RE: Cross domain authentication in SQL 2005

---

• From: Linchi Shea <LinchiShea@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 16 Apr 2008 20:50:00 -0700

---

SQL Server Windows authentication works fine when the two domains trust each
other.

Linchi

"Greg" wrote:

Hi,

I wanted to start by saying that I am not a SQL Expert. My question
revolves around mixed mode authentication and cross domain authentication.

We are running a WIndows 2003 Domain both forest and Domain are at windows
2003 functional level. Currently we have all our SQL databases in Domain A.
We are in the process of consolidating our business and its many domains
into a new domain, Domain B. Both Domains are childs of root parent eg
DomainA.parent.com and DomainB.parent.com. We are currently building a SQL
Cluster and would like to join the Domain B domain, however, some questions
were raised regarding current users in Domain A, how they would access the
SQL servers in Domain B.

At the moment users login via an application using their Domain A
credentials which this is passed to the back end SQL server. When I view
the currently logged in users on the DB, I can see that they are logged is as
DomainA\username. My concern is that if we add the SQL servers to domain B,
will the SQL servers recognize and send the authentication request to the
clients domain for authentication and allow the user access? There is a 2
way trust between Domain A and Domain B.

E.g. user Bob that is a member of Domain A signs into the application or SQL
server that is now on Domain B using Domain A login credentials... will the
credentials pass through correctly?
Also, if the Database roles were assigned to a Domain A group, I am assuming
that I would need to recreate that group on Domain B and add the users from
Domain A into that group to allow of access?
Thanks for the help, hopefully I have been able to explain the issue....

Greg

.

---

• References:
  • Cross domain authentication in SQL 2005
    • From: Greg

• Prev by Date: RE: SQL 2000 & Multiple Instances....
• Next by Date: RE: configuring plans to go to a different drive
• Previous by thread: Cross domain authentication in SQL 2005
• Next by thread: SQL 2000 & Multiple Instances....
• Index(es):
  • Date
  • Thread

---

Relevant Pages Converting to Windows Authentication ... I've got about ten Windows 2000 Sql servers that I am ... There are currently two sql server logins ... authentication when a trusted connection will always use ... (microsoft.public.sqlserver.security) List SQL servers in a network ... Most of the solutions use SQLDMO to list all sql servers in the network like ... public static string[] GetAvailableSQLServers ... - this does not work with Windows XP (see SQLDMO documentation: ... (microsoft.public.dotnet.general) MS03-031 Problems ... I manage several SQL Servers (2000 Enterprise Edition ... default instance and two or more named instances ... These servers run in a Windows NT4 ... I have found that if I configure the service accounts to ... (microsoft.public.sqlserver.security) Re: Unable to detect USB ver Tape Drive on SQL Server 2000 ... I did test it on two different SQL Servers (computers), one on Windows ... tape drive on Enterprise Manager. ... (microsoft.public.sqlserver.setup) Re: SQLDMO user stop server, windows user cant ... > I have an application using SQLDMO and C#. ... > will always use windows authentication to sql servers. ... Starting, stopping and pausing the server is a Windows function, not SQL ... (microsoft.public.sqlserver.programming)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > SQL-Server  > microsoft.public.sqlserver.setup  > 2008-04