Question

I want to change the SA password for the always on availability group servers. Since i wanted to keep the same password on all the replicas when I tried to transfer the login through Microsoft Stored procedure EXEC sp_help_revlogin so that the account has the same SID all across the script did not pull the SA account.

My question is does SA account has any associated SID like the SQL authentication accounts and secondly is there anything to be aware of changing SA accounts of always in availability group servers or I just have to manually change the password on all the servers like any other SQL authenticated logins.

Was it helpful?

Solution

Yes the SA account does have an SID and you can verify what it is by logging into the SQL Server as the SA account and using this SQL function: SELECT SUSER_SID('sa');

MS Docs on it: https://docs.microsoft.com/en-us/sql/t-sql/functions/suser-sid-transact-sql?view=sql-server-ver15

There's nothing special about using SA or any other account in an AlwaysOn Availability Group, as long as the alternative account you use has the appropriate permissions. But yes you would just change the account user and password like any other account.

MS Docs on Availability Groups, specifically read up on the security and permissions sections if you need further info: https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/prereqs-restrictions-recommendations-always-on-availability?view=sql-server-ver15#SecurityAG

Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange
scroll top