Post reply

SQL 2008 R2 logins

  • May 18, 2011 at 11:54 am

    #240424

    I restored a sql 2005 dB to sql 2008 R2 and after the restore was done I now have all the users from the 2005 dB in sysusers and none of them exist in the syslogins table.

    sp_change_users_login does not work to fix this issue since all of the orphaned users are windows users.

    I have not been able to find an easy way to fix this yet. I read that the best way is to delete the login and recreate it. I'd rather not mess with that, but if it is the only way then I'll move forward.

    Any help would be appreciated and thank you much in advance.

  • May 18, 2011 at 12:03 pm

    #1326693

    on the SQL2005 server, you'll want to download and use Microsofts sp_help_rev_login, which scripts out the logins on the other server.

    then run the results on the 2008 server.

    once the windows login exists in the master db , you should be all set for the users that are already in the resotred db's; they should work after that.

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • May 18, 2011 at 2:13 pm

    #1326772

    I found that and tried it - no such luck. http://support.microsoft.com/kb/918992

    master..sysxlogins does not exist - syslogins does of course, but the scripts as is does not work.

    What I did find out though is this.

    - When the dB was restored the schema was set to the user name.

    - I tried to add the user to the master right after and it did not work.

    - I changed the schema to dbo

    - Forgot to check if I could add the users at this point

    - I can now add users to master and they automatically link to the correct dB.

    Thanks for the help 🙂

  • May 18, 2011 at 2:18 pm

    #1326774

    there are like three different versions of sp_help_rev_login...one for 2000, and two others for 2005/2008 i believe.

    you have to use the one specific to what you are exporting from.

    this is the version I have for 2005, and it works fine when i tested it:

    USE master

    GO

    IF OBJECT_ID ('sp_hexadecimal') IS NOT NULL

    DROP PROCEDURE sp_hexadecimal

    GO

    CREATE PROCEDURE sp_hexadecimal

    @binvalue varbinary(256),

    @hexvalue varchar (514) OUTPUT

    AS

    DECLARE @charvalue varchar (514)

    DECLARE @i int

    DECLARE @length int

    DECLARE @hexstring char(16)

    SELECT @charvalue = '0x'

    SELECT @i = 1

    SELECT @length = DATALENGTH (@binvalue)

    SELECT @hexstring = '0123456789ABCDEF'

    WHILE (@i <= @length)

    BEGIN

    DECLARE @tempint int

    DECLARE @firstint int

    DECLARE @secondint int

    SELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1))

    SELECT @firstint = FLOOR(@tempint/16)

    SELECT @secondint = @tempint - (@firstint*16)

    SELECT @charvalue = @charvalue +

    SUBSTRING(@hexstring, @firstint+1, 1) +

    SUBSTRING(@hexstring, @secondint+1, 1)

    SELECT @i = @i + 1

    END

    SELECT @hexvalue = @charvalue

    GO

    IF OBJECT_ID ('sp_help_revlogin') IS NOT NULL

    DROP PROCEDURE sp_help_revlogin

    GO

    CREATE PROCEDURE sp_help_revlogin @login_name sysname = NULL AS

    DECLARE @name sysname

    DECLARE @type varchar (1)

    DECLARE @hasaccess int

    DECLARE @denylogin int

    DECLARE @is_disabled int

    DECLARE @PWD_varbinary varbinary (256)

    DECLARE @PWD_string varchar (514)

    DECLARE @SID_varbinary varbinary (85)

    DECLARE @SID_string varchar (514)

    DECLARE @tmpstr varchar (1024)

    DECLARE @is_policy_checked varchar (3)

    DECLARE @is_expiration_checked varchar (3)

    IF (@login_name IS NULL)

    DECLARE login_curs CURSOR FOR

    SELECT p.sid, p.name, p.type, p.is_disabled, l.hasaccess, l.denylogin

    FROM sys.server_principals p LEFT JOIN sys.syslogins l ON ( l.name = p.name )

    WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name <> 'sa'

    ELSE

    DECLARE login_curs CURSOR FOR

    SELECT p.sid, p.name, p.type, p.is_disabled, l.hasaccess, l.denylogin

    FROM sys.server_principals p LEFT JOIN sys.syslogins l ON ( l.name = p.name )

    WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name = @login_name

    OPEN login_curs

    FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @hasaccess, @denylogin

    IF (@@fetch_status = -1)

    BEGIN

    PRINT 'No login(s) found.'

    CLOSE login_curs

    DEALLOCATE login_curs

    RETURN -1

    END

    SET @tmpstr = '/* sp_help_revlogin script '

    PRINT @tmpstr

    SET @tmpstr = '** Generated ' + CONVERT (varchar, GETDATE()) + ' on ' + @@SERVERNAME + ' */'

    PRINT @tmpstr

    PRINT ''

    WHILE (@@fetch_status <> -1)

    BEGIN

    IF (@@fetch_status <> -2)

    BEGIN

    PRINT ''

    SET @tmpstr = '-- Login: ' + @name

    PRINT @tmpstr

    IF (@type IN ( 'G', 'U'))

    BEGIN -- NT authenticated account/group

    SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name ) + ' FROM WINDOWS'

    END

    ELSE BEGIN -- SQL Server authentication

    -- obtain password and sid

    SET @PWD_varbinary = CAST( LOGINPROPERTY( @name, 'PasswordHash' ) AS varbinary (256) )

    EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUT

    EXEC sp_hexadecimal @SID_varbinary, @SID_string OUT

    -- obtain password policy state

    SELECT @is_policy_checked =

    CASE is_policy_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END

    FROM sys.sql_logins WHERE name = @name

    SELECT @is_expiration_checked =

    CASE is_expiration_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END

    FROM sys.sql_logins WHERE name = @name

    SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name )

    + ' WITH PASSWORD = ' + @PWD_string

    + ' HASHED, SID = ' + @SID_string

    IF ( @is_policy_checked IS NOT NULL )

    BEGIN

    SET @tmpstr = @tmpstr + ', CHECK_POLICY = ' + @is_policy_checked

    END

    IF ( @is_expiration_checked IS NOT NULL )

    BEGIN

    SET @tmpstr = @tmpstr + ', CHECK_EXPIRATION = ' + @is_expiration_checked

    END

    END

    IF (@denylogin = 1)

    BEGIN -- login is denied access

    SET @tmpstr = @tmpstr + '; DENY CONNECT SQL TO ' + QUOTENAME( @name )

    END

    ELSE IF (@hasaccess = 0)

    BEGIN -- login has exists but does not have access

    SET @tmpstr = @tmpstr + '; REVOKE CONNECT SQL TO ' + QUOTENAME( @name )

    END

    IF (@is_disabled = 1)

    BEGIN -- login is disabled

    SET @tmpstr = @tmpstr + '; ALTER LOGIN ' + QUOTENAME( @name ) + ' DISABLE'

    END

    PRINT @tmpstr

    END

    FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @hasaccess, @denylogin

    END

    CLOSE login_curs

    DEALLOCATE login_curs

    RETURN 0

    GO

    sp_help_revlogin

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • May 18, 2011 at 2:22 pm

    #1326778

    Ok, Thanks. I'll tuck that one away for future use.

  • November 6, 2015 at 10:16 am

    #1838288

    Thanks a lot ... :-D:-):-D:-):-D

    And after i run ...

    select 'ALTER LOGIN ['+name+'] WITH DEFAULT_LANGUAGE=['+ default_language_name +']'

    FROM sys.sql_logins

    where name not like '%#%' and name not like 'sa'

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply