i've put together this cursor in the past that iterates through all windows groups in SQL, and enumerates their members.
finally, i account names that were found for admin vs user priviledges.
i tested this on a server that has no individual windows logins, all logins inherited through groups,and i get the individuals i'm looking for.
IF OBJECT_ID('[tempdb].[dbo].[#TMP]') IS NOT NULL
DROP TABLE [dbo].[#TMP]
CREATE TABLE [dbo].[#TMP] (
[ACCOUNT NAME] NVARCHAR(256) NULL ,
[TYPE] VARCHAR(8) NULL ,
[PRIVILEGE] VARCHAR(8) NULL ,
[MAPPED LOGIN NAME] NVARCHAR(256) NULL ,
[PERMISSION PATH] NVARCHAR(256) NULL )
USE MASTER
declare
@isql varchar(2000),
@name varchar(64)
declare c1 cursor for
select name FROM master.sys.server_principals
WHERE type_desc = 'WINDOWS_GROUP'
AND name NOT LIKE '%$%'
AND name not like 'NT SERVICE\%'
open c1
fetch next from c1 into @name
While @@fetch_status <> -1
begin
select @isql = 'INSERT INTO #TMP EXEC master..xp_logininfo @acctname = ''' + @name +''',@option = ''members'' '
print @isql
exec(@isql)
fetch next from c1 into @name
end
close c1
deallocate c1
SELECT * FROM #tmp
--SELECT IS_SRVROLEMEMBER('sysadmin',[Account Name]),* FROM #tmp
Lowell