How to script conversion of logins

  • Until now we have been using SQL logins for developer access to databases. Now we would like to make use of Active Directory for the same developers. Is there a way convert the existing SQL logins to use Windows Authentication and point to a user account (by the same name) in Active Directory? If this is scriptable it would be great. Any advice you can offer is welcome. Thanks!

  • I don't believe you can do it the way you are thinking but I could be wrong.

    Are you going to mixed-mode authentication?

    It might also be a good time to utilize the groups in Active Directory to make management easier.

    Link that might help:

    http://support.microsoft.com/kb/246133">

    http://support.microsoft.com/kb/246133

  • We're already in mixed mode and thanks for the link. Another option would be to write a script that would get a list of all SQL logins and then create a new login for each which uses Windows Authentication. But just converting them would be best because then we won't have to deal with remapping the users to the new account.

    By the way, I already have a corresponding user account created in the domain for each of the SQL logins that I need to convert and the passwords are synchronized so I don't need to worry about any of that. Any ideas?

  • If you have a standard naming convention for the SQL logins you could run a linkedserver query using ADSI and bring the data into SQL, and then match the SQL login with the Active Directory user.

    From there you could script out all the permissions that the SQL login has and allow access for the AD login and drop the SQL one.

    Even better, create a role that has all the permissions that you need and do the above, just add the users to an AD group as Jason mentioned, and handle everything at that level. If everyone has the same rights it is vastly easier.



    Shamless self promotion - read my blog http://sirsql.net

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply