Msg 15404, Level 16, State 10, Procedure xp_logininfo - missing permissions [duplicate]

Question

This question already has answers here:

Cannot create login on cluster (3 answers)

Closed 1 year ago.

I have a server based in the USA, where I am not a domain admin, and my permissions are limited to sql server only - where I am sysadmin.

after a migration of a few databases to a new server, I noticed that I needed to go back to the old server to get one of my logins and permissions related.

when I run the following command:

EXEC xp_logininfo 'gplondon';  

I get:

Msg 15404, Level 16, State 10, Procedure xp_logininfo, Line 62 [Batch Start Line 6] Could not obtain information about Windows NT group/user 'gplondon', error code 0xffff0002.

I understand I have all the permissions inside sql server to run xp_logininfo

But what other permissions are missing that have disabled me (or the sql server service on that server) to interrogate the active directory?

in other words, everything was working fine before, what permissions are missing now?

Answer 1

after checking the error log

xp_readerrorlog 0, 1, "error" , NULL, NULL, NULL, N'desc'

finding no errors related to the above

then checking the error message:

BEGIN TRY  
EXEC xp_logininfo 'gplondon'; 
END TRY  
BEGIN CATCH  
    SELECT ERROR_NUMBER() AS ErrorNumber
          ,ERROR_MESSAGE()
END CATCH; 

15404
Could not obtain information about Windows NT group/user 'gplondon', error code 0xffff0002.

investigate: 15404 with Active Directory

with a quick select on sys.server_principals

select * from sys.server_principals
where name = 'gplondon'

I found something obvious: gplondon does not exist in the active directory, because it is a sql login

from the remarks on the documentation of xp_logininfo

If account_name is a valid Windows user or group that is not associated with a SQL Server login, an empty result set is returned. If account_name cannot be identified as a valid Windows user or group, an error message is returned.