Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Multiple Logins with the same SID? Expand / Collapse
Author
Message
Posted Monday, September 16, 2013 1:59 PM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: Monday, September 16, 2013 1:59 PM
Points: 505, Visits: 117
So I am helping a customer out with some weird problems that they are having with Users and Logins and I dump the
sys.server_principals

and I notice something really strange. There are at least two instances of a WINDOWS_GROUP and WINDOWS_LOGIN entry that have the exact same SID.

Is this supposed to be possible? Or I am right that that is seriously wrong and needs to be fixed. And if so, can someone suggest what the best way would be to fix it?




Post #1495268
Posted Monday, September 16, 2013 2:03 PM


SSCrazy Eights

SSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy Eights

Group: General Forum Members
Last Login: Thursday, June 5, 2014 10:54 AM
Points: 9,902, Visits: 9,480
Sorry, this is really me (dang browser cached an old obsolete account I had from 12 years ago...)

-- RBarryYoung, (302)375-0451 blog: MovingSQL.com, Twitter: @RBarryYoung
Proactive Performance Solutions, Inc.
"Performance is our middle name."
Post #1495269
Posted Monday, September 16, 2013 3:01 PM


Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Today @ 12:53 AM
Points: 785, Visits: 687
Not that I know, but could it be that the account was renamed in Windows and the added to SQL Server under the new name, and the old name was retained?

Erland Sommarskog, SQL Server MVP, www.sommarskog.se
Post #1495292
Posted Monday, September 16, 2013 3:16 PM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, July 16, 2014 2:59 PM
Points: 153, Visits: 973
[b]...There are at least two instances of a WINDOWS_GROUP and WINDOWS_LOGIN entry that have the exact same SID.

This should not be.
Also adding the same user with renamed Windows-Level Login-Name is not possible, since the same SID will be recognized. I would not know how to prevent that check. But theoretically by editing the system tables directly or some other fancy method it might have "happened".
Check the Logins at Windows Level.. to which Login they are pointing.. I mean there can only be one after all.. even more on windows level.


Andreas

---------------------------------------------------
MVP SQL Server
Microsoft Certified Master SQL Server 2008
Microsoft Certified Solutions Master Data Platform, SQL Server 2012
www.insidesql.org/blogs/andreaswolter
www.andreas-wolter.com
Post #1495298
Posted Monday, September 16, 2013 3:22 PM


SSCrazy Eights

SSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy EightsSSCrazy Eights

Group: General Forum Members
Last Login: Thursday, June 5, 2014 10:54 AM
Points: 9,902, Visits: 9,480
Yep, my bad. The SIDs were not in fact the same, they differed by a single letter somewhere around character 38.

Sorry, and thanks for the responses.


-- RBarryYoung, (302)375-0451 blog: MovingSQL.com, Twitter: @RBarryYoung
Proactive Performance Solutions, Inc.
"Performance is our middle name."
Post #1495302
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse