January 6, 2005 at 12:40 pm
We are migrating from the existing AD to a new AD and because of that all the network accounts has to be updated, but keeping the rights the users have on the specific SQL Servers/databases. Something like olddomain\user to newdomain\user.
Our environment consist on SQL Server 6.5/7.0/2000 servers on NT 4.0 and Win 2000 servers.
Until now I have two solutions, the manual one, and the one that use the sp_sidmap but require the databases to be set offline so the server old logins can be deleted before adding the new network logins, without deleting their database access.
Both solutions are not the optimum in my case because first one takes too much time and the second one, because we are doing the migration in multiple steps will require the databases to be offline too many times.
Have anyone experience with this, is there somewhere a script that can remap the database users to the new domain accounts?
Greatly appreciate any help
January 6, 2005 at 10:54 pm
Could you not script out the permissions from the databases, and just do find-and-replace changing olddomain\ to newdomain\ ?
Ideally, if you are using local machine groups, which have domain members in it, then you would just have to add the new domain members to the local machine groups. No updates to SQL Server permissions required.
If you are going to have to replace/remap all the users anyway, you may want to think of saving some hassle for next time.
Julian Kuiters
juliankuiters.id.au
January 7, 2005 at 7:18 am
We're doing a side-by-side as well. In our case we're going to script the changes as we're also looking to clean-up a bit the security model wherever we can. It'll also allow us to roll the script through the dev/qa environments first and tweak the scripts, if needed.
K. Brian Kelley
@kbriankelley
January 7, 2005 at 9:06 am
Thank you very much for your help, I don't know how I didn't think at it.
Ionel
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply