patternsqlMinor
Database User not reported as orphaned after Windows login dropped
Viewed 0 times
afterorphaneddroppeduserlogindatabasereportedwindowsnot
Problem
I have dropped a SQL Server Windows Login. I then ran the below code to check for orphaned database users. However, the database user corresponding to the dropped Windows login does not appear as an orphaned user.
Why would this be?
Why would this be?
EXEC sp_change_users_login @Action = 'Report';Solution
Thomas has explained why that stored procedure isn't capturing orphaned Windows users, but here is how you can check:
If you need to do this for all databases, you can generate this dynamically, e.g.
SELECT p.name
FROM database_name.sys.database_principals AS p
WHERE [type] IN (N'U', N'G')
AND NOT EXISTS
(
SELECT 1 FROM sys.server_principals AS sp
WHERE sp.sid = p.sid
);If you need to do this for all databases, you can generate this dynamically, e.g.
DECLARE @sql NVARCHAR(MAX) = N'';
SELECT @sql += N'SELECT ''' + db.name + ''',p.name
FROM ' + QUOTENAME(db.name) + '.sys.database_principals AS p
WHERE [type] IN (N''U'', N''G'')
AND NOT EXISTS
(
SELECT 1 FROM sys.server_principals AS sp
WHERE sp.sid = p.sid
);'
FROM sys.databases AS db
WHERE [state] = 0;
EXEC sp_executesql @sql;Code Snippets
SELECT p.name
FROM database_name.sys.database_principals AS p
WHERE [type] IN (N'U', N'G')
AND NOT EXISTS
(
SELECT 1 FROM sys.server_principals AS sp
WHERE sp.sid = p.sid
);DECLARE @sql NVARCHAR(MAX) = N'';
SELECT @sql += N'SELECT ''' + db.name + ''',p.name
FROM ' + QUOTENAME(db.name) + '.sys.database_principals AS p
WHERE [type] IN (N''U'', N''G'')
AND NOT EXISTS
(
SELECT 1 FROM sys.server_principals AS sp
WHERE sp.sid = p.sid
);'
FROM sys.databases AS db
WHERE [state] = 0;
EXEC sp_executesql @sql;Context
StackExchange Database Administrators Q#74343, answer score: 6
Revisions (0)
No revisions yet.