SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2008 Forums
 SQL Server Administration (2008)
 SQL Security Groups
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

petek
Posting Yak Master

United Kingdom
192 Posts

Posted - 05/10/2013 :  04:36:34  Show Profile  Reply with Quote
Hi

firstly thanks for looking at this post.....

I am trying to implement a solution to fix our current security dilemma….i have created some security groups in AD where users are added/removed so they can gain access to SQL servers eg...(G.SqlReadOnly.Servername) this works fine until I either refresh a Database from a live server to its test counterpart or create a new one on said server. I have to then go in manually to map the group to the new/refreshed DB.

i have half a dozen other groups so this can get quite tiresome...Is there an easy way I can do this?

Thanks Pete



Kind Regards

Pete.

jackv
Flowing Fount of Yak Knowledge

United Kingdom
2067 Posts

Posted - 05/10/2013 :  13:52:52  Show Profile  Visit jackv's Homepage  Reply with Quote
It sounds like you're getting orphaned users - this script will resynchronise after a restore - http://www.sqlserver-dba.com/2008/08/synchronise-use.html

Jack Vamvas
--------------------
http://www.sqlserver-dba.com
Go to Top of Page

Bustaz Kool
Flowing Fount of Yak Knowledge

USA
1754 Posts

Posted - 05/10/2013 :  13:59:17  Show Profile  Reply with Quote
The security group in AD becomes a LOGIN at the SQL Server level. Adding a new database won't do anything to create a USER associated with that LOGIN. What I can suggest, as a quick fix, is to script out a USER from an existing database and then apply that script whenever you create a new database. The restore of the database is a slightly different story. I'm assuming that the AD group is already a login on your test server. It could be that the IDs of the LOGIN and database USER are out of sync, even though the names are in agreement. If so, you could re-connect the two by running:
ALTER USER MyUser WITH LOGIN = MySecurityGroup;
Again, you could script out this code for the full set of AD groups you are using and run it against any restored database.

HTH

=================================================
There are two kinds of light -- the glow that illuminates, and the glare that obscures. -James Thurber
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.05 seconds. Powered By: Snitz Forums 2000