I have a contained database with users authenticated in the database only (i.e. SQL user with password). What I am looking to do is the "uncontain" the database. Before I can change alter the database to containment 'NONE', I must remove all contained users. What I really want to do is create a SQL login for the user retaining the same password.
With a server login, I can use LOGINPROPERTY('myusername', 'PasswordHash') to get the password hash. For a SQL user with password (a contained user), this returns null. Where can I get the password hash for a contained user?
This article has the answer http://sqlblog.com/blogs/argenis_fernandez/archive/2014/07/28/scripting-out-contained-database-users.aspx
The article states that for contained database users, there is (currently) no method of obtaining SID or password hashes without connecting to the DAC (Dedicated Administrator Connection). Once you establish a DAC connection, the following query will give you the password hash:
SELECT password FROM sys.sysowners WHERE name = 'ContainedUser'
For information on how to connect get a DAC with SSMS, see https://technet.microsoft.com/en-us/library/ms178068(v=sql.105).aspx
Have you tried the sp_help_revlogin stored procedure?
Related
When we create the datasource in the reporting service, we need to assign the account to connect to that datasource, either windows, sql user.
If we choose sql user, we wonder that where is the password of sql user is stored. Or does it encrypt with any algorithm?
Can I refer to any official document regarding this issue?
The details are stored in the dbo.DataSource table. The Username and Password are stored in the UserName and Password columns respectively and are encrypted, as is the ConnectionString column. An end user would not be able to decrypt it, unless they obtained the decryption key used internally by SSRS.
Is there a way to view the password of non-sysadmin accounts on SQL Server 2016?
I'm a database admin. I can simply change the password for the user, but I'd love to know if there is a way I can retrieve the password without resetting it.
In SQL Server user and login passwords are never stored; they are hashed. When a user logs in by presenting a password, that password is hashed and compared to the stored hash.
The existing Windows Server 2008 R2 with SQL Server 2008 was moved to another domain. The existing dbo owner belongs to the old domain.
I need to change the dbo ownership to a new login user, not to a 'sa'. I have seen some sample codes but I am not sure the correct syntax for the new user name.
I have already tried changing the ownership using within SQL Server Management Studio, properties of the database and changing the value from the files but it did work.
For instance, I see someone suggesting:
-- in master db
CREATE LOGIN [login1] WITH PASSWORD = '{Some Password}'
CREATE USER **[login1]** FOR LOGIN **[login1]**
-- in user db
CREATE USER **[login1]** FOR LOGIN **[login1]**
ALTER ROLE [db_owner] ADD MEMBER **[login1]**
the question I have is the [login1] format.
Usually, the login is: domain\username
How do I replace the [login1] with the actual login name? What is the correct format?
Besides changing the dbo ownership, I would like to know if there is anything else that needs to be done, as standard procedures, when the server where the SQL database is installed, has changed to a different domain.
Thank you
The T-SQL statement ALTER AUTHORIZATION ON DATABASE::YourDatabase TO Login1; will change the database owner per the documentation.
The login or database name need only be enclosed when it doesn't conform to regular identifier naming rules (like Windows logins with the backslash). So for a domain user, they syntax with square brackets is:
ALTER AUTHORIZATION ON DATABASE::YourDatabase TO [YourDomain\Login1];
or alternatively double quotes:
ALTER AUTHORIZATION ON DATABASE::YourDatabase TO "YourDomain\Login1";
I suggest you avoid using a domain user as the database owner going forward. This way, you won't have the problem when the computer domain changes or if the owning domain account becomes invalid for some reason, such as the individual leaves the organization.
I have a MS Access front end with tables linked to SQL Server. I used a file DSN to link tables, and upon opening Access database the user has to enter SQL server userID and password.
Is there a way to extract that userID (not the password) from the established ODBC connection, for example to use it for display and audit purposes?
Yes, you can create a Pass-Through query in Access with just the statement...
SELECT CURRENT_USER
...then in the Property Sheet for that query click the ellipsis button beside ODBC Connect Str and select your File DSN. (When asked if you want to save the password in the connection string, say "No".)
Then save the Pass-Through query (I called mine "getCurrentSqlUser") and run it to get the name of the current user on the SQL server.
(Note: While testing this I logged in as sa and found that the query returned dbo. I think that's because I was logged in as a member of the sysadmin Server Role.)
Is it possible to retrieve (if the user has sa rights) the password of a user in SQL Server 2008 R2?
The scenario is this: I need to automatically store in a document the list of all usernames and passwords, but without changing the password, just reading the actual password.
Is this possible or not?
Yes you can for SQL logins.
You read the hashed passwords sys.sql_logins (maybe only via the DAC) and use a tool like NGS SQLCrack.
However, there is almost no requirement ever to keep these in a document.
For Windows based logins, no. The password is in AD.
And read this: "What are the arguments for and against a network policy where the sys admin knows users passwords?"