Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / July 2008

Tip: Looking for answers? Try searching our database.

Rename AD group

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
A.M. - 21 Jul 2008 21:18 GMT
Hi,

Our Active Directory team renamed a group name from DOMAIN\GROUP1 to
DOMAIN\GROUP2. Although everything is Ok on Windows side (All references to
DOMAIN\GROUP1 is changed to DOMAIN\GROUP2 for example in local admin), SQL
Server still shows DOMAIN\GROUP1 in its login list and sp_validatelogins
reports DOMAIN\GROUP1 as invalid group name.

How can I refresh syslogins (or anywhere else) on SQL Server 2000 and 2005
to have DOMAIN\GROUP2 instead?

Thanks
Reply to this Message
Russell Fields - 22 Jul 2008 20:26 GMT
A.M.,

It has been a while since I did this, back on SQL Server 2000.  I don't
believe there is a command in SQL Server 2000, so I probably did something
very illegal like update the system table.  (Impossible in SQL Server 2005
and not really a good idea in SQL Server 2000.)

In SQL Server 2005, you can ALTER LOGIN [loginname] WITH NAME=[newname].
This will work if the SID for the new name is the same as the SID for the
old name.  (Which is your case.)  However, this does not rename the users in
the database, so you must also run ALTER USER [username] WITH NAME =
[newusername] for each database where the login is a user.

If you want it to be really clean, you might prefer to script out all the
rights to the login and users then drop the old users and logins.  After
that recreate the new  new login and regrant the rights.  To find role
memberships of a login you may:

exec sp_helplogin [loginname]

However, rights granted directly to a login (something I rarely do) have to
be found in each database, perhaps by using:

exec sp_helprotect @username=username

In SQL Server 2005 there are some new views, but that won't help you with
SQL Server 2000.

RLF

> Hi,
>
[quoted text clipped - 8 lines]
>
> Thanks
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.