Yes we did.
I don’t remember how 🙂 Give me a few hours to chase up the details.
I remember it ended up being a PSS fix which was nice to have them help.
Oh I remembered the PSS persons name and found the steps she recommended:
I suggest that you try to implement the below changes in AD:
1. Add the SQL service account (SVCNS02IS0V001SQL) into the Windows Authorization Access group
To add the SQL service account into the Windows Authorization Access group, do as follows:
– Open ADUC (Active Directory Users and Computers) console on a domain controller which hosts the user account – SVCNS02IS0V001AGT.
– Go to the Builtin container. Find Windows Authorization Access Group
– Open its properties. Under the Members tab, add the SQL service account into the list.
– Apply the changes.
– Restart the SQL service to re-logon the SQL service account.
– Check if the issue persists.
2. Also, confirm if the SVCNS02IS0V001SQL service account has at least Read permission on the user account object (SVCNS02IS0V001AGT) for this attribute: