locked
Removed login, now cannot add it back RRS feed

  • Question

  • I had a login 'domain\DBAdmin' that was I was replacing with another user.

    I added the new user (which contains the same members) and dropped the login above.

    The users are no longer allowed access to the server, I tried to add the login back but recieved this error message -

    Msg 15401, Level 16, State 1, Line 1

    Windows NT user or group 'Domain\DBAdmin' not found. Check the name again

    I run xp_logininfo and received this message -

    Msg 15404, Level 16, State 11, Procedure xp_logininfo, Line 62

    Could not obtain information about Windows NT group/user 'CLT_LASH\DBAdmin', error code 0x534.

    I just dropped from the SQL Server, so where did it go and why can't I add it back?

     

    Tuesday, June 14, 2011 2:55 PM

Answers

  • Have you checked to see if the domain\DBAdmin account still exists on the domain?  I assume so, but please double check.

    What do you get if you running the following code?

    select name AS db_name, suser_sname(owner_sid) AS owner_name
    from sys.databases
    WHERE name = 'yourdatabasename'

    You could get a NULL for the owner_name.  This problem can be caused by a mismatch of the database owner recorded in sys.databases and the login associated with the dbo user inside the database.  Without knowing your whole state, try doing this:

    -- Run one of these depending on your SQL Server version
    ALTER AUTHORIZATION ON DATABASE::Yourdb TO [sa];
    ALTER AUTHORIZATION ON DATABASE::Yourdb TO [Domain\DBAdmin];
    -- Or
    USE Yourdb;
    exec sp_changedbowner 'sa';
    exec sp_changedbowner 'Domain\DBAdmin';

    The change to 'sa' may not be essential, but it returns you to a known point before trying to reset to the desired owner.

    RLF



    • Marked as answer by WeiLin Qiao Sunday, June 26, 2011 10:30 AM
    Tuesday, June 14, 2011 3:45 PM

  • Msg 15404, Level 16, State 11, Procedure xp_logininfo, Line 62

    Could not obtain information about Windows NT group/user 'CLT_LASH\DBAdmin', error code 0x534.

     

    Hex 0x534 = decimal 1332
    On command prompt you can do net helpmsg 1332 and output is "No mapping between account names and security IDs was done"

    So what you can do at this point , remove both the groups from SQL server then cleanup your AD (have the new one and drop the old one or rename the AD group name) and now try adding the new group as login.


    Thanks, Leks
    • Marked as answer by WeiLin Qiao Sunday, June 26, 2011 10:30 AM
    Wednesday, June 15, 2011 7:28 AM

All replies

  • While adding the login did you selected "Groups" checkbox under "Object Types"

    After adding the new group did you grant permissions for the databases?


    Vidhya Sagar. Mark as Answer if it helps!
    Tuesday, June 14, 2011 3:12 PM
  • Have you checked to see if the domain\DBAdmin account still exists on the domain?  I assume so, but please double check.

    What do you get if you running the following code?

    select name AS db_name, suser_sname(owner_sid) AS owner_name
    from sys.databases
    WHERE name = 'yourdatabasename'

    You could get a NULL for the owner_name.  This problem can be caused by a mismatch of the database owner recorded in sys.databases and the login associated with the dbo user inside the database.  Without knowing your whole state, try doing this:

    -- Run one of these depending on your SQL Server version
    ALTER AUTHORIZATION ON DATABASE::Yourdb TO [sa];
    ALTER AUTHORIZATION ON DATABASE::Yourdb TO [Domain\DBAdmin];
    -- Or
    USE Yourdb;
    exec sp_changedbowner 'sa';
    exec sp_changedbowner 'Domain\DBAdmin';

    The change to 'sa' may not be essential, but it returns you to a known point before trying to reset to the desired owner.

    RLF



    • Marked as answer by WeiLin Qiao Sunday, June 26, 2011 10:30 AM
    Tuesday, June 14, 2011 3:45 PM

  • Msg 15404, Level 16, State 11, Procedure xp_logininfo, Line 62

    Could not obtain information about Windows NT group/user 'CLT_LASH\DBAdmin', error code 0x534.

     

    Hex 0x534 = decimal 1332
    On command prompt you can do net helpmsg 1332 and output is "No mapping between account names and security IDs was done"

    So what you can do at this point , remove both the groups from SQL server then cleanup your AD (have the new one and drop the old one or rename the AD group name) and now try adding the new group as login.


    Thanks, Leks
    • Marked as answer by WeiLin Qiao Sunday, June 26, 2011 10:30 AM
    Wednesday, June 15, 2011 7:28 AM