Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 SQL Security Groups

Author  Topic 

petek
Posting Yak Master

192 Posts

Posted - 2013-05-10 : 04:36:34
Hi

firstly thanks for looking at this post.....

I am trying to implement a solution to fix our current security dilemma….i have created some security groups in AD where users are added/removed so they can gain access to SQL servers eg...(G.SqlReadOnly.Servername) this works fine until I either refresh a Database from a live server to its test counterpart or create a new one on said server. I have to then go in manually to map the group to the new/refreshed DB.

i have half a dozen other groups so this can get quite tiresome...Is there an easy way I can do this?

Thanks Pete



Kind Regards

Pete.

jackv
Master Smack Fu Yak Hacker

2179 Posts

Posted - 2013-05-10 : 13:52:52
It sounds like you're getting orphaned users - this script will resynchronise after a restore - http://www.sqlserver-dba.com/2008/08/synchronise-use.html

Jack Vamvas
--------------------
http://www.sqlserver-dba.com
Go to Top of Page

Bustaz Kool
Master Smack Fu Yak Hacker

1834 Posts

Posted - 2013-05-10 : 13:59:17
The security group in AD becomes a LOGIN at the SQL Server level. Adding a new database won't do anything to create a USER associated with that LOGIN. What I can suggest, as a quick fix, is to script out a USER from an existing database and then apply that script whenever you create a new database. The restore of the database is a slightly different story. I'm assuming that the AD group is already a login on your test server. It could be that the IDs of the LOGIN and database USER are out of sync, even though the names are in agreement. If so, you could re-connect the two by running:[CODE]ALTER USER MyUser WITH LOGIN = MySecurityGroup;[/CODE]Again, you could script out this code for the full set of AD groups you are using and run it against any restored database.

HTH

=================================================
There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber
Go to Top of Page
   

- Advertisement -