none
Will changing service logon account break replication?

    Question

  • I have numerous replicated databases that are part of a SQL 2000 server. Some of the replication jobs are owned by an internal SQL user and others are owned by a domain user. Both users are members of the sysadmin role.

    I need to change the SQL Server and Agent logon accounts for this server. The account currently used is a domain account that is in the Windows local administrators group, and the builtin\administrators account is also a member of the sysadmin role.  The new log on account will also be a domain account and in the local administrators group

    Is there any risk that doing this will break replication?

    TIA


    Chuck

    Monday, February 27, 2012 2:39 PM

Answers

  • Hi Chuck,

    It is ok to change the service account. Since the replication agents run under the security context of Agent service, one thing you may pay attention to is that the new startup account needs connect to additional servers, so it can be a valid login created in these servers. Also, read or write permission may be required on the snapshot files. For more information, please see: Agent Login Security.

    Also, here is an article dedicated to replication security on SQL Server 2000: SQL Server 2000 Security - Part 9 - Replication Security.


    Stephanie Lv

    TechNet Community Support

    • Marked as answer by chuckh1958 Wednesday, February 29, 2012 12:55 PM
    Wednesday, February 29, 2012 4:44 AM

All replies

  • I have numerous replicated databases that are part of a SQL 2000 server. Some of the replication jobs are owned by an internal SQL user and others are owned by a domain user. Both users are members of the sysadmin role.

    I need to change the SQL Server and Agent logon accounts for this server. The account currently used is a domain account that is in the Windows local administrators group, and the builtin\administrators account is also a member of the sysadmin role.  The new log on account will also be a domain account and in the local administrators group

    Is there any risk that doing this will break replication?

    TIA



    Chuck

    Tuesday, February 28, 2012 2:21 PM
  • Hi Chuck,

    It is ok to change the service account. Since the replication agents run under the security context of Agent service, one thing you may pay attention to is that the new startup account needs connect to additional servers, so it can be a valid login created in these servers. Also, read or write permission may be required on the snapshot files. For more information, please see: Agent Login Security.

    Also, here is an article dedicated to replication security on SQL Server 2000: SQL Server 2000 Security - Part 9 - Replication Security.


    Stephanie Lv

    TechNet Community Support

    • Marked as answer by chuckh1958 Wednesday, February 29, 2012 12:55 PM
    Wednesday, February 29, 2012 4:44 AM
  • Duplicate post of this post - http://social.msdn.microsoft.com/Forums/en/sqlsecurity/thread/90c7c32c-b98a-4949-8988-6bffd15d0d5f

    Warwick Rudd
    MCT
    My SQL Server Blog
    Twitter
    -------------------------------------------------------
    Please mark as Answered if I have answered your question
    Please vote if this was useful
    -------------------------------------------------------

    Wednesday, February 29, 2012 6:07 AM
  • Thanks for the reply. Most of the replication agents use a SQL login so I think that will continue to work. There are a few that use "impersonate agent account". It sounds like as long as I ensure that the new domain account has the sysadmin role on all of the servers in the replication environment I should be ok. If I run into any "gotchas"  I'll be sure to update this thread with them and what I had to do to fix them.

    Chuck

    Wednesday, February 29, 2012 12:55 PM