Active directory and SQL Admin

Question

Post reply

Active directory and SQL Admin

joeroshan

SSChampion

Points: 10377
More actions
September 3, 2009 at 11:13 pm

#214085

Is there a way to create a group in AD and add all DBAs to the group so that they can access all SQL Servers in the domain.
How to do this if possible. Please suggest me any links if available
Thanks
----------------------------------------------------------------------------------------------------------------------------------------------------
Roshan Joe
Jeff Moden -Forum Etiquette: How to post data/code on a forum to get the best help[/url]

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

Sudeepta SSCommitted Points: 1666 More actions · Answer 1

Using Nested Group Membership in AD, you can achieve this objective.

Thanks & Regards,
Sudeepta.
http://twitter.com/skganguly

Schadenfreude-Mei SSChampion Points: 14083 More actions · Answer 2

joeroshan (9/3/2009)
Is there a way to create a group in AD and add all DBAs to the group so that they can access all SQL Servers in the domain.
How to do this if possible. Please suggest me any links if available
Thanks

The best way is to do it via GPO (global policy). You would need to have all sql servers in a computer OU (like 'sql servers'), then you would set GPO to set the dba's group as local admin on those servers. Since local admins get SysAdmins sql that would sort it so you wopuldnt have to set permissions manually (you would automatically have local admin and therefore sysadmin, to any new sql server.

Or manually you would just register your AD group as SysAdmin (or whatever you need).

Adam Zacks-------------------------------------------Be Nice, Or Leave

Sudeepta SSCommitted Points: 1666 More actions · Answer 3

The best way is to do it via GPO (global policy).

You need to achieve this through nested group membership. Create a group (Security, Domain Local) in AD, and add all the DBAs in your domain. This group will be used to provide access to the DBAs in the domain. Add DBA group as a sysadmin in your SQL Server.

Create another group with same context, say SQL remote Admin. Add this group to each servers manually as a remote desktop user, and admintrators. Add DBA group as a member of SQL Remote Admin group.

Now, all members of DBA group will have admin rights on all SQL Servers.

Group policy is applicable to OUs, but not to User groups.

Thanks & Regards,
Sudeepta.
http://twitter.com/skganguly

T2000 SSC Eights! Points: 894 More actions · Answer 4

Create another group with same context, say SQL remote Admin. Add this group to each servers manually as a remote desktop user, and admintrators. Add DBA group as a member of SQL Remote Admin group.

... then you could as wel add the created DB Group to each server manually or did I miss something?