Hi!

Our practice is to create a service user/group in AD and assign that as the database owner. I have never been a fan of using the 'sa' account for anything other than emergency admin at the instance level and considering the level of authority the account has should IMHO not be used.

The other reason, and something that applies to us with the amount of databases we have, is that when I see a list of database users/groups, it would be nice to be able to associate them easier with the database. To that end we use AD Resource Groups and assign users to them. These users then have automatic db_owner on the database. Users of the database are then assigned to other reource groups with the appropriate permissions.

I think to say, as I have read in this post, that the owner is irrelevant is perhaps a little dangerous. The owner of the database automatically has (as expected) the right DB_OWNER which is the equivalent of God at the database level so some control over the owner needs to be had. Using 'sa' is also dangerous because, as expected, this is a SYSADMIN account with authority at the Instance-level! It doesn't take much to open a database query and run a query inside MASTER for example!

As far as possible, the rule of minimum privilege should be applied and Active Directory gives us the perfect tools to do that.

I hope that helped.....