Orphaned user in SQL server

Similar Messages

• How to resolve a windows authenticated orphaned user in Sql Server 2008 R2?

  Hi,
   We have some orphaned windows authenticated  users(domain) in the database while it had been
  migrated from Sql Server 2005 to Sql Server 2008 R2, because there are no corresponding
  logins for the users. Will just adding the logins would be sufficient or after adding the
  logins should we also run sp_change_users_login @Action='update_one' to resolve any sid
  conflict. Thanking you in advance,
  With regards
  Binny Mathew

  Binny
  You have issue with orphaned users if you use Mixed Authentication.  If you use Windows and move the db to the new server the Windows Login should be exist on the new server already.
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• Users using SQL Server Authentication

  What tables/views would I use to create a list of users using SQL Server Authentication? I want the name, whether password (complexity) policy is set and whether password expiration is set. I only want current/active users.

  You can query query sys.sql_logins to get this information.
  http://msdn.microsoft.com/en-GB/library/ms174355.aspx
  Regards, Ashwin Menon My Blog - http:\\sqllearnings.com

• Blank password for sa user in SQL server

  i have already checked and confirmed that checkboxes in the SA login properties does not have a tick mark and also saved the properties window after leaving the password blank
  but when I'm unable to login to the software that is being connected to the respective database in sql server, i find that a password has been assigned to the sa user
  our application is not working if a password has been set for the sa user. please give me a solution to set a blank password for sa user and also to make sure that a password is not getting assigned automatically

  Why not just disabling SA login?
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• Login failed for User (Microsoft SQL Server, Error:18456)

  Hi,
  I am using SQL SERVER 2008. I was login through Windows Authentication and Unknowingly I have
  deleted admin user (With name of my Computer e.g. "ABC-PC\ABC" ) under security=>Logins and restarted the SQL Server.
  Now I am not able to connect to server using Windows as well as SQL Server Authentication Mode.
  Please help me How can I create the same User again?
  OR How can I connect to server using Windows or Sql Server Authentication??

  as
  you confirmed its sql 2008 , you have only below choices :
  you
  can ask anyone who manages/developer
  who installed this server  
  your DBA should be able to help

• Neet to locate the shared services native users in SQL server tables

  Hi All,
  We are using Hyperion Shared services to provision users to essbase, planning and HFM(all version 9.3.1). And we are using SQL server 2000 as the database. We created few native users in shared services and provisioned them to HFM, Essbase and Planning. Now we need to find those native users' information in the underlying SQL tables. I followed the documentation and sync-ed the native to relational tables using shared services, but I cannot see the user info for all the users I have created. I would appreciate if you can suggest me how to find the shared services users' and roles information in SQL tables (in the back end).
  Legards,
  Leo

  Hi,
  There are a number of free Ldap browsers that you can download, e.g.
  http://www.mcs.anl.gov/~gawor/ldap/demo.html
  http://www.ldapbrowser.com/download.htm
  Once you have installed then ldap browser you just need to point it to your Openldap
  Host :- machine with OpenLdap running
  Port :- 58089
  Base :- dc=css,dc=hyperion,dc=com
  User DN :- CN=root,dc=css,dc=hyperion,dc=com
  And just the root password which you can change in HSS in 9.3
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Is it possible to assign an AD User to SQL Server Login with a defined set of SQL Server Roles?

  A customer asked me if its possible to define in the Active Directory, the SQL Server Roles that should be automatically assigned to a sql server Login that is mapped to a Windows Account.
  In short, his idea is:
  - he creates in the Active Directory a User Group that "knows" about the SQL Server "SecutityAdmin" role
  - some Windows Windows Accounts are Member of this AD Group
  - if one of this Windows Domain Account is mapped to a SQL Server Login "CREATE LOGIN [<domainName>\<login_name>] FROM WINDOWS;" the created SQL Server Login will automatically be a Member of the SQL Server SecurityAdmin.
  Do you know if its possible to configure the AD / SQL Server in this manner?
  I invested some time searching through SQL Server Onlinehelp and AD Documentation. Found nothing. Dont even know if its fiction or a realistic wish.
  Any help, hint, adivce is really appreciated.
  Best Regards
  Paolo

  Yes, you can create an AD Group named "SQLSecurityAdmins", assign a login in SQL Server to this group and grant SecurityAdmin role to it (exec sp_addsrvrolemember).
  Bodo Michael Danitz - MCT, MCITP - free consultant - performance specialist - www.sql-server.de
  Hi Bodo
  Thank you very much for your reply. Dont know if i got it right.
  I create the AD Group "SQLSecurityAdmin", assign it to SQL Server Login and manually add the SQL Server Login as a Member of the SQL Server "SecurityAdmin" Role.
  Now i have a new AD User "NewUser", make him a member of the AD Group "SQLSecurityAdmin". Then i execute "CREATE LOGIN [DomainName\NewUser] FROM WINDOWS;". Is now the new SQL Login Mapped to the Windows Account "DomainName\NewUser" automatically member of
  the SQL Server SecurityAdmin Group?
  Best Regards
  Paolo

• Create user in sql server 2000??

  Hi,
  I can't believe I can't find any previous posts to do with this subject!
  After googling around I ended up with this bit of SQLsp_addlogin @loginame='cms',@passwd='cms',@defdb='cms';
  USE cms;
  sp_grantdbaccess @loginame='cms',@name_in_db='cms';
  sp_addrolemember @rolename='db_owner',@membername='cms'
  GRANT ALL TO cms;I've already created a user (admin) to log on as in order to create this user. The script creates the user and grants the role 'db_owner' but under the MASTER db instead of CMS. The only thing I can see missing is a "GO" after the "USE cms", but then this is not allowed over JDBC.
  Can anyone tell me how to create a user in the right db?
  Ted.
  P.S. Please bear in mind that this needs to be db independent.

  Hi,
  I can't believe I can't find any previous posts to do with this subject!
  After googling around I ended up with this bit of SQLsp_addlogin @loginame='cms',@passwd='cms',@defdb='cms';
  USE cms;
  sp_grantdbaccess @loginame='cms',@name_in_db='cms';
  sp_addrolemember @rolename='db_owner',@membername='cms'
  GRANT ALL TO cms;I've already created a user (admin) to log on as in order to create this user. The script creates the user and grants the role 'db_owner' but under the MASTER db instead of CMS. The only thing I can see missing is a "GO" after the "USE cms", but then this is not allowed over JDBC.
  Can anyone tell me how to create a user in the right db?
  Ted.
  P.S. Please bear in mind that this needs to be db independent.

• HOW TO CREATE WINDOWS AUTHENTICATION USER IN SQL SERVER AFTER INSTALLING SQL SERVER 2008

  I had an error while executing asp.net appcation from IIS as follows
  Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  Description:
  An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
  Exception Details: System.Data.SqlClient.SqlException: Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.
  [SqlException (0x80131904): Login failed for user 'IIS APPPOOL\ASP.NET v4.0'.]
  Can the above problem be solved by CREATING WINDOWS AUTHENTICATION LOGIN FOR
  'IIS APPPOOL\ASP.NET v4.0'  ?
  If yes, how to create the login?
  If no,what is the best possible solution?
  Please reply as soon as possible as i am unable to run my project which I had done in my lab,in my home system.

  Hi Praveen,
  To fix this issue, you need to change the Identity of your website's Application Pool to use the
  NetworkService account (or the less secure LocalSystem account).  By default, IIS7 seems to set the Application Pools Identity to 'ApplicationPoolIdentity' instead of NetworkService or LocalSystem.
  Here's a step-by-step guide for determining your websites Application Pool, then changing its Process Model Idenitty in IIS7:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, drill down into Default Web Site and click on your website.
  3.Now in the Actions sidebar (on right side), click on Advance Settings... In the popup box, under General you will see your Application Pool listed for your website (in my case the app pool is: ASP.NET V4.0).
  4.Click Cancel...  If you choose, you can change the Application Pool here, but for the sake of this example we just wanted to find out what the website's App Pool was.
  Then change the app pool's (Process Model) Identity to 'NetworkService', the steps are showed as below:
  1.Open Internet Information Services (IIS) Manger.
  2.In the Connections sidebar, click on Application Pools.
  3.Now right-click on theApplication Pool that your website is using (in this case my site is using the ASP.NET v4.0 application pool), and select Advanced Settings... from the menu.
  4.In the Advanced Settings pop-up box, locate the Process Model -> Identity section and click on the Application Pool Identity.
  5.In the Application Pool Identity pop-up box, change the Built-in account to NetworkService (or if you want LocalSystem), then click OK, and click OK again to save your Advanced Settings changes.
  Hope this helps.
  Best Regards,
  Peja
  Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Migrating users in sql server to oracle 10g

  migrating users from sqlserver to oracle10g
  what are the setps to follow for migrating users in sqlserver to oracle10g
  also
  please let me know the migration of roles and privelage in sqlserver into oracle10g
  meaning
  these are roles in sqlserver
  public
  db_owner
  db_accessadmin
  db_securityadmin
  db_ddladmin
  db_backupoperator
  db_datareader
  db_datawriter
  db_denydatareader
  db_denydatawriter
  what are equivalent role and priv in oracle

  Hi,
  We can't directly and exactly map the roles but I have mapped to similar roles below.
  In Oracle, the access mechanisms work like this:
  A user with create table privilege can create any number of tables in his own schema. He may have some quota on tablespaces, the amount of data he can use for all his tables together in that tablespace and he becomes the dbowner for his schema and schema objects.
  He can grant select, insert, update and delete privileges to any user he like.. the user who got the privileges is called a "grantee". A grantee can again grant the privileges that he received to others, provided he has been granted with "with grant option".
  A pseudo user called public, is only a place holder to say ALL ... if you grant some privileges to PUBLIC, then everyone in the database will have that privileges.
  A user with EXP_FULL_DATABASE will be able to backup the full database.
  Please refer to oracle documentation for complete details.
  public - PUBLIC
  db_owner - SCHEMA USER him self
  db_accessadmin - SCHEMA USER himself
  db_securityadmin - SCHEMA USER himself
  db_ddladmin - SCHEMA USER himself
  db_backupoperator - a role EXP_FULL_DATABASE
  db_datareader - any user who has select previliges
  db_datawriter - any user who has select, insert , update and insert privileges
  db_denydatareader - any user who do NOT have select priviliges
  db_denydatawriter - any user who do NOT have insert , update and delete privileges
  HTH
  Regards,
  Badri.

• Which user for a contained database - SQL Server 2012

  Hi,
  if I've a contained db and I need to create an user for this db in order to porting this contained database to different servers inside the same domain, which type of user do I need to create?
  For this user I don't want to apply any further configurations.
  Any suggests to me, please?

  That still doesn't parse to me... Lets break it down:
  "...for the contained db to port to a server to another server in the same domain..."
  I assume you mean "... from a server to another server...". The unclear thing here is exactly how you define "to port". For the database to be restoreable? Nothing has to be done. To not have orphaned users? Well, you don't get orphaned users for Windows
  users, only SQL Server users. Is this Windows login already existing in the source database? Does it have permissions assigned for it that you need to keep. If so, why are we talking about crating a *new* users*? Many questions marks here...
  Next part: "I need to create an user that doesn't require to accomplish any further user configurations"
  Are we talking about creating a user for the purpose of performing the port? Or a user that is expected to use this database after this port? Or does this user exist already?
  As for the "doesn't require to accomplish any further user configurations" part, I still don't understand this. Are you asking if all you have to do is to create this Windows user? Then the answer is possibly "yes", but it depends on your answers to my above
  questions - i.e. a bigger picture of your scenario and what in the end you are trying to accomplish.
  Tibor Karaszi, SQL Server MVP |
  web | blog

• User objects didn't display in SQL developer connecting to MS SQL server

  I follow the document steps and successfully connected to MS SQL server. I can connect and see all the objects in MS SQL if I use the SQL account with sysadmin role. Everything works fine for using the MS SQL account with sysadmin role.
  However, if I use a SQL account that only have db_datareader role only, it connects fine. I can run a select statement to select any dbo tables and get data return, but I can't see any dbo objects list on the left navigator bar. It will be very helpful for users to see the objects and names in the navigator bar.
  Is there anything special I have to setup in order for the objects to display in the navigator bar for MS SQL server with account have db_datareader only?

  Hi user615547 ,
  I do not see a bug logged on this.
  The only issue I can remember beyond db_datareader is that you need
  -grant view definition to <user>
  on SQL Server 2005 to view a stored procedure definition that is not yours. Even if you have execute privilege you may not have view source privilege.
  Can your dba illuminate how the database was locked down?
  What version of SQL Server are you using ?
  Which specific object browsers are failing or, are all the object browsers failing?
  Does the database capture correctly? (browse and capture use slightly different queries.) You will need to create a repository on oracle and 'capture' the sql server database).
  -Turloch

• Replication stopp after change changing SQL Server Agent User

  Hi,
  I tryed to change the user for SQL Server Agent on my Distributor. We use pushed transaction replications. But after i changed the user, all replications stopped:
  ERROR: (from SQL Monitor)
  The job failed.  The Job was invoked by Start Sequence 0.  The last step to run was step 3 (Detect nonlogged agent shutdown.).
  The new user is a domainusert too, and had administrative rights on the server. I changed the user to start SQL Server Agent on other servers without error.
  Can anybody tell me, how to change the user on a distributor, without stopping all replications?
  Thanks
  Kind regards,
  Andreas

  Hi Andreas,
  You are likely running into a permissions issue.
  Verify the Log Reader Agent process account is db_owner in the distribution database and that the account used to connect to the Publisher is db_owner in the publication database.
  Verify the Distribution Agent process account is db_owner in the distribution and subscription databases, is a member of the PAL, and has read permissions on the snapshot share.
  This is covered in
  Replication Agent Security Model.
  Brandon Williams (blog |
  linkedin)

• Start SQL Server in single user mode with parameter -m doesn't work well

  C:\Windows\system32>net start mssqlserver /m "Microsoft SQL Server Management St
  udio - Query"
  The SQL Server (MSSQLSERVER) service is starting.
  The SQL Server (MSSQLSERVER) service was started successfully.
  C:\Windows\system32>sqlcmd -S . -e
  1> go
  1> select @@servername;
  2> go
  select @@servername;
  myserver
  (1 rows affected)
  1>
  As you can see, I'm still able to connect with sqlcmd prompt to SQL Server. According production doc of SQL Server 2014, it should not be conncting by sqlcmd. it shall only be connected by SSMS.
  below the original doc on msdn:
  Start SQL Server in Single-User Mode
  Provide Feedback
  Under certain circumstances, you may have to start an instance of SQL Server
  in single-user mode by using the startup option -m. For
  example, you may want to change server configuration options or recover a
  damaged master database or other system database. Both actions require starting
  an instance of SQL Server in single-user mode.
  Starting SQL Server in single-user mode enables any member of the computer's
  local Administrators group to connect to the instance of SQL Server as a member
  of the sysadmin fixed server role. For more information, see Connect to
  SQL Server When System Administrators Are Locked
  Out.
  When you start an instance of SQL Server in single-user mode, note the
  following:
  Only one user can connect to the server.
  The CHECKPOINT process is not executed. By default, it is executed
  automatically at startup.
  Note
  Stop the SQL Server Agent service before connecting to an instance of SQL
  Server in single-user mode; otherwise, the SQL Server Agent service uses the
  connection, thereby blocking it.
  When you start an instance of SQL Server in single-user mode, SQL Server
  Management Studio can connect to SQL Server. Object Explorer in Management
  Studio might fail because it requires more than one connection for some
  operations. To manage SQL Server in single-user mode, execute Transact-SQL
  statements by connecting only through the Query Editor in Management Studio, or
  use the
  sqlcmd utility.
  When you use the -m option with sqlcmd or
  Management Studio, you can limit the connections to a specified client
  application. For example, -m"sqlcmd" limits connections to a
  single connection and that connection must identify itself as the
  sqlcmd client program. Use this option when you are starting
  SQL Server in single-user mode and an unknown client application is taking the
  only available connection. To connect through the Query Editor in Management
  Studio, use -m"Microsoft SQL Server Management Studio - Query".
  Shawn

  Hi Shawn Xiao,
  For starting SQL Server instance in single user mode, we can add –m; parameter in SQL Server Configuration Manager, also we can run CMD with ‘Run as administrator’ and input the following statement.
  NET START MSSQLSERVER /m
  I do a test in SQL Server 2014 Express version, after starting SQL with Single User Mode, SQL Server will only accept one connection. If you connect to SQL Server with a user account, the following error will occur.
  Login failed for user ‘domain\username’. Reason: Server is in single user mode. Only one administrator can connect at this time.
  However, in your situation, you can connect to SQL Server and run T-SQL statement successfully, it can be due to connection with the administrator account in your sqlcmd.
  For more information, you can review the following article.
  http://zarez.net/?p=117
  Regards,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• SQL Server Express is being a real pain

  I've been messing with this SQL Server Express installation
  since Friday and still can't get this application and database to
  work together correctly. The program is written in ColdFusion, but
  the errors seem to be permissions related to me but I just can't
  figure it out.
  I've created a user within SQL Server Management Express
  program and all goes well. I then assign it as database owner for
  the particular database I'm using. I've created the datasource from
  within the ColdFusion administrator and it says the connection is
  being made.
  When trying to access the script, I get the error below.
  In the SQL Management system I have tried everything that I
  know to do - from adding this particular account as a user for the
  "tUsers" table and giving it "Select" permissions to re-creating
  the account and making it owner of the entire database. I tried
  adding the schema to the front and surrounding the table name in
  brackets [ ].
  The database was restored from a backup on another server.
  Would that cause problems at all? I just tried deleting the
  database, creating it again, then restoring it from the file and
  setting the owner as this user during the import process. I'm still
  not having any luck though.
  I've searched Google and almost every result is a forums post
  from people having this same problem who have fixed it by giving
  the account permission to access the database and/or table. For
  some reason that isn't working for me - or I'm an idiot and missing
  something.
  Does anyone have any ideas?

  At first, no, I couldn't perform any queries at all against
  the database.
  I fixed the problem by editing the "server" in the CF admin
  for this datasource and making it:
  localhost/SQLEXPRESS
  CF Admin says it doesn't verify, but if I attach the username
  and password to each CFQUERY statement they work!
  Very strange problem. I'm not sure if this is a 'feature' or
  a known bug, but I don't see any reason why that connection doesn't
  verify. Especially since if it would've I could have saved myself
  countless hours of work.
  Oh well - thanks everyone for your suggestions and
  help!