如何查询与SQL Server用户关联的Active Directory帐户?
[英]How can I query an which Active Directory account is associated with a SQL Server user?
问题描述
I have have two SQL Server's that I primarily use (a 2005 instance and a 2000.) My permission structure works as such-- 
我主要使用两个SQL Server(一个2005实例和一个2000。)我的权限结构是这样的:
First I create an Active Directory Group and then I add all necessary user's to it. 首先,我创建一个Active Directory组,然后将所有必需的用户添加到该目录中。 Then, I go to SQL-MS and I add a user by select the Windows Authentication option, and then selecting the AD Group which I just created. 然后,转到SQL-MS,然后通过选择Windows身份验证选项,然后选择刚创建的AD组来添加用户。 Impertinent to this post but I then associate the new login account with all of the necessary data tables, views and SPs. 无关紧要的帖子,但我随后将新的登录帐户与所有必要的数据表,视图和SP关联。
After selecting the group, I have always left the Login name field as the name of the AD Group for reference. 选择组后,我始终将“ 登录名”字段保留为AD组的名称以供参考。
Recently I have had an AD Group renamed. 最近,我将AD组重命名。 The database has continued to work and, some how, SQL Server knows which AD Group to associate the SQL login. 数据库已继续工作,并且在某种程度上,SQL Server知道了与SQL登录关联的AD组。 My problem is that the login name hasn't updated in SQL Server so I have no clue which AD Group is associated with the SQL Server Login account! 我的问题是SQL Server中的登录名尚未更新,因此我不知道哪个AD组与SQL Server登录帐户相关联!
Is there a query which I can run, or is there a setting buried some where that could help me discover which AD Group is associated with this account? 是否有我可以运行的查询,或者是否有设置隐藏在某些地方可以帮助我发现哪个AD组与此帐户相关联?
-- EDIT -- - 编辑 -
Thank's responders for your answers. 感谢您的回答。 You've answered this question, however, it's propgated another question posted here . 你已经回答了这个问题,但是,它的propgated另一个问题贴在这里 。
2 个解决方案
解决方案1
2 2011-07-26 13:48:36
The mapping between the AD group and the SQL Server login is being done using the group's SID . AD组和SQL Server登录名之间的映射是使用该组的SID完成的 。 You can see the list of logins with their SIDs using sys.server_principals . 您可以使用sys.server_principals查看带有其SID的登录列表。 If you want to change the name of the existing login, you can use ALTER LOGIN . 如果要更改现有登录名,则可以使用ALTER LOGIN 。
解决方案2
1 已采纳 2011-07-26 13:57:42
You can check that Windows groups you have defined on your system as login; 您可以检查已在系统上定义为登录名的Windows组。
SELECT *
FROM sys.server_principals
WHERE type_desc = 'WINDOWS_GROUP'
This works on SQL Server 2005 and newer only. 这仅适用于SQL Server 2005及更高版本。
But you won't get the actual AD group name - only the "SID" for that group .... 但是您将无法获得实际的广告组名称-只有该组的“ SID”...。
The whole security system was very different on SQL Server 2000 - I don't think there's a 1:1 equivalent query for that old dinosaur :-) The best I can think of would be: 整个安全系统在SQL Server 2000上是非常不同的-我不认为该旧恐龙会有1:1等效查询:-)我能想到的最好的办法是:
SELECT *
FROM master.dbo.sysxlogins
WHERE password IS NULL
AND name IS NOT null
But unfortunately, there's no way I would be aware of to separate between Windows users and Windows security groups here.... 但是不幸的是,我没有办法在这里区分Windows 用户和Windows安全组 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.