堆栈内存溢出
  简体   繁体   English

如何检查SQL Server SID与Active Directory SID

[英]How to check SQL Server SID vs Active Directory SID

 原文  2012-06-06 22:47:41       sql-server/ sql-server-2000

问题描述

I am having an issue logging into a SQL Server 2000 Database via Windows Authentication, where access has been granted at the database level via an Active Directory group, to which the user in question is a member of. 我通过Windows身份验证登录到SQL Server 2000数据库时遇到问题,该用户已通过活动目录组在数据库级别授予访问权限,该用户是该用户所属的组。

I can check the user's AD group membership via: whoami /groups and see: 我可以通过以下方式检查用户的广告组成员身份:whoami / groups并查看: 

somedomain\SalesDB-RO                   Group            S-1-5-21-2172273820-3134075794-738947201-31792  Mandatory group, Enabled by default, Enabled group             
somedomain\SalesDB-RO                   Group            S-1-5-21-923798017-1667202166-518595180-7612    Mandatory group, Enabled by default, Enabled group

Due (somehow) to the nature of Active Directory SID History, there are two entries. 由于Active Directory SID历史记录的性质(某种程度上),这里有两个条目。

Now, I can look in the database (using SSMS, using another account) and see that 'SalesDB-RO' does in fact have db_datareader permissions in the database, yet the user still cannot login. 现在,我可以查看数据库(使用SSMS,使用另一个帐户),并发现'SalesDB-RO'实际上在数据库中具有db_datareader权限,但是用户仍然无法登录。 I'm wondering if perhaps the 'SalesDB-RO' group is textually the same, but perhaps has a different SID within the SQL Server database. 我想知道'SalesDB-RO'组在文本上是否相同,但是在SQL Server数据库中是否具有不同的SID。

How would I view the SID assigned to the 'SalesDB-RO' group within the SQL Server? 如何查看在SQL Server中分配给“ SalesDB-RO”组的SID? (I do not personally have SysAdmin privileges, but could get someone that does to execute any necessary commands). (我个人没有SysAdmin特权,但是可以让某人执行任何必要的命令)。

Secondary question: 次要问题:
On another SQL Server (2008) instance where I do have sysadmin rights, I see SID's are of the form: 在另一个我具有sysadmin权限的SQL Server(2008)实例上,我看到SID的形式为: 

0x0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567

....whereas from AD they are in the form: .... AD的格式如下: 

S-1-5-21-2172273820-3134075794-738947201-31792

Is there a way to get comparable versions of the SID's? 有没有办法获得SID的可比版本?

UPDATE 更新

As it turns out the issue was the user was a member of an Active Directory Group that was DENIED read permissions on the database. 事实证明,问题在于用户是Active Directory组的成员,该组已被拒绝对数据库的读取权限。

1 个解决方案

解决方案1
 0 已采纳  2012-06-21 17:26:58

As it turns out, in my case the issue was the user was a member of an Active Directory Group that was DENIED read permissions on the database. 事实证明,就我而言,问题是用户是Active Directory组的成员,该组已被拒绝对数据库的读取权限。

Better (more relevant to the question) info here (credit @Kodak): 更好(与问题更相关)的信息在这里(信用@Kodak):

How can I obtain an Active Directory Group name from a SQL Server stored SID? 如何从SQL Server存储的SID获取Active Directory组名称?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何从SQL Server存储的SID获取Active Directory组名? - How can I obtain an Active Directory Group name from a SQL Server stored SID? 更新 SQL 服务器中的 SID - Update SID in SQL Server 在SQL Server 2014中创建具有特定SID的用户 - Create user with specific SID in SQL Server 2014 SQL Server Windows登录-相同名称的不同用户(SID) - SQL Server Windows Login - Same Name Different User (SID) 如何计算新登录的 SID? - How to calculate the SID for new logins? 更改 SQL Azure 数据库中 USER DBO 的 SID - Change SID of USER DBO in SQL Azure Database Azure SQL 的 SUSER_SID 支持 - SUSER_SID support for Azure SQL SQL Server GUID(来自Active Directory)与Int - SQL Server GUID (from Active Directory) vs Int 活动目录登录和自定义SQL Server中的检查角色 - Active directory login and check role in custom SQL Server Active Directory链接到SQL Server - Active Directory Linked to SQL Server
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM