none
Delete Old SQL AD Security Group (noob Q)

    Pertanyaan

  • Hi

    First off, I am inexperienced with Microsoft SQL.

    Our organisation has used it as part of application installations where SQL Server Express was a requirement and which usually came packaged with the application (e.g. backup database, security software database).

    Over the years servers come and go and our Active Directory has migrated across several domain controllers. As applications have been upgraded, or been installed on new servers the old Active Directory security groups that were originally created have remained in place. I would like to remove these, but as they have not been removed during SQL uninstallation, I am unsure what effect this have.

    The groups contain names of servers that have not been used for several years. My problem is that I do not know if the existing groups may have been reprovisioned. I assume that it is safe to simply delete them using Active Directory Users and Computers.

    The old server name in the examples above is 'TITAN'. This server was retired several years ago.

    Noob question, but I'd like to make sure before removing them.

    Thanks!

    Mark

    Selasa, 15 Mei 2018 13.43

Jawaban

  • Hi Mark,

    it is difficult just to say with out examining the environment. however if I were you I would do as below.

    From SQL server side we need to look at two different places to clean up AD. (either service accounts, groups or users)

    first: check the service account/Account that is being used to run the SQl service. if this account is part of any of those existing groups that means we need those groups. 

    second: check the sql server security logins. if logins/ group logins are part of any of those groups, that means you need those groups.

    finally check the AD group properties if it is not member of any group or if it do not have any members I did not see any use of keeping in the AD.

    Keep checking the thread you will receive more input from others.

    good luck

    kumar


    Rabu, 16 Mei 2018 00.08

Semua Balasan

  • Hi Mark,

    it is difficult just to say with out examining the environment. however if I were you I would do as below.

    From SQL server side we need to look at two different places to clean up AD. (either service accounts, groups or users)

    first: check the service account/Account that is being used to run the SQl service. if this account is part of any of those existing groups that means we need those groups. 

    second: check the sql server security logins. if logins/ group logins are part of any of those groups, that means you need those groups.

    finally check the AD group properties if it is not member of any group or if it do not have any members I did not see any use of keeping in the AD.

    Keep checking the thread you will receive more input from others.

    good luck

    kumar


    Rabu, 16 Mei 2018 00.08
  • Hi, Kumar

    Thanks very much for responding. This was very helpful.

    Cheers!

    Kamis, 31 Mei 2018 14.57