Urgent: Migrating Users to New Domain

  • We are currently in the process of migrating users from a NT 4.0 domain to a win2k Domain. On some of our SQL Servers the Windows Authenticated users own objects within the database. These Windows Authenticated users also own SQL Server Job and DTS Packages. Once these Windows Authenticated users are moved over to the Windows 2000 Domain they have to qualify there database objects, they can not see their SQL Server Jobs they created and they cannot modify the DTS Packages they previously created. Is their a tool or script out there that can fix this problem of moving the Windows Authenticated users smoothly over to the new domain.

  • Should (not on a domain at the moment to confirm) just be able to update sysxlogins. Everything internally is stored based on the sid from there.

    Andy

    http://www.sqlservercentral.com/columnists/awarren/

  • Andy,

    Thanks a lot for the reply. The solution we are looking is to resolve issues with ownership in user databases (sysusers) and updating sysprotects. I found an sp sp_sidmap, but we weren't able to find the code for it. Do you by any chance have code for it? Also, if you think of any solutions that will fix the ownership please let us know. By default sql will only have name as an owner. We have instances when there is actual domain and user name are owners of the objects

  • In the migration between NT 4.0 and AD, is this an in-place upgrade or side-by-side?

    Remember that the user owns a database object and while it may appear as "MyDomain\MyUser" that is actually the user name. It'll be mapped to a SID like Andy says.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

  • Brian thank for your response. The migration is side-by-side. We have performed the test and it did not work. The user was able to login to the server based on AD sid history, but was not able to access objects like jobs. What we did is updated name column to a new domain name in the sysxlogins table. If you aware of any other solution please share. Thank you

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply