We have SQL applications in which some of the SQL user
accounts are integrated with Windows authentication.
We would like to find out whether any of you have
migrated any SQL based applications of which the SQL user
accounts were configured to make use of Windows
authentication instead of SQL authentication. Will the
Windows accounts in SQL be automatically translated to
the new AD account (with all necessary SQL
rights/permissions) or do we have to manually recreate &
reconfigure all Windows accounts in SQL and its
rights/permissions?
Appreciate some feedback. Thanks.
.Hi
If you are using the AD migration tool then you should keep the same SIDs
and therefore there should not be a problem.
If you do change SIDS then the amount of rework would be reduced if you used
NT groups when granting premissions rather than individual users.
John
"Teo Chee Yang" <anonymous@.discussions.microsoft.com> wrote in message
news:c11b01c40893$25655870$a301280a@.phx.gbl...
> We have SQL applications in which some of the SQL user
> accounts are integrated with Windows authentication.
> We would like to find out whether any of you have
> migrated any SQL based applications of which the SQL user
> accounts were configured to make use of Windows
> authentication instead of SQL authentication. Will the
> Windows accounts in SQL be automatically translated to
> the new AD account (with all necessary SQL
> rights/permissions) or do we have to manually recreate &
> reconfigure all Windows accounts in SQL and its
> rights/permissions?
> Appreciate some feedback. Thanks.
> .
>|||Personally I doubt that ADMT does translate any SQL
permissions and rights assigned to Windows-authenticated
SQL user accounts.
Besides, I realized that from the Security, Logins folder
that once the logins are defined as <NT4
domain>\<username>, we cant changed it, even before the
migration of the SQL server computer account.
Any more feedback?
>--Original Message--
>Hi
>If you are using the AD migration tool then you should
keep the same SIDs
>and therefore there should not be a problem.
>If you do change SIDS then the amount of rework would be
reduced if you used
>NT groups when granting premissions rather than
individual users.
>John
>"Teo Chee Yang" <anonymous@.discussions.microsoft.com>
wrote in message
>news:c11b01c40893$25655870$a301280a@.phx.gbl...
user
&
>
>.
>|||Hi
This sounds like you are changing the domain as well during the migration.
In which case look at:
http://support.microsoft.com/defaul...kb;EN-US;240872
I believe in the documentation that SIDs are retained by ADMT, if it did not
all sorts of other privilege related problems would occur.
John
"Teo Chee Yang" <anonymous@.discussions.microsoft.com> wrote in message
news:c64d01c40915$7d155610$a401280a@.phx.gbl...
> Personally I doubt that ADMT does translate any SQL
> permissions and rights assigned to Windows-authenticated
> SQL user accounts.
> Besides, I realized that from the Security, Logins folder
> that once the logins are defined as <NT4
> domain>\<username>, we cant changed it, even before the
> migration of the SQL server computer account.
> Any more feedback?
>
> keep the same SIDs
> reduced if you used
> individual users.
> wrote in message
> user
> &
Friday, March 30, 2012
Impact of AD Migration on Windows authenticated SQL user account
Labels:
applications,
authenticated,
authentication,
database,
impact,
integrated,
microsoft,
migration,
mysql,
oracle,
server,
sql,
user,
useraccounts,
windows
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment