June 23, 2021 at 12:00 am
Comments posted to this topic are about the item Finding the Group
June 23, 2021 at 3:20 pm
If your enterprise has multiple domains and the user or group domain is different from the server domain then xp_logininfo may not be able to provide any information on that user or group. For example, we have server in Domain A and group DomainA\ADgroup. Inside that group are members DomainB\Member1 and DomainB\Member2. xp_logininfo can list the DomainB members in DomainA\ADgroup. And those members have access. But if I use xp_logininfo with login DomainB\Member1 I get error "Could not obtain information about Windows NT group/user".
June 23, 2021 at 4:55 pm
I think the answer could use a bit of clarification. This only works if the group is assigned a login in SQL Server.
Also, re: "A caveat here is that the first group granted access to SQL Server is returned unless the ALL value is used for the @privilege parameter." If the AD user account has an explicit login as well, that will be the first/only row returned, and permission path will be NULL.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply