unable to access the sql server people are in the user group.

Question

unable to access the sql server people are in the user group.

lazy writer

Ten Centuries

Points: 1126
More actions
April 9, 2010 at 10:56 am

#231487

Hi Seniors,
My problem is like we have a local domain and corp domain.
I have created one user group in AD and added the users in the group and I gave the admin access to this group in sql server which is in csorp domain.
The real problem is that they couldn’t access the sql server.
one of the member of that user group is already have been added in the sql server and he could able to access the sql server.
If it is the problem with 'trust' between domains, I was really wondered why it was accepted the one of the user which was already working individually without any issues.
what could be the reason any idea.
i would really appreciate you guys.
Thanks,
Kris

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply

SA-1 SSCrazy Eights Points: 8113 More actions · Answer 1

did you ever get this to work? I'm having similar problems, where some users aren't able to login to SQL Server while others part of the same group are able to.

Does the scope of the group matter?

P Jones SSChampion Points: 12352 More actions · Answer 2

I had something similar and tried all sorts of adding and removing then it turned out that the person who couldn't connect needed to change the options on their connection settings to Named Pipes. doh!

K. Brian Kelley SSC Guru Points: 114562 More actions · Answer 3

SA-1 (7/20/2010)
did you ever get this to work? I'm having similar problems, where some users aren't able to login to SQL Server while others part of the same group are able to.
Does the scope of the group matter?

Scope does matter when you cross domains. Local domain groups cannot be used outside of the domain. Global domain groups and Universal domain groups can be.

Also, are you auditing login failures? If so, what is the error in the ERRORLOG?

K. Brian Kelley
@kbriankelley

SA-1 SSCrazy Eights Points: 8113 More actions · Answer 4

Thanks for all your responses. This issue has been resolved.

In a nutshell here's what was going on...

Our AD sec admins created global groups and we recently began migrating to a new forest so they were dropping global groups and recreating them as domain local w/o informing us. This was causing invalid sids in SQL.

What's confusing is that domain global groups don't allow cross forest authentication even though online and you mention that the scope should be global or universal.

We're on AD 2000 functionality level, could that be the reason?