SQL Server login not working
https://dba.stackexchange.com/questions/116992
-
29-09-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have a user who was added with windows authentication to a SQL Server 2008 R2 machine.
He had left the company a few months ago, at which point his AD user was disabled and moved to a different OU.
The users database logins and users were not affected.
He then returned to the company, his AD user was reactivated, and moved to the correct OU.
However all his database logins are currently giving login failures.
The issue is resolved if the following actions are taken:
- Drop the existing login
- Create the login again
- Remap the login to the existing database users
This is an impractical method, as it means tracking down each login and recreating it.
How can I resolve this in a more practical way?
Failing a more practical solution, what is the cause for this issue?
Solution
Check the SIDs of the accounts in SQL and AD before the SQL login deletion to confirm they are indeed the same and the AD admins didn't really delete and recreate the AD user account just telling you otherwise.
Articles: http://sqlserver-help.com/2014/05/27/sql-internals-how-to-map-login-sid-to-domain-account/ and https://technet.microsoft.com/en-us/library/ff730940.aspx
There may be a way to get both from PowerShell but confirm what the AD domain and forest functional levels are and research with your version of SQL Server for known bugs -- maybe it's time to upgrade/update one or the other.
