Security logins don't change

  • We have a W2K domain and we intend to change the naming convention of the accounts and the logon names as well.

    After performing a first check with an existing windows user account, I noticed that the related windows user login name on SQL 2000 W2K3 server remains the same. Why is this happening?

  • Do you mean that you changed the Windows account in AD and the SQL account did not change?

    The SQL accounts are linked by SID, but the name is also stored. I'm not sure that this will change without manual intervention.

    This seems to imply you'd need to alter the login : http://support.microsoft.com/kb/922549

  • Thanks for your reply.

    I just cannot believe that there is no synchronization between SQL and AD.

    It seems very strange to me.

    Manual intervention seems the only way.

    Thanks again

  • Emmanuel -

    What exactly did you do to the windows/AD account? Whether changes are replicated/carried over into SQL server, Exchange, etc. are largely a matter of what changes are made to the AD account and how those changes are made - if AD is able to retain the same SID for the account changes will be reflected in SQL Server, Exchange, etc. but if the changes you're making result in the creation of a new SID/account identified all bets are off.

    Joe

  • Joe,

    As I mentioned before, we even plan to change the logon names of the accounts, which means that the sid will remain the same. We won't create new accounts.

    However, all the test changes we performed so far are not reflected to the SQL server. One way to resolve this, is by changing the sysxlogins table manually.

    Problem seems to be cosmetic but my main concern right now is if all these changes will cause abnormalities to the associated applications.

    Manos

  • I have found that SQL gets a bit confused if you change the name of a Windows login in AD.

    From memory, this is what happened... After changing the account name in AD, the account could log on to SQL OK due to the SIDs stil matching. However, if I wanted to make any changes to the login in SQL Server, the problems started. It seemed that SQL was trying to verify the account name in AD and obviously could not find it. I found I have to remove any renamed login from SQL and re-create it in order for everything to work as it did before the rename.

    Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

    When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply