locked
How to audit SQL Server DB for DOMAIN\Administrator usage ? RRS feed

  • Question

  • Hi All,

    I'd like to know what should I pay attention in the database when I rename the DOMAIN\Administrator into other name and change its password ?

    let me know where to look for so that I know where to anticipate it first.

    Thanks.

    /* Server Support Specialist */
    Tuesday, June 28, 2011 11:43 PM

Answers

  • Hi Albert,

    For SQL Server 2005 or later, you can use ALTER LOGIN to rename the Windows login name:

    ALTER LOGIN [OldName\domainname] WITH NAME = [NewName\ domainname];
    


    For SQL Server2000, you can use SP_SIDMAP stored procedure to map the user with the existing login:

    -- This stored procedure would not rename the domain name from the login.
    1) The customer wanted to change the domain name from AIB to AD for the login AIB\<account name>
    2) created a new account with the name AD/<Account Name>
    3) Then ran the stored procedure as below.
    EXEC sp_SidMap @old_domain = 'AIB',
    @new_domain = 'AD',
    @old_server = old_server_name,
    @new_server = new_server_name

     

    4) check the SID for the AIB\<account name> and AD/<Account Name> and compare with the user in the database.
    5) expected result is that SID of the database user should be equal to AD/<Account Name>. But it didn’t happen.
    6) renamed the database user to AD/<Account Name> and then ran the sp_SidMap stored procedure.
    7) This time the SID was changed as expected.
    8) renamed the database user to the earlier name.

    For more information, please refer to: CHANGE THE DOMAIN NAME FOR SQL SERVER LOGIN.

    Additionally, changing the password of Windows login will not effect on the SQL Server.

     

     

    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Best Regards,
    Stephanie Lv


    Wednesday, June 29, 2011 1:24 AM

All replies

  • Hi Albert,

    For SQL Server 2005 or later, you can use ALTER LOGIN to rename the Windows login name:

    ALTER LOGIN [OldName\domainname] WITH NAME = [NewName\ domainname];
    


    For SQL Server2000, you can use SP_SIDMAP stored procedure to map the user with the existing login:

    -- This stored procedure would not rename the domain name from the login.
    1) The customer wanted to change the domain name from AIB to AD for the login AIB\<account name>
    2) created a new account with the name AD/<Account Name>
    3) Then ran the stored procedure as below.
    EXEC sp_SidMap @old_domain = 'AIB',
    @new_domain = 'AD',
    @old_server = old_server_name,
    @new_server = new_server_name

     

    4) check the SID for the AIB\<account name> and AD/<Account Name> and compare with the user in the database.
    5) expected result is that SID of the database user should be equal to AD/<Account Name>. But it didn’t happen.
    6) renamed the database user to AD/<Account Name> and then ran the sp_SidMap stored procedure.
    7) This time the SID was changed as expected.
    8) renamed the database user to the earlier name.

    For more information, please refer to: CHANGE THE DOMAIN NAME FOR SQL SERVER LOGIN.

    Additionally, changing the password of Windows login will not effect on the SQL Server.

     

     

    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Best Regards,
    Stephanie Lv


    Wednesday, June 29, 2011 1:24 AM
  • Thanks Stephanie !
    /* Server Support Specialist */
    Wednesday, June 29, 2011 4:31 AM