March 10, 2020 at 6:17 pm
This script will find users in a database that don't have an exact match for login based on SID, but I think it overstates the number of orphans because if a windows authenticated user has access to a database through an active directory group, then that group will have a different SID than the user. If you drop that user then they loose any permissions that were applied to them directly instead of to the group. It may be an edge case, but I know it exists where I work.
March 12, 2020 at 12:38 am
Chris great catch. Thank you. Yes I would use caution where the UserType is WINDOWS_LOGIN. I will publish a script soon to be used in conjunction with this one. It uses sys.xp_logininfo to "Select Group Members from Logins."
March 13, 2020 at 3:48 pm
Comments posted to this topic are about the item Orphaned Users Search and Destroy
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply