|
|
|
date: Mon, 21 Jul 2008 16:18:51 -0400,
group: microsoft.public.sqlserver.security
back
Re: Rename AD group
A.M.,
It has been a while since I did this, back on SQL Server 2000. I don't
believe there is a command in SQL Server 2000, so I probably did something
very illegal like update the system table. (Impossible in SQL Server 2005
and not really a good idea in SQL Server 2000.)
In SQL Server 2005, you can ALTER LOGIN [loginname] WITH NAME=[newname].
This will work if the SID for the new name is the same as the SID for the
old name. (Which is your case.) However, this does not rename the users in
the database, so you must also run ALTER USER [username] WITH NAME =
[newusername] for each database where the login is a user.
If you want it to be really clean, you might prefer to script out all the
rights to the login and users then drop the old users and logins. After
that recreate the new new login and regrant the rights. To find role
memberships of a login you may:
exec sp_helplogin [loginname]
However, rights granted directly to a login (something I rarely do) have to
be found in each database, perhaps by using:
exec sp_helprotect @username=username
In SQL Server 2005 there are some new views, but that won't help you with
SQL Server 2000.
RLF
"A.M." wrote in message
news:uTrp%23726IHA.1196@TK2MSFTNGP05.phx.gbl...
> Hi,
>
> Our Active Directory team renamed a group name from DOMAIN\GROUP1 to
> DOMAIN\GROUP2. Although everything is Ok on Windows side (All references
> to DOMAIN\GROUP1 is changed to DOMAIN\GROUP2 for example in local admin),
> SQL Server still shows DOMAIN\GROUP1 in its login list and
> sp_validatelogins reports DOMAIN\GROUP1 as invalid group name.
>
> How can I refresh syslogins (or anywhere else) on SQL Server 2000 and 2005
> to have DOMAIN\GROUP2 instead?
>
> Thanks
>
date: Tue, 22 Jul 2008 15:26:01 -0400
author: Russell Fields
|
|
