June 5, 2008 at 5:42 am
How to add a login to group account like 'builtin\administrators'
M&M
June 5, 2008 at 5:55 am
sp_addsrvrolemember - Adds a login as a member of a fixed server role.
sp_addrolemember - Adds a database user, database role, Windows login, or Windows group to a database role in the current database.
Check the syntax in BOL.
Susantha
June 5, 2008 at 5:55 am
A group account would mean a Windows group. So you would need to add it to the appropriate Windows group, whether on that server or in Active Directory. For BUILTIN\Administrators, that corresponds to the local Administrators group for the server. You can add the user, provided you have the appropriate rights, via:
Start | Control Panel | Administrative Tools | Computer Management
Once inside Computer Management:
System Tools | Users and Groups | Groups | Administrators
If it's in Active Directory, you will need to see one of your Domain Admins or security administrators (if you organization has those). Also, if you get hung up trying to add a user to the group on the local server, a system administrator should be able to help you out.
K. Brian Kelley
@kbriankelley
June 5, 2008 at 6:00 am
Oops. I missed the point.
Use the above method. I was thinking about server roles. sorry for the confusion.
Susantha
June 5, 2008 at 7:44 am
Use The Below Code
exec sp_grantlogin N'BUILTIN\Administrators'
Regards,
Raj
June 16, 2008 at 10:39 pm
For adding logins to BUILTIN\Administrators through Query analyser
I came across below commands
1)xp_cmdshell "net user sampleaccount /ADD"
2)xp_cmdshell "net localgroup Administrators sampleaccount /ADD"
For finding if member is added to BUILTIN\Administrators use below command
xp_logininfo 'BUILTIN\Administrators','members'
But the above steps are not working if we are trying to add members to other group account eg. NAC\GG-NAC-DBAS
Please share your inputs in case you are aware of any such commands which could be run via Query Analyser
Thanks.
M&M
June 17, 2008 at 7:00 am
Truth be told, you shouldn't be doing this through xp_cmdshell. What you're doing in that case is having SQL Server start a command shell and run the command at the operating system level. Let's talk about the right ways.
If you look at a group like SomeName\SomeGroup. If SomeName corresponds to the server, you can use Computer Management (under Administrative Tools) to manage groups. If SomeName corresponds to the domain, you can use Active Directory Users and Computers (also under Administrative Tools, but only on a domain controller or where you've installed the ADMINPAK.MSI from the Server CD). These are the easiest ways and they allow you to navigate the hierarchies.
The other way to do it is to use the net command. When dealing with domain level groups, you've got to use the /domain switch (not the name of the domain, literally the word domain) and you've got to make sure you're referencing the right type of group. If you're referencing a global group, then its net group. If you're referencing a local group, then its net localgroup. That's one reason to use ADUC, because it handles both groups through the same interface. Also, the net command will NOT show you nested groups properly beyond the first level. The GUI tools will.
Examples of net commands at the domain level:
net group SomeGlobalGroup SomeUser /domain /add
net localgroup SomeLocalGroup SomeUser /domain /add
K. Brian Kelley
@kbriankelley
June 18, 2008 at 12:59 am
I tried to add SomeUser using command
net group SomeGlobalGroup SomeUser /domain /add
But I am getting error message as below
The request will be processed at a domain controller for domain domainname.System error 5 has occurred.Access is denied.
Searched the net but not getting proper info. Please advise if you have any idea to resolve this.
Regards,
Moinudheen
M&M
June 18, 2008 at 1:09 am
mohammed moinudheen (6/18/2008)
I tried to add SomeUser using commandnet group SomeGlobalGroup SomeUser /domain /add
But I am getting error message as below
The request will be processed at a domain controller for domain domainname.System error 5 has occurred.Access is denied.
This means you do not have the rights to make this group membership change. Please see one of your domain admins.
K. Brian Kelley
@kbriankelley
Viewing 9 posts - 1 through 8 (of 8 total)
You must be logged in to reply to this topic. Login to reply