debugsqlMinor
Cannot login to SQL Server as a member of AD group
Viewed 0 times
cannotgroupsqlloginmemberserver
Problem
I have created a login for an AD group:
One of the members of that AD group is a user named DBGuy. I can see the DBGuy user in this AD group if I execute
But if I try to login using the DBGuy account, I get an error:
Error Number: 18456
Severity: 14
State: 1
Line Number: 65536
And in the error logs I see:
Login failed for user 'MYDOMAIN\DBGuy'. Reason: Could not find a login matching the name provided. [CLIENT: 192.168.50.127]
Some other info....
having an issue with this group.
describing a similar issue regarding the default database in the
connection- I have set the default database to master in the
connection settings.
CREATE LOGIN [MYDOMAIN\Development Admins] FROM WINDOWS WITH DEFAULT_DATABASE=[master]One of the members of that AD group is a user named DBGuy. I can see the DBGuy user in this AD group if I execute
xp_logininfo 'MYDOMAIN\Development Admins', 'members'But if I try to login using the DBGuy account, I get an error:
Error Number: 18456
Severity: 14
State: 1
Line Number: 65536
And in the error logs I see:
Login failed for user 'MYDOMAIN\DBGuy'. Reason: Could not find a login matching the name provided. [CLIENT: 192.168.50.127]
Some other info....
- Other AD accounts seem to work fine as Windows logins, I am only
having an issue with this group.
- I found an article from Aaron Bertrand
describing a similar issue regarding the default database in the
connection- I have set the default database to master in the
connection settings.
- One blog post suggested using
exec sp_change_users_login Reportto look for orphaned users; this returns zero rows for me.
Solution
This is an old thread, but it was the first hit on Google when I encountered the same issue.
My two cents:
In my case it turned out that the AD group was a Distribution group, instead of a Security group, hence it could not be used to grant access to SQL Server.
My two cents:
In my case it turned out that the AD group was a Distribution group, instead of a Security group, hence it could not be used to grant access to SQL Server.
Context
StackExchange Database Administrators Q#163742, answer score: 6
Revisions (0)
No revisions yet.