I would like to know if it is possible to change a SQL Server authentication account to Windows Authentication?
Why would I want to do this you are asking yourself right now, well I don't want to give out a SQL Server Auth username and password to multiple users to connect to the database, currently the company do things this way, and we don't really have another choice. When we deploy a new database script we don't always have the Windows Auth account before it gets released and we don't want to go an update our deployment script.
I am trying to do this using
ALTER USER Test
WITH NAME = [mydomianname\username]`
I've tried it but no luck.
I keep getting this error:
Msg 15151, Level 16, State 1, Line 1
Cannot alter the user 'Test', because it does not exist or you do not have permission.
Thank you in advance!
I think you should be altering user with login not name, because with name you just rename the user:
ALTER USER Test WITH LOGIN = [mydomianname\username]
But it is impossible because of:
Cannot remap a user of one type to a login of a different type. For
example, a SQL user must be mapped to a SQL login; it cannot be
remapped to a Windows login.
Related
BACKGROUND
The user is defined in Azure AD and in Azure SQL.
test.user#company.com is defined and active in Azure AD. I’m able to log in with this user in Azure portal.
I have created a contained database user with the clause "from external provider" in the Azure SQL database and added the user to the db_datareader system role. The commands commits without error. I have compared the Asset ID in Azure AD and the SID in database and they match. I have tried with different users.
I am able to login as an AD User assigned to the SQL servers assigned "Active Directory Admin"
SQL Server users also login without any issue
Login test in SSMS
I have set default database to the specific database I’m trying to log into (Options-Connect to database).
I have tried with different Authentication modes:
“Azure Active Directory – Universal with MFA” and
“Azure Active Directory – Password”
When I try to login with SSMS I get
Error: 18456, state 1, class 14.
When I query [sys].[event_log] it returns
[event_systype]= 4, [event_subtype_desc] = login_failed_for_user.
PROCESS FOLLOWED
I have a user defined in Azure AD. (test.user#company.com)
In my Azure SQL database, I have set an Active Directory administrator.
I have created a user in SSMS test.user#company.com with the following syntax:
CREATE USER [test.user#company.com] FROM EXTERNAL PROVIDER;
I have assigned the user to the db_datareader role with the following syntax:
ALTER ROLE db_datareader ADD MEMBER [test.user#company.com]
ISSUE: When I try to connect as test.user#company.com, the connection fails and I get this error:
Login Failed for user test.user#company.com
Details of error contains:
Error Number: 18456, State: 1, Class: 14
I have tried to find an answer on learn.microsoft.com, googled my ass off and found some useful resources on this, but none that actually helps me with pinpointing what to do to resolve the issue. If anybody have an Idea of what I'm doing wrong, ref "PROCESS FOLLOWED" I'd be forever grateful :)
I solved it by a workaround, setting up a new database.
I did not find the cause of the problem, but it must be related to database setup "DTU"-"Basic" or some setting that I have managed to set without remembering.
Anyways, my process works when I set up a new database with "DTU"-"Standard" Configuration.
It seems to be some kind of encoding problem. After almost giving up and using a different DB, I tried creating a new one, but without some special characters. And suddenly, it worked.
If you can't change your database's password, you can just edit the connection string in another editor and it works as well (Notepad, VS code, etc).
I am currently setting up some users for my Azure SQL DWH. I have created a Login at server level and a User at my database. However, I am getting a login failed message if I try to use my database user. If I use the Login I have created it works just fine. This Login also only has access to the views I have granted it access to. Am I missing something really obvious or is there something different about logins and roles in SQL DWH?
CREATE LOGIN Login WITH PASSWORD = 'Password';
CREATE USER User FROM LOGIN Login;
You cannot use “user” as the name of the new database login because is a reserved word. Additionally add the login to the datareader role and try again.
EXEC sp_addrolemember 'db_datareader', 'newdatabaseuser';
Try to login to the SQL Data Warehouse server without specifying the database. If you are able to connect then with above statement you may solve the issue.
If you are trying to get connected from an application please make sure you are using appropriate drivers. Learn more about it here.
Hope this helps.
I have a similar problem to WCF/Entity Framework with External SQL Server DB Does Not Work when Deployed to IIS except that this is on Windows 8 and the database server is not remote. It is on the same machine and there is NO DOMAIN. The first part of the script works but there is no user IIS APPPOOL\ASP.NET 4.0 account. There is app pools like .NET 4.5 on Windows 8 and it seems to like that but this still doesn't work. I know it is some kind of permissions issue. Can anyone help with a script or answer so this will work? I have to be able to create WCF services with EF. Thanks.
I tried a modified script from the first topic:
USE [master]
GO
CREATE LOGIN [sgentile-hp\sgentile] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
USE [AdventureWorks2012]
GO
CREATE USER [sgentile-hp\sgentile] FOR LOGIN [sgentile-hp\sgentile]
GO
USE [AdventureWorks2012]
GO
EXEC sp_addrolemember N'db_datareader', N'sgentile-hp\sgentile'
GO
USE [AdventureWorks2012]
GO
EXEC sp_addrolemember N'db_datawriter', N'sgentile-hp\sgentile'
GO
That produced:
Msg 15025, Level 16, State 2, Line 1
The server principal 'sgentile-hp\sgentile' already exists.
Msg 15063, Level 16, State 1, Line 1
The login already has an account under a different user name.
Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 35
User or role 'sgentile-hp\sgentile' does not exist in this database.
Msg 15410, Level 11, State 1, Procedure sp_addrolemember, Line 35
User or role 'sgentile-hp\sgentile' does not exist in this database.
I also tried creating a SQL authenticated user and using its name and password in the connection string but still doesn't work. There has to be a way of running the App Pool with the user.
I fixed it by adding a SQL Authenticated User and putting that name and password in the web.config. The Error Log was showing me "Login failed for user 'Indigo'. Reason: The password of the account must be changed." As soon as I changed it, it worked!
I would proceed with small steps.
First of all, you should find the login [sgentile-hp\sgentile] under the server logins (just to be clear, in Management Studio go under Security/Logins and you should find your user here).
If you find it, the "create login" statement worked well.
Then go under your AdventureWorks2012 database in Management Studio Object Explorer, and go under Security/Users, where you should find the database user [sgentile-hp\sgentile]; delete it and run the statement:
USE [AdventureWorks2012]
GO
CREATE USER [sgentile-hp\sgentile] FOR LOGIN [sgentile-hp\sgentile]
GO
again. This should correctly map the server login with the corresponding user in the database. You can then assign to this user the db_datareader and db_datawriter database roles.
On the IIS side, make the windows user [sgentile-hp\sgentile] member of IIS_IUSRS local group, and then configure your IIS app pool in order to start on the context of this user; specify
Integrated Security=SSPI
in your service's connection string: now the WCF service that runs under this app pool, should be able to correctly connect to your database.
Hope This Helps
I have downloaded database and attached it to my local sql server, however I can't seem to change the password of one the existing user's on the db.
Using the following command:
ALTER LOGIN [NotificationsUser] WITH PASSWORD = 'password';
I get the error:
Msg 15151, Level 16, State 1, Line 1
Cannot alter the login
'NotificationsUser', because it does
not exist or you do not have
permission.
Is this possible?, what access permissions do I need to change user permissions anyway ?
If you've attached this database to your local SQL server then you'll need to do a couple of things:
If you haven't already done so, create user logins on your SQL server to match the ones that exist in the attached database. It's simpler to do this before attaching the database. But it can be done after the DB has been attached.
Because the SID's of the users in the newly attached database won't be the same as the newly created logins you'll need to resolve this using the sp_change_users_login stored procedure. The database user's are in effect orphaned.
For example if you have:
SQL Login: bob Attached database user: bob
Open a new query in SQL Management Studio for the attached database then run:
sp_change_users_login #action='report'
If you have "orphaned" users in your database then you'll see a result set that looks like:
UserName UserSID
bob 0x57F6DFA5D5D7374A97769856E7CB5610
To reconnect this user to a SQL login execute:
sp_change_users_login #action='update_one',
#loginname='bob',
#usernamepattern='bob'
I think you're confusing a database user with a server login.
Your database may have a user in it called NotificationUser but this needs to be associated with a server login, which is the object you're trying to alter with the script. A database restore from a different server won't have created this server login so there's a good chance it doesn't exist on your server. More info here
Greetings all, I've run into a problem that has me stumped.
I've put together a database in SQL Server Express, and I'm having a strange permissions problem.
The database is on my development machine with a domain user: DOMAIN\albertp.
My development database server is set for "SQL Server and Windows Authentication" mode.
I can edit and query my database without any problems when I log in using Windows Authentication.
However, when I log in to any user that uses SQL Server authentication (Including sa) I get this message when I run queries against my database.
SELECT * FROM [Testing].[dbo].[AuditingReport]
I get:
Msg 18456, Level 14, State 1, Line 1
Login failed for user 'auditor'.
I'm logged into the server from SQL Server Management Studio as 'auditor' and I don't see anything in the error log about the login failure.
I've already run:
Use Testing;
Grant All to auditor;
Go
And I still get the same error. What permissions do I have to set for the database to be usable by others outside of my personal domain login?
Or am I looking at the wrong problem?
My ultimate goal is to have the database be accessible from a set of PHP pages, using a either a common login (hence 'auditor') or a login specific to a set of individual users.
GRANT ALL is not performing the action you believe it to be.
I suggest for testing purposes that you consider using Database Roles in order to manage the privileges of your User.
Here is a list of the available Database-Level Roles
You can add an existing User to a Database Level role by using the system stored procedure sp_AddRoleMember. For example, the following will provide READ permission to your User for all objects within the given database.:
EXEC sp_addrolemember 'db_datareader','auditor'
Ideally, you will likely want to consider defining your own Database Roles in order to manage privileges for your Database Users.