SQLServerCentral / Article Discussions / Article Discussions by Author / Discuss content posted by Timothy Ford / Fixing Orphaned Users / Latest PostsInstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comWed, 22 May 2013 03:16:09 GMT20RE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxNice article:)I It's mentioned that orphaned users do no exist in Windows logins, This is true for the same domain, but if you restore the database to another domain, I believe it's not.Fri, 07 Dec 2007 13:35:10 GMTHesham A. AminRE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxI also have similar problem. Step 1. Create the file get_users_login.sql select 'exec sp_change_users_login ' + quotename('Update_One', char(39)) + ',' + quotename(sl.name, char(39)) + ',' + quotename(su.name, char(39)) + ';'from master.dbo.syslogins sljoin dbo.sysusers su on sl.sid = su.sid where sl.hasaccess = 1 and sl.isntname = 0 and sl.name not in ('guest', 'dbo', 'sys', 'INFORMATION_SCHEMA')Step 2.osql get_users_login.sql -o fix_users_login.sql -w 2048 -n -h-1Step 3.Run osql fix_users_login.sql against any other serverThu, 06 Dec 2007 13:52:12 GMTDmitriy BurtsevRE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxI used to use sp_update_user_logins all the time, but with 80+ servers and almost 1,000 databases that I support without aid of a Jr. DBA I had to abandon that for something more automated and global across multiple logins at one time. It is a great stored proc though.Wed, 05 Dec 2007 08:05:35 GMTTimothy Ford-473880RE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspx[quote][b]ThomasLL (12/4/2007)[/b][hr]What is the difference between Auto_Fix and Update_One?ThomasLL[/quote]AUTO_FIX matches based on the user alias in the DB to a login account.UPDATE_ONE allows you to specify the alias mapping to the login account.See BOL for more detail if needs be.Wed, 05 Dec 2007 07:35:01 GMTAntares686RE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxWhat is the difference between Auto_Fix and Update_One?ThomasLLTue, 04 Dec 2007 15:43:33 GMTThomas LeBlancRE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxThis is what I personally useselect 'exec sp_change_users_login ''AUTO_FIX'',''' + [name] + '''', * from sysusers where status != 0 and uid &gt; 2it builds a string for each account, then I take and run the resultset in another &#119;indow.Tue, 04 Dec 2007 10:33:30 GMTAntares686RE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxGreat article Tim. Thanks. You said:[quote]You can add the login to the SQL instance and re-run the script thereby reconciling the user and login.[/quote] Since you are discussing moving from test to production would it not be better to scan for missing logins and removed those users by default? The thinking is more restriction is better so if the login does not exist on the server you can't [b]grant[/b] permissions.I have the same challenge in the opposite direction. I pull production databases and restore to our development servers. I had this problem in SQL 2000 but I found an odd work-around. If I stop and restart the service SQL seems to relink my logins by itself. :)Tue, 04 Dec 2007 09:57:03 GMTCharles KincaidRE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxsp_helprevlogin is the procedure, but it's a 2005 one only now. They updated it. The original for 7/2000 is available in the script library here.http://www.sqlservercentral.com/scripts/Maintenance+and+Management/31711/Nice article, Tim!Tue, 04 Dec 2007 07:45:51 GMTSteve Jones - SSC EditorRE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxI agree that sync'ing SID's is a pretty good idea. MS also has a script up on MSDN that will script out all your logins along with the encrypted passwords so you can just run it against the other server and be done.Tue, 04 Dec 2007 06:54:11 GMTAndy WarrenRE: Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxI agree that this can be an issue but you can help yourself out a little by reviewing the syntax of the "CREATE LOGIN" or "sp_addlogin" commands.Both of these commands allow you to specify the SID. If you are able to specify the same SID for the logins on each of the servers, you can happily backup/restore databases between instances and the login and user entries will match because you created the login on each instance with the same SID.This is especially important when you are using log shipping or database mirroring. When a problem occurs and your primary server dies, there is one less issue that needs to be handled to get your standby database online. In the case of mirroring, ensuring that you use the same SID allows you to automatically bring the mirroring online with no intervention required.Mon, 03 Dec 2007 21:35:30 GMThappycat59Fixing Orphaned Usershttp://www.sqlservercentral.com/Forums/Topic429094-1147-1.aspxComments posted to this topic are about the item [B]<A HREF="/articles/Administration/61648/">Fixing Orphaned Users</A>[/B]Mon, 03 Dec 2007 21:27:24 GMTTimothy Ford-473880