Does anyone have script(s) to change logins & users from 1 domain to another
?
Or know of a Microsoft paper on how to do this programatically? We're
merging 2 domains in our company and I have several SQL2000 servers (each
with multiple databases) in the domain that's going to be dropped.
I think the script would be something like:
update sysxlogins set name = 'OLDDOMAIN\someuserid'
where name like 'NEWDOMAIN\domuserid'
but how do I dynamically read & replace the id after the \ ? And what about
users? And are there other tables I need to update?
Any help would be appreciate and thanks in advance!Missy,
Please do not directly update sysxlogins. What will happen to your SIDs?
Do something like this:
sp_helplogins -- returns all the logins and database roles to which they
belong. (But not individual object permissions.)
If necessary, run sp_helprotect for each old login to get further rights for
the new logins. Script those as well.
From this information, create a script that creates new logins with the
proper domain.
exec sp_grantlogin 'Newdomain' + substring(Loginame, CHARINDEX('',
Loginame), 50)
Run appropriate scripts in each database to assign the new logins to the
proper roles and to add the other rights that sp_helprotect might indicate.
Once the New Logins are set up, remove the old logins or do an sp_denylogin
for each until your are sure that your definitions are fine.
RLF
"Missy" <Missy@.discussions.microsoft.com> wrote in message
news:94F749B6-FB39-4789-9F64-F43433C4611E@.microsoft.com...
> Does anyone have script(s) to change logins & users from 1 domain to
> another?
> Or know of a Microsoft paper on how to do this programatically? We're
> merging 2 domains in our company and I have several SQL2000 servers (each
> with multiple databases) in the domain that's going to be dropped.
> I think the script would be something like:
> update sysxlogins set name = 'OLDDOMAIN\someuserid'
> where name like 'NEWDOMAIN\domuserid'
> but how do I dynamically read & replace the id after the \ ? And what
> about
> users? And are there other tables I need to update?
> Any help would be appreciate and thanks in advance!|||Russell,
I was hoping the SIDS would remain the same if I simply changed the
Domain\User in sysxlogins and then also in sysusers.
I've looked at article Q240872, but I'm not sure if the sp_sidmap will help
or not as it only alters sysusers.
Do you know anyone who has done this? There's got to be sites that have
changed Domains and needed to update their sql servers programattically...
Thanks,
Missy
"Russell Fields" wrote:
> Missy,
> Please do not directly update sysxlogins. What will happen to your SIDs?
> Do something like this:
> sp_helplogins -- returns all the logins and database roles to which they
> belong. (But not individual object permissions.)
> If necessary, run sp_helprotect for each old login to get further rights f
or
> the new logins. Script those as well.
> From this information, create a script that creates new logins with the
> proper domain.
> exec sp_grantlogin 'Newdomain' + substring(Loginame, CHARINDEX('',
> Loginame), 50)
> Run appropriate scripts in each database to assign the new logins to the
> proper roles and to add the other rights that sp_helprotect might indicate
.
> Once the New Logins are set up, remove the old logins or do an sp_denylogi
n
> for each until your are sure that your definitions are fine.
> RLF
> "Missy" <Missy@.discussions.microsoft.com> wrote in message
> news:94F749B6-FB39-4789-9F64-F43433C4611E@.microsoft.com...
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment