October 26, 2006 at 6:11 am
I've run into a problem attempting to change my service account on the clustered servers from an administrative account to a non-privileged account under SQL Server 2005 Enterprise Edition. When I change the login properties in Configuration Manager I get the following error:
"The user already belongs to this group"
I'm then prevented from making any changes to the service account. I don't know what I'm supposed to do at this point to resolve the problem, so any assistance will be greatly appreciated.
October 26, 2006 at 12:32 pm
OK, with help from my friendly network administrator I was able to solve the problem. When I'd first upgraded the servers I'd specified the non-admin account as the execution account for SQL Server, but I hadn't given that account sufficient file system rights, and the server failed. I solved the problem by starting the server under the account that had local admin rights. I then figured out what rights were required (full control in the SQL data file folders, not just read/write) and granted those rights. This is where I started getting the error identified in this thread.
During the SQL cluster install you're required to provide domain groups for the cluster services for SQL Server, Agent and the Fulltext services. The error was caused because the non-admin account was already in these domain groups. (You'd think that the Configuration Manager program would check to see if the user was in the group and move on if so, but this is not the case.) By deleting the non-admin account from these groups I was able to change the service account for the SQL Server services to the non-admin account.
January 24, 2014 at 1:43 pm
Hi AllenMWhite,
I realize this was an ancient post, but I also noticed that the last login date associated with your profile here on SQLServerCentral is fairly recent, so I am hoping you will see this and be able to respond.
I am having the same problem you described. I need to change the service account used by a clustered SQL Server 2005 instance, and when I attempted it I got the same "User already belongs to this group" error, after which Configuration Manager simply stopped -- it did not update the service to use the new account, and gave no indication of the domain group to which the new account purportedly already belonged. I removed the new account from as many AD groups as I could find it in, but that didn't resolve the issue.
Do you recall how you determined which group(s) caused the issue? Is there documentation on those groups anywhere besides here: ? Is there any kind of AD trace tool (analogous to SQL Profiler, perhaps) that would show which group memberships Configuration Manager is attempting to modify the hood?
Any assistance will be much appreciated; this is blocking a number of dependent projects....
Thanks!
January 27, 2014 at 6:06 am
bpc0n335 (1/24/2014)
Hi AllenMWhite,I realize this was an ancient post, but I also noticed that the last login date associated with your profile here on SQLServerCentral is fairly recent, so I am hoping you will see this and be able to respond.
I am having the same problem you described. I need to change the service account used by a clustered SQL Server 2005 instance, and when I attempted it I got the same "User already belongs to this group" error, after which Configuration Manager simply stopped -- it did not update the service to use the new account, and gave no indication of the domain group to which the new account purportedly already belonged. I removed the new account from as many AD groups as I could find it in, but that didn't resolve the issue.
Do you recall how you determined which group(s) caused the issue? Is there documentation on those groups anywhere besides here: ? Is there any kind of AD trace tool (analogous to SQL Profiler, perhaps) that would show which group memberships Configuration Manager is attempting to modify the hood?
Any assistance will be much appreciated; this is blocking a number of dependent projects....
Thanks!
Go into the registry on the cluster node and view the following keys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instanceid\Setup
AGTGroup =
FTSGroup =
SQLGroup =
Obtain the Windows SID(s) and have your domain admin look it up for the group name(s). Also the logins view in SSMS will show any AD groups, the one that has sysadmin will be the likely group that has been used. This will narrow things down for you
select name, sid, create_date, modify_date
from sys.server_principals
where type = 'G' and
is_srvrolemember('sysadmin', name) = 1
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply