patternMinor
User Windows login name has been changed in AD yet session in SQL 2008 Profiler shows the old Windows login name
Viewed 0 times
profilerthe2008sqluserloginbeenyethasname
Problem
Background: a user had her name changed in Active Directory from Domain\oldname to Domain\newname and successfully logged into the network with Domain\newname and yet Domain\oldname appears in columns LoginName and NTUserName in Profiler.
User's SQL Server permissions are granted via a group set up in SQL Server security.
The question: Has anyone observed this behavior and know why SQL Server is still picking up Domain\oldname (sp_who2 shows same information)?
BTW, have spent considerable time researching before posting question here and it appears to me that is no real issue with Profiler/SQL 2008 R2.
User's SQL Server permissions are granted via a group set up in SQL Server security.
The question: Has anyone observed this behavior and know why SQL Server is still picking up Domain\oldname (sp_who2 shows same information)?
BTW, have spent considerable time researching before posting question here and it appears to me that is no real issue with Profiler/SQL 2008 R2.
Solution
I guess I can't comment on your question since this is the first time I've used stack exchange but is this an AD group that the user is in? Sometimes people say group when they mean SQL role so I just wanted to get some clarification.
The reason I ask is because if the user has a login on the server of domain\olduser when you change the name in AD to domain\newuser you have to go into SQL and change the login to domain\newuser. I've done this and it works perfectly fine and you don't have to do anything as drastic as restart SQL. I do not know if the account name will eventually change to the new one over time but my guess would be no.
I do not know, however, what happens when the user is just part of an AD group that has permissions and doesn't actually have a login on the server. Hence the need for clarification so I can look into that.
The reason I ask is because if the user has a login on the server of domain\olduser when you change the name in AD to domain\newuser you have to go into SQL and change the login to domain\newuser. I've done this and it works perfectly fine and you don't have to do anything as drastic as restart SQL. I do not know if the account name will eventually change to the new one over time but my guess would be no.
I do not know, however, what happens when the user is just part of an AD group that has permissions and doesn't actually have a login on the server. Hence the need for clarification so I can look into that.
Context
StackExchange Database Administrators Q#13766, answer score: 5
Revisions (0)
No revisions yet.