Please start any new threads on our new site at We've got lots of great SQL Server experts to answer whatever question you can come up with.

Our new SQL Server Forums are live! Come on over! We've restricted the ability to create new threads on these forums.

SQL Server Forums
Profile | Active Topics | Members | Search | Forum FAQ
Save Password
Forgot your Password?

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 SQL Security Groups
 Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Posting Yak Master

United Kingdom
192 Posts

Posted - 05/10/2013 :  04:36:34  Show Profile  Reply with Quote

firstly thanks for looking at this post.....

I am trying to implement a solution to fix our current security dilemma….i have created some security groups in AD where users are added/removed so they can gain access to SQL servers eg...(G.SqlReadOnly.Servername) this works fine until I either refresh a Database from a live server to its test counterpart or create a new one on said server. I have to then go in manually to map the group to the new/refreshed DB.

i have half a dozen other groups so this can get quite tiresome...Is there an easy way I can do this?

Thanks Pete

Kind Regards


Flowing Fount of Yak Knowledge

United Kingdom
2179 Posts

Posted - 05/10/2013 :  13:52:52  Show Profile  Visit jackv's Homepage  Reply with Quote
It sounds like you're getting orphaned users - this script will resynchronise after a restore -

Jack Vamvas
Go to Top of Page

Bustaz Kool
Flowing Fount of Yak Knowledge

1834 Posts

Posted - 05/10/2013 :  13:59:17  Show Profile  Reply with Quote
The security group in AD becomes a LOGIN at the SQL Server level. Adding a new database won't do anything to create a USER associated with that LOGIN. What I can suggest, as a quick fix, is to script out a USER from an existing database and then apply that script whenever you create a new database. The restore of the database is a slightly different story. I'm assuming that the AD group is already a login on your test server. It could be that the IDs of the LOGIN and database USER are out of sync, even though the names are in agreement. If so, you could re-connect the two by running:
ALTER USER MyUser WITH LOGIN = MySecurityGroup;
Again, you could script out this code for the full set of AD groups you are using and run it against any restored database.


There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber
Go to Top of Page
  Previous Topic Topic Next Topic  
 Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.02 seconds. Powered By: Snitz Forums 2000