unable to access the sql server people are in the user group.

  • lazy writer

    Ten Centuries

    Points: 1126

    Hi Seniors,

    My problem is like we have a local domain and corp domain.

    I have created one user group in AD and added the users in the group and I gave the admin access to this group in sql server which is in csorp domain.

    The real problem is that they couldn’t access the sql server.

    one of the member of that user group is already have been added in the sql server and he could able to access the sql server.

    If it is the problem with 'trust' between domains, I was really wondered why it was accepted the one of the user which was already working individually without any issues.

    what could be the reason any idea.

    i would really appreciate you guys.

    Thanks,

    Kris

  • SA-1

    SSCrazy Eights

    Points: 8113

    did you ever get this to work? I'm having similar problems, where some users aren't able to login to SQL Server while others part of the same group are able to.

    Does the scope of the group matter?

  • P Jones

    SSChampion

    Points: 12328

    I had something similar and tried all sorts of adding and removing then it turned out that the person who couldn't connect needed to change the options on their connection settings to Named Pipes. doh!

  • K. Brian Kelley

    SSC Guru

    Points: 114486

    SA-1 (7/20/2010)


    did you ever get this to work? I'm having similar problems, where some users aren't able to login to SQL Server while others part of the same group are able to.

    Does the scope of the group matter?

    Scope does matter when you cross domains. Local domain groups cannot be used outside of the domain. Global domain groups and Universal domain groups can be.

    Also, are you auditing login failures? If so, what is the error in the ERRORLOG?

    K. Brian Kelley
    @kbriankelley

  • SA-1

    SSCrazy Eights

    Points: 8113

    Thanks for all your responses. This issue has been resolved.

    In a nutshell here's what was going on...

    Our AD sec admins created global groups and we recently began migrating to a new forest so they were dropping global groups and recreating them as domain local w/o informing us. This was causing invalid sids in SQL.

    What's confusing is that domain global groups don't allow cross forest authentication even though online and you mention that the scope should be global or universal.

    We're on AD 2000 functionality level, could that be the reason?

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply