Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 AD Username Change not working in SQL Server

Author  Topic 

mike.bowen
Starting Member

4 Posts

Posted - 2010-11-17 : 17:57:10
Got a bizarre problem that we can't seem to figure out.

We have a large enterprise with many regions and each region has it's own domain controller and SQL Server. We have an AD group called "Domain Users" which all standard users are a member of. This AD group has access to the SQL Servers in the "public" role and we restrict security through the applications which hit the SQL Server. The application connects to the SQL server using Windows Authentication.

Anyways, we have a user who requested a AD username change because of a marriage. The AD username was updated in our main office. She is able to connect to the application in our main office without a problem. However when she connects to any other office, she gets an error from the app which indicates her user account doesn't exist in the application.

If I run Profiler against the two servers, the server in the main office shows her new user account in the LoginName field. However in the other servers, they all show the old username in the LoginName like the SQL Server has somehow cached the username against a SID or something.

I've checked the local DC's and the new username has propagated out to all of them.

I am STUMPED. I'm tempted to just reboot a SQL server to see if that fixed it, however, that is not a great solution for this as we have a lot of these systems and rebooting a ton of production servers isn't viable whenever a username changes.

Any help would be appreciated!

robvolk
Most Valuable Yak

15732 Posts

Posted - 2010-11-17 : 18:11:20
Is her individual Windows login registered on that SQL Server? If so that would explain why the old name shows up. If she's a member of the correct Windows group and doesn't require additional permissions then dropping her login from SQL Server may resolve it.
Go to Top of Page

mike.bowen
Starting Member

4 Posts

Posted - 2010-11-17 : 18:13:00
No her individual login is not registered on any of the SQL Servers...there are very few individual accounts registered, they are all Admins or Superusers...the standard users do not get their individual accounts registered, they just belong to the AD group.
Go to Top of Page

jen
Master Smack Fu Yak Hacker

4110 Posts

Posted - 2010-11-18 : 15:45:38
maybe the database on that server has a 'user' table and you need to make that change as well since the permissions are being controlled by the app?

--------------------
keeping it simple...
Go to Top of Page

mike.bowen
Starting Member

4 Posts

Posted - 2010-11-19 : 09:00:25
Yes the application does use a table like this and it has been updated, but the problem is that SQL Profiler it showing the LoginName as her OLD login on servers outside of the main office and the NEW login on the servers in the main office.
Go to Top of Page

mike.bowen
Starting Member

4 Posts

Posted - 2010-11-19 : 11:27:25
Ok so a little more info. The servers that ARE working, I don't think it is because of the location, there is one other server that does work outside of the main office, but these are all SQL 2000 servers. The only servers she is having issues with are SQL 2008 servers, running W2K8 server.

Not sure if that helps anyone...
Go to Top of Page

dataguru1971
Master Smack Fu Yak Hacker

1464 Posts

Posted - 2010-11-22 : 18:12:00
Do you use any kind of single sign on program that may have stored her "old" network credentials as the default login? When this happened at an employer I was at, users would be locked out because the "old" ID stored in the SSO profile was rejected...



Poor planning on your part does not constitute an emergency on my part.

Go to Top of Page
   

- Advertisement -