locked
Sql Server 2008 and using AD groups for Logins\Users RRS feed

  • Question

  • I created two AD groups (AD1, AD2) and added the same dev user to each group. Next  I created two databases (DB1, DB2) on the same sql 2008 server. I assigned AD1 and AD2 login permission at the  server level  and made ADx a user of DBx. When the dev in the group tried to log into the sql server the login failed. Can you clarify this behaviour?

    TIA,

    edm2

    P.S.  After several attempts I found that if I went to the group (DB >Security > Users)and assigned that group as owner of the db_owner schema then they gained DB access (!)  and could expand tables, etc. Now, I'm totally confused. How come SSMS let's me create a group, assign it permisisons in the usual manner, but won't let the group members access the database? 

    Bottom line: I don't want to add individual dev as Sql logins\users for each database. I'd rather use AD assuming Sql supports that type of thinking fully.




    • Edited by edm2 Wednesday, May 1, 2013 8:48 PM
    • Moved by Alberto MorilloMVP Thursday, May 2, 2013 2:26 AM More appropiate
    Wednesday, May 1, 2013 7:58 PM

All replies