June 10, 2014 at 11:21 am
As we know, when databases and SQL Agent jobs are created the owner is set by default to the user who created them. We've changed many of these to sa or an appropriate AD Service Account, but there are still several objects scattered among many instances where objects are owned by individules' Windows logins.
At this time we're facing a reorganization where the existing DBAs are being laid off and replaced by outsourced DBA support. How much of a problem is this (for the database processes that is)?
My underdanding of what "owner" means is that the owner can access these objects while bypassing normal secuity checks. If that is all, then will everything continue to work when the AD accounts are disabled? How about Agent Jobs? What other gotchas are when individual's accounts are disabled? (Not that it will be my problem when this happens, but while I'm still here I do feel responsible to prevent future issues).
June 10, 2014 at 1:17 pm
If I recall it correctly, some SQL Server Agent jobs owned by the DBA at a previous project started giving issues when the DBA was fired and his account was removed.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
June 11, 2014 at 3:09 am
Koen Verbeeck (6/10/2014)
If I recall it correctly, some SQL Server Agent jobs owned by the DBA at a previous project started giving issues when the DBA was fired and his account was removed.
Yes, you'll get a message in the SQL Agent log along the lines of: "unable to determine if domain\account has server access."
Regards
Lempster
EDIT: Added missing closing quote marks.
June 11, 2014 at 3:28 am
It can be a problem when the domain account is removed. For databases most things will work, then a few things (like replication) will give odd error messages. Jobs may or may not run depending what they need to access.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
June 12, 2014 at 6:45 am
We had one here a few years ago. There was a consultant that designed a database and application for us. A few months after he left, his AD account was removed and the jobs stopped working altogether (I don't remember the exact error message). Once we changed the job owner, everything worked again.
ETA: This was in SQL 2005.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply