Orphaned Users Search and Destroy

  • This script will find users in a database that don't have an exact match for login based on SID, but I think it overstates the number of orphans because if a windows authenticated user has access to a database through an active directory group, then that group will have a different SID than the user.  If you drop that user then they loose any permissions that were applied to them directly instead of to the group.  It may be an edge case, but I know it exists where I work.

  • Chris great catch. Thank you. Yes I would use caution where the UserType is WINDOWS_LOGIN. I will publish a script soon to be used in conjunction with this one. It uses sys.xp_logininfo to "Select Group Members from Logins."

    • This reply was modified 4 years ago by  slesicki.
  • Comments posted to this topic are about the item Orphaned Users Search and Destroy

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply