Post reply

Orphaned Users Search and Destroy

  • Chris Harshman

    SSC-Forever

    Points: 42037

    March 10, 2020 at 6:17 pm

    #3732962

    This script will find users in a database that don't have an exact match for login based on SID, but I think it overstates the number of orphans because if a windows authenticated user has access to a database through an active directory group, then that group will have a different SID than the user.  If you drop that user then they loose any permissions that were applied to them directly instead of to the group.  It may be an edge case, but I know it exists where I work.

  • slesicki

    SSC Enthusiast

    Points: 194

    March 12, 2020 at 12:38 am

    #3733424

    Chris great catch. Thank you. Yes I would use caution where the UserType is WINDOWS_LOGIN. I will publish a script soon to be used in conjunction with this one. It uses sys.xp_logininfo to "Select Group Members from Logins."

    • This reply was modified 3 weeks, 2 days ago by  slesicki.

  • slesicki

    SSC Enthusiast

    Points: 194

    March 13, 2020 at 3:48 pm

    #3732864

    Comments posted to this topic are about the item Orphaned Users Search and Destroy

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply