Where are SQL Server user name and password stored?
In the DB called "master", you can view them with:
SELECT * FROM master.sys.syslogins
However passwords are encrypted.
As per Richard's comment: please note that syslogins is no longer a physical table (in SQL server 2005 and 2008) but only a view provided for backwards compatibility.
Related
We are attempting to join a newly configured AD FS node into the existing farm. We have tested and confirmed firewall > user access is working fine. When trying to join via the wizard we specify the existing farm server, certificate (has been imported and shows in dropdown list) and service account successfully. It fails with an error:
Multiple valid AD FS configuration databases found in remote SQL Server instance with connection string 'Data Source=REDACTED;Initial Catalog=ADFSConfigurationV3;Integrated Security=True;Min Pool Size=20'. Provide a specific database version when joining the machine.
We attempt to use the script that the wizard creates via an admin powershell and are presented with the same message. I have looked at the SQLConnectionString parameters and cannot see any that would look to specify versions from https://learn.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlconnection.connectionstring?view=netframework-4.8#remarks
On the SQL server side, there is indeed an older database named AdfsConfiguration which has not been edited since 2020-09-06 by checking tables > IdentityServerPolicy.FarmNodes > right click > select top 1000 rows and viewing the Heartbeat property value. On the newer AdfsConfigurationV3 database under the same table and object I see modified 2022-03-30 (today).
How would I go about finding the multiple configuration databases and specifying exactly which to use? Is it safe to detach the AdfsConfiguration database or is this still used/in use by ADFS even with the later 2016 V3 present in a separate database?
• As you have stated that the ADFS server to be added in the farm is running on Windows Server 2016, the FBL (Farm Behaviour Level) version is 3 and the corresponding ADFS Configuration Database Name will be ‘AdfsConfigurationV3’. Thus, the actual databases to be searched for while specifying the configuration database should be ‘AdfsConfigurationV3’.
• If the OS version of the ADFS node server is ‘Windows Server 2012 R2’, then the FBL will be ‘1’ and the ADFS Configuration Database name will be ‘AdfsConfiguration’ while the OS version, if it is ‘Windows Server 2019’, then the FBL will be ‘4’ and ADFS Configuration Database name will be ‘AdfsConfigurationV4’. Also, you should check for the ‘AdfsConfigurationV3.mdf’, ‘AdfsConfigurationV3_log.ldf’, ‘AdfsArtifactStore.mdf’ and ‘AdfsArtifactStore.ldf’ database files in the other ADFS Farm connected servers and accordingly try to form the connection string and connect to the right database.
• It is safe to detach the ADFS database through the SQL query from the original ADFS Server by using the queries below and then copying them and pasting them at a location where SQL databases are stored on the destination ADFS Server.
USE [master]
GO
EXEC master.dbo.sp_detach_db #dbname = N'AdfsArtifactStore'
GO
EXEC master.dbo.sp_detach_db #dbname = N'AdfsConfigurationV3'
GO
Once the ADFS databases are detached using the above query and pasted on the destination ADFS Server, execute the below SQL query to attach the copied databases to the ADFS Server and make it operational.
GO
CREATE DATABASE [AdfsConfigurationV3] ON
( FILENAME = N'C:\Program Files\Microsoft SQL
Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsConfigurationV3.mdf' ),
( FILENAME = N'C:\Program Files\Microsoft SQL
Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsConfigurationV3_log.ldf' )
FOR ATTACH
GO
USE [master]
GO
CREATE DATABASE [AdfsArtifactStore] ON
( FILENAME = N'C:\Program Files\Microsoft SQL
Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsArtifactStore.mdf' ),
( FILENAME = N'C:\Program Files\Microsoft SQL
Server\MSSQL15.MSSQLSERVER\MSSQL\DATA\AdfsArtifactStore_log.ldf' )
FOR ATTACH
GO
ALTER DATABASE AdfsConfigurationV3 set enable_broker with rollback immediate
GO
Thus, in this way, you can detach and attach the latest ADFS Database to the preferred primary ADFS Server for it to be replicated and used. But for this, please ensure that you have the ‘OWNER’ permissions access to the ADFS databases in the original and the destination ADFS Servers respectively and while performing the above tasks, ensure that the ADFS Service is stopped and started only when the operation is complete. Post completion of the above tasks, ensure that the connection to the SQL Servers is possible by referring to the documentation link below: -
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/troubleshooting/ad-fs-tshoot-sql
Also, refer to the link below for detailed information on the above: -
https://purple.telstra.com.au/blog/windows-server-2012-r2-adfs-3-0-migrating-adfs-configuration-database-from-wid-to-sql
Though the above link may not be discussing the issue that you are facing, but it resolves your queries to a greater extent.
I'm setting up a new ColdFusion server for use with a SQL Server 2017 database that uses 'Always Encrypted' columns. I'm getting an error when trying to run a SELECT statement from the ColdFusion server.
I've set up and exported the Column Master Key Certificate from SQL Server. I imported it into the ColdFusion server under the ColdFusion Service (Application Server), as well as the Local Machine under Personal (same as SQL Server Management Studio instance). I installed the SQL Server JDBC connector on the ColdFusion server and set up the datasource in the ColdFusion administrator.
The JDBC URL:
jdbc:sqlserver://SQLSERVERHOST;databaseName=myDatabase;columnEncryptionSetting=Enabled;
The SQL Select Statement:
SELECT TOP 10 * FROM myTable
I expect the SELECT statement to return the decrypted results, but instead get the following error message:
Error Executing Database Query.
Certificate with thumbprint null not found in certificate store null in certificate location null. Verify the certificate path in the column master key definition in the database is correct, and the certificate has been imported correctly into the certificate location/store.
We have an Excel file from which it retrieves information from a SQL Server DB.
Here is a snippet of the code:
Provider=SQLOLEDB.1;Persist Security Info=True;User ID=mjone;Initial Catalog=pff_db;Data Source=....
My question is that for mjone, how is he able to get connected to the SQL Server DB? I am looking at the SQL Server Management Studio and do not see any mjone used.
Check these:
Check the users under `pff_db`
Check global SQL Server Users
Check if that user exists in the server (Windows)
With SQL Server 2005 and above, how can I check when a user's password is going to expire using TSQL?
Preferably this would be done using a connection for that same user. What permissions would be required for the SQL statement to be run?
In SQL Server 2008, you can use SELECT LOGINPROPERTY('sa', 'DaysUntilExpiration').
For more accurate data - and also in SQL Server 2005, where DaysUntilExpiration is not supported, a combination of SELECT LOGINPROPERTY('sa', 'PasswordLastSetTime') and the password expiry policy out of Group Policy would do it.
According to SQL Server help, this function 'Requires VIEW permission on the login'.
With SQL Server 2005 and above, how can I check when a user's password is going to expire using TSQL?
Preferably this would be done using a connection for that same user. What permissions would be required for the SQL statement to be run?
In SQL Server 2008, you can use SELECT LOGINPROPERTY('sa', 'DaysUntilExpiration').
For more accurate data - and also in SQL Server 2005, where DaysUntilExpiration is not supported, a combination of SELECT LOGINPROPERTY('sa', 'PasswordLastSetTime') and the password expiry policy out of Group Policy would do it.
According to SQL Server help, this function 'Requires VIEW permission on the login'.