November 17, 2010 at 4:32 pm
Got a bizarre problem that we can't seem to figure out.
We have a large enterprise with many regions and each region has it's own domain controller and SQL Server. We have an AD group called "Domain Users" which all standard users are a member of. This AD group has access to the SQL Servers in the "public" role and we restrict security through the applications which hit the SQL Server. The application connects to the SQL server using Windows Authentication.
Anyways, we have a user who requested a AD username change because of a marriage. The AD username was updated in our main office. She is able to connect to the application in our main office without a problem. However when she connects to any other office, she gets an error from the app which indicates her user account doesn't exist in the application.
If I run Profiler against the two servers, the server in the main office shows her new user account in the LoginName field. However in the other servers, they all show the old username in the LoginName like the SQL Server has somehow cached the username against a SID or something.
I've checked the local DC's and the new username has propagated out to all of them.
I am STUMPED. I'm tempted to just reboot a SQL server to see if that fixed it, however, that is not a great solution for this as we have a lot of these systems and rebooting a ton of production servers isn't viable whenever a username changes.
Any help would be appreciated!
November 17, 2010 at 6:25 pm
I'm slightly confused, is the person a login in SQL Server as a part of a group, or do they have an explicit login?
November 17, 2010 at 6:43 pm
They do not have an explicit login, they only access through the AD group
November 19, 2010 at 9:27 am
Ok so a little more info. The servers that ARE working, I don't think it is because of the location, there is one other server that does work outside of the main office, but these are all SQL 2000 servers. The only servers she is having issues with are SQL 2008 servers, running W2K8 server.
Not sure if that helps anyone...
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply