Re: Impact of AD Migration on Windows authenticated SQL user account

From: John Bell (jbellnewsposts_at_hotmail.com)
Date: 03/14/04 

Date: Sun, 14 Mar 2004 15:58:24 GMT

Hi

This sounds like you are changing the domain as well during the migration.
In which case look at:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;240872

I believe in the documentation that SIDs are retained by ADMT, if it did not
all sorts of other privilege related problems would occur.

John

"Teo Chee Yang" <anonymous@discussions.microsoft.com> wrote in message
news:c64d01c40915$7d155610$a401280a@phx.gbl...
> Personally I doubt that ADMT does translate any SQL
> permissions and rights assigned to Windows-authenticated
> SQL user accounts.
>
> Besides, I realized that from the Security, Logins folder
> that once the logins are defined as <NT4
> domain>\<username>, we cant changed it, even before the
> migration of the SQL server computer account.
>
> Any more feedback?
>
> >-----Original Message-----
> >Hi
> >
> >If you are using the AD migration tool then you should
> keep the same SIDs
> >and therefore there should not be a problem.
> >
> >If you do change SIDS then the amount of rework would be
> reduced if you used
> >NT groups when granting premissions rather than
> individual users.
> >
> >John
> >
> >"Teo Chee Yang" <anonymous@discussions.microsoft.com>
> wrote in message
> >news:c11b01c40893$25655870$a301280a@phx.gbl...
> >> We have SQL applications in which some of the SQL user
> >> accounts are integrated with Windows authentication.
> >>
> >> We would like to find out whether any of you have
> >> migrated any SQL based applications of which the SQL
> user
> >> accounts were configured to make use of Windows
> >> authentication instead of SQL authentication. Will the
> >> Windows accounts in SQL be automatically translated to
> >> the new AD account (with all necessary SQL
> >> rights/permissions) or do we have to manually recreate
> &
> >> reconfigure all Windows accounts in SQL and its
> >> rights/permissions?
> >>
> >> Appreciate some feedback. Thanks.
> >>
> >> .
> >>
> >>
> >
> >
> >.
> >

Relevant Pages

  • Re: ADMT V2.0 NT4.0 -> Windows 2003
    ... > So after the user and workstation accounts have been migrated with ADMT, ... >> The old sid is kept in the sidhistory and will remain there until you ... If you finished your migration and translated all permissions on ... >> user logs on he's getting a token with SIDs for himself, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Multiple DOMAINS - SINGLE SIGN ON
    ... on the data specifies the SIDs of the users in the OLD domain. ... What you need to do is to use ADMTv3 (Active Directory Migration Tool) ... After that you need to MIGRATE the data and reacl (also with ADMT) ... data you can cleanup SIDhistory ...
    (microsoft.public.win2000.active_directory)
  • Re: ADMT V2.0 NT4.0 -> Windows 2003
    ... > If you use ADMT the NT4 domain needs to be named differently than the new AD ... > The old sid is kept in the sidhistory and will remain there until you clean it ... If you finished your migration and translated all permissions on files, ... > user logs on he's getting a token with SIDs for himself, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Infrastructure Master FSMO role, Global Catalogs and Forest Trusts
    ... I ran ADMT for the migration including the security translation wizard on my ... resource machines (I did it to all workstations and servers) when the ... then remove the FSP". ... Then start cleaning up ACLs that reference the old SIDs (ACLs don't need ...
    (microsoft.public.windows.server.active_directory)
  • RE: Migration to SQL 2005 for Workgroups
    ... I understand you want to upgrade to SBS SQL 2005 on SBS R2. ... You could upgrade the SharePoint named instance to full ... Microsoft CSS Online Newsgroup Support ... Migration to SQL 2005 for Workgroups ...
    (microsoft.public.windows.server.sbs)