Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Orphaned users Expand / Collapse
Author
Message
Posted Friday, April 5, 2013 4:42 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Monday, February 1, 2016 7:51 AM
Points: 308, Visits: 1,254
I've 2 sql server instances on my local system.
I backed up a database from one instance and restored that database on the other instance.
I copied over the logins from the 1st instance to the 2nd instance.

Then I ran the following statement on the 2nd instance to check if there are any orphaned users but I got 0 results.
sp_change_users_login @Action='Report'
GO

But I still cannot login into the newly restored database with any of the sql server logins. Am i missing something?
Post #1439152
Posted Friday, April 5, 2013 5:41 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Yesterday @ 5:46 PM
Points: 1,215, Visits: 8,330
You may still need to "re-associate" the SQL Login with the DB user.

I've found these two queries to do a bang-up job for finding and fixing orphaned users (and possibly what you're running into:)

--The "new" way.  Script to find orphans was pulled from SQLServerCentral.com
--Alter User is the MS recommended method to fix
use [DBName];
SELECT dp.name AS DBUser,
dp.sid AS DBSid
FROM sys.database_principals dp
LEFT OUTER JOIN sys.server_principals sp
ON dp.sid = sp.sid
WHERE sp.sid IS NULL
AND dp.type = 'S' -- SQL_USER
AND dp.principal_id > 4

use [DBName];
alter user /*{User reported from above}*/ with
login = /*{SQL Login for user}*/;

I don't recall where on here I found the "find orphaned users" query, so to whoever posted it, the credit is yours.

What you could try doing to fix your issue is, run the second part of the script, the alter user {whatever} with...
It won't hurt (unless you typo) and it may help.

Jason
Post #1439166
Posted Friday, April 5, 2013 6:53 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Yesterday @ 2:58 PM
Points: 13,971, Visits: 36,274
here's a very similar version when compared to Jasons;

if a user matches it's login SID, it fine and nothing needs to be changed.
If the SID doesn't match , it builds the ALTER USER command
if the login is missing, it builds a CREATE LOGIN command(with a default password!), and also the ALTER USER command.

depending on your situation, you might not need to create missing logins
SELECT  
CASE
WHEN svloginz.name is not null and dbloginz.sid <> svloginz.sid
THEN '--Login Exists but wrong sid: remap!
ALTER USER ' + quotename(dbloginz.name) + ' WITH LOGIN = ' + quotename(svloginz.name) + ';'
ELSE 'CREATE LOGIN ' + quotename(dbloginz.name) + ' WITH PASSWORD=N''NotARealPassword'' MUST_CHANGE, DEFAULT_DATABASE=[master], CHECK_EXPIRATION=ON, CHECK_POLICY=ON;
ALTER USER ' + quotename(dbloginz.name) + ' WITH LOGIN = ' + quotename(dbloginz.name) + ';'
END
from sys.database_principals dbloginz
LEFT OUTER JOIN sys.server_principals svloginz
on dbloginz.name = svloginz.name
WHERE dbloginz.type IN ('S','U')
AND dbloginz.name NOT IN('dbo','guest','INFORMATION_SCHEMA','sys')



Lowell

--
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!
Post #1439183
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse