Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
petek
Posting Yak Master
192 Posts |
 Posted - 2013-05-10 : 04:36:34
|
| Hifirstly thanks for looking at this post.....I am trying to implement a solution to fix our current security dilemma….i have created some security groups in AD where users are added/removed so they can gain access to SQL servers eg...(G.SqlReadOnly.Servername) this works fine until I either refresh a Database from a live server to its test counterpart or create a new one on said server. I have to then go in manually to map the group to the new/refreshed DB. i have half a dozen other groups so this can get quite tiresome...Is there an easy way I can do this? Thanks Pete Kind RegardsPete. |
|
|
jackv
Master Smack Fu Yak Hacker
2179 Posts |
|
|
Bustaz Kool
Master Smack Fu Yak Hacker
1834 Posts |
Posted - 2013-05-10 : 13:59:17
|
| The security group in AD becomes a LOGIN at the SQL Server level. Adding a new database won't do anything to create a USER associated with that LOGIN. What I can suggest, as a quick fix, is to script out a USER from an existing database and then apply that script whenever you create a new database. The restore of the database is a slightly different story. I'm assuming that the AD group is already a login on your test server. It could be that the IDs of the LOGIN and database USER are out of sync, even though the names are in agreement. If so, you could re-connect the two by running:[CODE]ALTER USER MyUser WITH LOGIN = MySecurityGroup;[/CODE]Again, you could script out this code for the full set of AD groups you are using and run it against any restored database. HTH=================================================There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber |
 |
|
|
|
|
|
SQL Security Groups