如何在 SQL 服务器中添加 Active Directory 用户组作为登录名
[英]How to add Active Directory user group as login in SQL Server
问题描述
I have a .NET application which is connecting to the SQL Server using Windows authentication.
我有一个 .NET 应用程序,它使用 Windows 身份验证连接到 SQL 服务器。
We cannot use SQL Server authentication in the application.我们不能在应用程序中使用 SQL 服务器身份验证。 We have lot of Active Directory users there for our project.我们的项目有很多 Active Directory 用户。 So we have to create separate login account for each Active Directory users in SQL Server rather than creating separate login account for each AD users, is there any way to use the active directory user group in SQL Server?所以我们必须为 SQL 服务器中的每个 Active Directory 用户创建单独的登录帐户,而不是为每个 AD 用户创建单独的登录帐户,有没有办法在 SQL 服务器中使用 Active Directory 用户组?
3 个解决方案
解决方案1
169 已采纳 2011-02-17 12:51:46
In SQL Server Management Studio, go to Object Explorer > (your server) > Security > Logins and right-click New Login :在 SQL Server Management Studio 中,转到Object Explorer > (your server) > Security > Logins并右键单击New Login :
Then in the dialog box that pops up, pick the types of objects you want to see ( Groups is disabled by default - check it!) and pick the location where you want to look for your objects (eg use Entire Directory ) and then find your AD group.然后在弹出的对话框中,选择要查看的对象类型(默认情况下禁用Groups - 检查它!)并选择要查找对象的位置(例如使用Entire Directory ),然后找到您的 AD 组。
You now have a regular SQL Server Login - just like when you create one for a single AD user.您现在拥有一个常规的 SQL Server 登录名 - 就像您为单个 AD 用户创建一个登录名一样。 Give that new login the permissions on the databases it needs, and off you go!授予新登录所需的数据库权限,然后就可以了!
Any member of that AD group can now login to SQL Server and use your database.该 AD 组的任何成员现在都可以登录 SQL Server 并使用您的数据库。
解决方案2
22 2013-11-24 13:18:25
You can use T-SQL:您可以使用 T-SQL:
use master
GO
CREATE LOGIN [NT AUTHORITY\LOCALSERVICE] FROM WINDOWS WITH
DEFAULT_DATABASE=yourDbName
GO
CREATE LOGIN [NT AUTHORITY\NETWORKSERVICE] FROM WINDOWS WITH
DEFAULT_DATABASE=yourDbName
I use this as a part of restore from production server to testing machine:我使用它作为从生产服务器到测试机器的恢复的一部分:
USE master
GO
ALTER DATABASE yourDbName SET OFFLINE WITH ROLLBACK IMMEDIATE
RESTORE DATABASE yourDbName FROM DISK = 'd:\DropBox\backup\myDB.bak'
ALTER DATABASE yourDbName SET ONLINE
GO
CREATE LOGIN [NT AUTHORITY\LOCALSERVICE] FROM WINDOWS WITH
DEFAULT_DATABASE=yourDbName
GO
CREATE LOGIN [NT AUTHORITY\NETWORKSERVICE] FROM WINDOWS WITH
DEFAULT_DATABASE=yourDbName
GO
You will need to use localized name of services in case of German or French Windows, see How to create a SQL Server login for a service account on a non-English Windows?在德语或法语 Windows 的情况下,您将需要使用本地化的服务名称,请参阅如何在非英语 Windows 上为服务帐户创建 SQL Server 登录名?
解决方案3
1 2020-05-12 22:11:08
Here is my observation.这是我的观察。 I created a login (readonly) for a group windows(AD) user account but, its acting defiantly in different SQL servers.我为组 windows(AD) 用户帐户创建了一个登录名(只读),但是,它在不同的 SQL 服务器中表现得很顽固。 In the SQl servers that users can not see the databases I added view definition checked and also gave database execute permeation to the master database for avoiding error 229. I do not have this issue if I create a login for a user.在用户看不到数据库的 SQl 服务器中,我添加了视图定义检查并将数据库执行渗透到主数据库以避免错误 229。如果我为用户创建登录,则不会出现此问题。
解决方案4
0
Go to the SQL Server Management Studio, navigate to Security, go to Logins and right click it.转到 SQL Server Management Studio,导航到安全性,转到登录并右键单击它。 A Menu will come up with a button saying "New Login".菜单会出现一个按钮,上面写着“新登录”。 There you will be able to add users and/or groups from Active Directory to your SQL Server "permissions".在那里,您将能够将 Active Directory 中的用户和/或组添加到您的 SQL Server“权限”。 Hope this helps希望这可以帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.