Comments for Business and Information Technology Tangents http://bittangents.com Business and Information Technology Tangents is dedicated to providing quality content while informing the world about technology. Wed, 04 Jan 2012 17:37:36 +0000 hourly 1 http://wordpress.com/ Comment on SQL Server 2008 Security Permissions – Windows / Active Directory Authentication Issues by brentblawat http://bittangents.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-615 Wed, 04 Jan 2012 17:37:36 +0000 https://brentblawat.wordpress.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-615 Correction: Use the Query: select * from sys.syslogins

]]> Comment on SQL Server 2008 Security Permissions – Windows / Active Directory Authentication Issues by brentblawat http://bittangents.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-614 Wed, 04 Jan 2012 17:30:27 +0000 https://brentblawat.wordpress.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-614 Ben – Sounds like there is something else going on. SQL Server 2008 has a pretty strict security model where it leverages LDAP (or Kerberos) to access to domain controller for security (re)authentication. If you sign into the server using a User, SQL Server will authenticate against active directory. Credential caching doesn’t exist with SQL Server 2008. The other option is that the user you are referring to is part of an additional group or has an individual login for that user.

I would run the query: select * from sys.sysusers

I would then take a look at the SID for Group and match it to that of the Group in Active Directory. I would bet they would be the same if you can authenticate with Users within that group.

If they don’t match, I would suggest ‘turning on Mixed Mode Authentication’ if it has not been done yet. Sign in as ‘SA’ and remove and readd the approperiate group.

Let me know if this addresses your issue or if you need further help with this.

Happy Coding

-Brenton

]]> Comment on SQL Server 2008 Security Permissions – Windows / Active Directory Authentication Issues by Ben http://bittangents.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-613 Wed, 04 Jan 2012 16:38:24 +0000 https://brentblawat.wordpress.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-613 A circumstance that I just ran across, is that when using windows authentication if the name of an active directory group that has access to a database in SQL Server is changed, the SQL still remains the same and access still works correctly. I found that if I tried to create a login for the new group name and the old one was still setup I would get the error that the server principle already exists. After reading this I believe that is because the AD Group was renamed and the SID did not change. Does anyone know if there is a way to update the SQL Server logins with the new names from the AD without deleting and recreating them?

]]> Comment on SQL Server 2008 Security Permissions – Windows / Active Directory Authentication Issues by none http://bittangents.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-612 Wed, 02 Nov 2011 20:48:46 +0000 https://brentblawat.wordpress.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-612 Thank-you for this tidbit:
5: import-module activedirectory

]]> Comment on Powershell Import-GPO : The Data Is Invalid Fixed by brentblawat http://bittangents.com/2010/04/20/powershell-import-gpo-the-data-is-invalid-fixed/#comment-604 Tue, 11 Oct 2011 13:57:37 +0000 http://brentblawat.wordpress.com/2010/04/20/powershell-import-gpo-the-data-is-invalid-fixed/#comment-604 Thanks for the comment!

]]> Comment on Powershell Import-GPO : The Data Is Invalid Fixed by Box293 http://bittangents.com/2010/04/20/powershell-import-gpo-the-data-is-invalid-fixed/#comment-603 Tue, 11 Oct 2011 01:46:20 +0000 http://brentblawat.wordpress.com/2010/04/20/powershell-import-gpo-the-data-is-invalid-fixed/#comment-603 I came across the same error when using the Copy-GPO command. It turns out that my .migtable file did not have enough entries. My source GPO has lots of folder redirections and my .migtable file did not have an entry for the Downloads redirection. Once I added that entry everthing worked fine.

]]> Comment on PowerShell Script: Retrieving Distinguished name (DN) from A Fully Qualified Domain Name (FQDN) by Marketta Castellano http://bittangents.com/2010/02/22/powershell-script-retrieving-distinguished-name-dn-from-a-fully-qualified-domain-name-fqdn/#comment-595 Sun, 11 Sep 2011 23:36:11 +0000 http://brentblawat.wordpress.com/2010/02/22/powershell-script-retrieving-distinguished-name-dn-from-a-fully-qualified-domain-name-fqdn/#comment-595 This weblog is fantastic. There is generally all of the ideal information in the tips of my fingers. Many thanks and keep up the beneficial work!

]]> Comment on SQL Server 2008 Security Permissions – Windows / Active Directory Authentication Issues by brentblawat http://bittangents.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-575 Tue, 19 Jul 2011 15:18:32 +0000 https://brentblawat.wordpress.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-575 Chuck –
SQL Server 2008 Standard for Small Business is supposed to be installed on a domain controller that holds all of the FSMO roles. Part of the system checks that Microsoft performs is that there are no more than 75 users in Active Directory. http://www.microsoft.com/sqlserver/2008/en/us/small-business.aspx.

Do you have Small Business Server 2008 or is your domain a Standard 2008 Windows Domain?
What message is appearing within the event log / sql query that makes him think the issue is related to Active Directory?

Can you provide more details of your environment?

-Brenton

]]> Comment on SQL Server 2008 Security Permissions – Windows / Active Directory Authentication Issues by Chuck http://bittangents.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-574 Tue, 19 Jul 2011 14:46:17 +0000 https://brentblawat.wordpress.com/2010/10/04/sql-server-2008-security-permissions-windows-active-directory-authentication-issues/#comment-574 Nice post. I’m looking for a quick workaround to a different problem and I hope you can help. We have installed SQL Sever 2008 Standard for Small Business which is supposed to have unlimited database size. Ours is complaining at 10 GBytes, which our sys admin says is because we do not implement Active Directory. Do you know of a workaround to allow us to go above 10GB (without installing Active Directory)?

]]> Comment on PowerShell Script: Finding A Distinguished Name of a Group/User: Function Find-DN by Tom http://bittangents.com/2010/03/08/powershell-script-finding-a-distinguished-name-of-a-groupuser-function-find-dn/#comment-541 Thu, 26 May 2011 13:54:03 +0000 http://brentblawat.wordpress.com/2010/03/08/powershell-script-finding-a-distinguished-name-of-a-groupuser-function-find-dn/#comment-541 Great script! Would like to use it in a script listing folder permissions (including group members) however am having trouble getting find-dn to read it’s input from a txt/csv file.

Any help would be great

]]>