Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Administration (2000)
 Moving to active directory domain

Author  Topic 

sand-lakes1
Starting Member

29 Posts
Posted - 2004-07-05 : 09:15:01
Moving to active directory domain

In the near future we would like to move accounts from our NEDEUR domain to an active directory domain called ACTNLEUR domain. Workstations/Cliensts/Servers have been transferred already and are a part of the ACTNLEUR domain on machine level. Only the accounts have to be transmitted / created on active directory.

Current situation:

  • Using Local groups containing domain accounts like SQLEUR/COST( account/members are in the NEDEUR domain; for example NEDEUR\NED009 )

  • Windows 2000 sp4

  • Sql2000 sp3a

  • Separate NEDEUR accounts have been authorized to work on SQLEUR. Format of the accounts is for example like this: NEDEUR\NED009



As a test I duplicated the group members thru a windows resource kid tool; ‘addusers’. All accounts exist twice in the group. One account for the current domain and one for the new active directory domain. For example: NEDEUR\NED009 and ACTNLEUR\NED009.

If I logon with this account on the ACTNLEUR connections to sql server on the new active directory domain seem to be working . Correct ??

Here is the problem. Separate accounts –not a member of any group at all- given acces to sql and also authorized to use user tables are a problem. For example: NEDEUR\NED010.
I thought to be smart by changing the format in the sysxlogins table in the master database from NEDEUR\NED010 into ACTNLEUR\NED010.

When I run this query: (in the database given access to)
select master..syslogins.name as login_name,
sysusers.name as user_name, master..syslogins.sid
from master..syslogins inner join sysusers
on master..syslogins.sid = sysusers.sid

the sids seem to be equal and therefore it should work; I thought ………… I quess my thinking is wrong

It isn’t thru that I haven’t got to create all stand-alone accounts one after one when I do the move I hope ????

Can someone help and / or give me ideas

Thanks in advance

John

derrickleggett
Pointy Haired Yak DBA

4184 Posts
Posted - 2004-07-05 : 12:09:57
You will need to change the name in sysusers also. It's of course not recommended that you update the system tables directly.

MeanOldDBA
derrickleggett@hotmail.com

When life gives you a lemon, fire the DBA.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site