Sign in
 
HomeLibraryLearnDownloadsTroubleshootingCommunityForums
SQL Server Developer Center >
Will changing service logon account break replication?

Answered Will changing service logon account break replication?

  • Monday, February 27, 2012 2:39 PM
     
     
    Sign In to Vote
    0

    I have numerous replicated databases that are part of a SQL 2000 server. Some of the replication jobs are owned by an internal SQL user and others are owned by a domain user. Both users are members of the sysadmin role.

    I need to change the SQL Server and Agent logon accounts for this server. The account currently used is a domain account that is in the Windows local administrators group, and the builtin\administrators account is also a member of the sysadmin role.  The new log on account will also be a domain account and in the local administrators group

    Is there any risk that doing this will break replication?

    TIA

    Chuck

     

All Replies

  • Tuesday, February 28, 2012 2:21 PM
     
     
    Sign In to Vote
    0

    I have numerous replicated databases that are part of a SQL 2000 server. Some of the replication jobs are owned by an internal SQL user and others are owned by a domain user. Both users are members of the sysadmin role.

    I need to change the SQL Server and Agent logon accounts for this server. The account currently used is a domain account that is in the Windows local administrators group, and the builtin\administrators account is also a member of the sysadmin role.  The new log on account will also be a domain account and in the local administrators group

    Is there any risk that doing this will break replication?

    TIA

    Chuck

     
  • Wednesday, February 29, 2012 4:44 AM
    Moderator
     
     Answered
    Sign In to Vote
    0

    Hi Chuck,

    It is ok to change the service account. Since the replication agents run under the security context of Agent service, one thing you may pay attention to is that the new startup account needs connect to additional servers, so it can be a valid login created in these servers. Also, read or write permission may be required on the snapshot files. For more information, please see: Agent Login Security.

    Also, here is an article dedicated to replication security on SQL Server 2000: SQL Server 2000 Security - Part 9 - Replication Security.

    Stephanie Lv

    TechNet Community Support

    • Marked As Answer by chuckh1958 Wednesday, February 29, 2012 12:55 PM
    •  
     
  • Wednesday, February 29, 2012 6:07 AM
     
     
    Sign In to Vote
    0
    Duplicate post of this post - http://social.msdn.microsoft.com/Forums/en/sqlsecurity/thread/90c7c32c-b98a-4949-8988-6bffd15d0d5f

    Warwick Rudd
    MCT
    My SQL Server Blog
    Twitter
    -------------------------------------------------------
    Please mark as Answered if I have answered your question
    Please vote if this was useful
    -------------------------------------------------------

     
  • Wednesday, February 29, 2012 12:55 PM
     
     
    Sign In to Vote
    0
    Thanks for the reply. Most of the replication agents use a SQL login so I think that will continue to work. There are a few that use "impersonate agent account". It sounds like as long as I ensure that the new domain account has the sysadmin role on all of the servers in the replication environment I should be ok. If I run into any "gotchas"  I'll be sure to update this thread with them and what I had to do to fix them.

    Chuck