HiveBrain v1.2.0
Get Started
← Back to all entries
debugsqlMinor

Cannot login to SQL Server as a member of AD group

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
cannotgroupsqlloginmemberserver

Problem

I have created a login for an AD group:

CREATE LOGIN [MYDOMAIN\Development Admins] FROM WINDOWS WITH DEFAULT_DATABASE=[master]


One of the members of that AD group is a user named DBGuy. I can see the DBGuy user in this AD group if I execute

xp_logininfo 'MYDOMAIN\Development Admins', 'members'


But if I try to login using the DBGuy account, I get an error:


Error Number: 18456

Severity: 14

State: 1

Line Number: 65536

And in the error logs I see:


Login failed for user 'MYDOMAIN\DBGuy'. Reason: Could not find a login matching the name provided. [CLIENT: 192.168.50.127]

Some other info....

  • Other AD accounts seem to work fine as Windows logins, I am only


having an issue with this group.

  • I found an article from Aaron Bertrand


describing a similar issue regarding the default database in the
connection- I have set the default database to master in the
connection settings.

  • One blog post suggested using exec sp_change_users_login Report to look for orphaned users; this returns zero rows for me.

Solution

This is an old thread, but it was the first hit on Google when I encountered the same issue.

My two cents:
In my case it turned out that the AD group was a Distribution group, instead of a Security group, hence it could not be used to grant access to SQL Server.

Context

StackExchange Database Administrators Q#163742, answer score: 6

Revisions (0)

No revisions yet.