April 24, 2008 at 12:15 pm
Orphaned Users are old hat and a million ways exist to find and fix/eliminate them.
However, what about Orphaned Logins? By this I mean, a SQL AD/Windows Login where the AD/Windows Login was subsequently deleted, but the SQL Login remains. In our case, whenever someone leaves the company, their AD account is deleted as a matter of protocol. However, their SQL Logins remain. They are unusable, clearly, but the remain and clutter the database. I have yet to find a good way to automatically identify these orphaned logins.
Has anyone else found a way?
Thanks in advance!
April 24, 2008 at 7:16 pm
There isn't without some sort of reconciliation process. This is one reason Windows groups are preferred. AD will handle the group membership cleanup when the domain user is deleted, meaning you don't have to worry about it inside SQL Server (or SQL Server Reporting Services, or MOSS, etc.)
K. Brian Kelley
@kbriankelley
April 24, 2008 at 7:33 pm
Thanks for your reply. I agree that groups are preferable. Unfortunately our primary application precludes their use for a variety of reasons. I figure I could write something that uses ASDI calls or some such to check for the existence of a login, but I was hoping there might be some undocumented system stored procedure or function that would make it easier.
April 24, 2008 at 8:50 pm
I don't think there's a procedure, but why is a group a problem with your application? The application has no idea if it's a Windows login or group that maps to a user.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply