MS SQL and Active Directory Groups

P

Porisius

Registered User.
Local time
Tomorrow, 01:02
Joined
Apr 28, 2009
Messages
25
Simple inquiry:

Our setup:
MS SQL Server 2008 R2 with Access Front-Ends.
Read and Write Active Directory Groups for each Dept's DB
- Example: DB_Production_w ("_r" for read only access)

Network Admin wanted to get rid of the read-only groups because they're not being used. So he renamed the groups and removed the "_w", and deleted the "_r" groups. Unfortunally, we thought Active Directory would replicate them for us, and flip out on the ones that no longer existed. Fortunally though, none of the users have noticed, except when I inquired. They can all access everything just as normal.

The SQL Server still shows the old groups, as they were. Is there somewhere that SQL would/should replicate with? Or just is that the way of MS SQL? I am still fairly new to SQL Servers, and gotten pretty far from reading online and from my books.

My thanks,
Chris
 
The SQL Server Group name will not change when you change the AD name although it should continue to associate with that AD Group which is why your users still have permissions. You would have to go in and Re-Add the groups if you wanted the names to match the AD names.
 
AccessMSSQL, again thank you for the assistance.

I guess it must be linked to AD's GUID then. You would think, (I know, I know), that it would update or something would have happened because its all Microsoft products.

Guess I should be happy that I didn't have a bunch of angry users barreling down my throat. Even before I asked, I renamed them to their new names, but curiousity gets the better end of me.
 
Oh quick note, not sure if you knew this or not... but SQL Server 2008 R2 uses the Pre-Windows 2000 AD Group names. Our NetAdmin forgot to change two of the Pre-Win2000 names over, and I struggled to update them in SQL.

We had this issue when I was renaming them. I went to re-add a group before I wiped out the old one, and I got an duplicate entry error message. So I checked them out, sure enough, the name I wanted was there, but not in the Pre-Win2000 one.

So, if you are going to rename an AD Group, change the Pre-Win2000 as well, if you want to rename them in your SQL Server to match.
 
You must log in or register to reply here.

Similar threads

H
Efficient Deployment of MS Access Applications with MS SQL Server
Replies
10
Views
582
Isaac
Isaac
G
Recommendation for MS Access Admin Database for SQL Server User Management
Replies
3
Views
417
GPGeorge
GPGeorge
G
Upsized Back End to SQL, does Caching need to be removed?
Replies
13
Views
513
Pat Hartman
P
N
Can Studio Management for MS SQL Work with MySQL
Replies
4
Views
476
nector
N
A
MS ACCESS connect to SQL server BE: Authentication Prompt every time I attempt to
Replies
4
Views
286
GPGeorge
GPGeorge

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom