Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2008 Forums
 Transact-SQL (2008)
 xp_logininfo works inconsistently

Author  Topic 

mmcnary
Starting Member

16 Posts
Posted - 2011-08-11 : 13:25:44
In some SQL Server instances, when I run

xp_logininfo <group>, 'members'

I get the expected results, but in others I receive the following error:

Msg 15404, Level 16, State 4, Line 42
Could not obtain information about Windows NT group/user <Domain group>, error code 0x52e.

This error pops on both sql2005 and sql2008, and works on both as well. I have a very mixed environment.

Are there any special settings or permissions that need to be set in an instance to allow this sp to run?

Naturally, the instance in which I am developing is one where the statement works, so I didn't find the error until I deployed it to the rest of the DEV tier.



Thanx,

-Mark McNary

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2011-08-11 : 14:05:43
The group must be added to the instance already in order to query it.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

mmcnary
Starting Member

16 Posts
Posted - 2011-08-11 : 15:21:30
Thanx for the quick response, Tara.

I guess I should have put more handles on the issue. I have a stored procedure that enumerates the various privileges granted in the instance. I am spinning through syslogins, and pulling a list of logins identified as 'AD Group'. I then go through the list of groups and use xp_logininfo to get the list of members, which are then documented as each having the privileges granted to the AD group.

Thanx,

-Mark McNary
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2011-08-11 : 15:27:00
Make sure you are on the latest hotfix for the respective version of SQL Server. If that doesn't help, you'll need to open a case with Microsoft as this appears to be something that they'll need to help you with.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

russell
Pyro-ma-ni-yak

5072 Posts
Posted - 2011-08-11 : 15:33:59
Seems likely that you're misidentifying some of your logins as AD Groups.

Also, have a look at this
Go to Top of Page

mmcnary
Starting Member

16 Posts
Posted - 2011-08-15 : 08:35:24
This is the failing sql statements from xp_logininfo

select 'account name' = domain+N'\'+name,
'type' = convert(varchar(8), case when sidtype = 1 then 'user' else 'group' end),
'privilege' = @priv,
'mapped login name' = domain+N'\'+name,
'permission path' = @acctname
from OpenRowset(NetGroupGetMembers, @acctname) order by 3, 1



Thanx,

-Mark McNary
Go to Top of Page

russell
Pyro-ma-ni-yak

5072 Posts
Posted - 2011-08-15 : 08:39:58
SELECT name FROM sys.server_principals WHERE type = 'G'
Go to Top of Page

mmcnary
Starting Member

16 Posts
Posted - 2011-08-15 : 10:46:26
I found a blog post that seemed to indicate that the issue is related to the account that SQL server is running under. It was not completely clear, since I had to translate it from Russian through Google translate.

http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=ru&tl=en&u=http%3A%2F%2Fwww.sql.ru%2Fforum%2Factualthread.aspx%3Ftid%3D642342&act=url


I am certain that the script is correctly identifying the AD groups, as it has similar logic to the query above.

The error occurs when I run this query in some instances, but not in others.

EXEC xp_logininfo 'domain-name\DB Architecture', 'members'

Thanx,

-Mark McNary
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site