permissions, rights, and roles, etc. and modify them, but I am not sure which one.

I think what you may be looking for is the permission path that is returned with xp_logininfo. Try something like the following and check the permission path:
EXEC master..xp_logininfo 'Domain\UserName'

Sue

dcwilson2009 SSC-Addicted Points: 479 More actions · Answer 2

Sue_H - Monday, June 5, 2017 12:40 PM
dcwilson2009 - Monday, June 5, 2017 12:08 PM
I know how to get the login name (ie: TheDomain\SpecificLogin1,TheDomain\SpecificLogin2, etc.), but with Active Directory, these SpecificLogins are assigned to a GROUP, so the logins on the server maybe TheDomain\LoginOperatorsGroup, TheDomain\LoginDevelopersGroup, etc.
How can I retrieve this GROUP name? Obviously, they came through one of them, so I wanted to see which one. I actually wanted to clone one of the login's permissions, rights, and roles, etc. and modify them, but I am not sure which one.
I think what you may be looking for is the permission path that is returned with xp_logininfo. Try something like the following and check the permission path:
EXEC master..xp_logininfo 'Domain\UserName'
Sue

That was it! Thank you!