SQL permissions after AD migration
-
Monday, January 14, 2013 3:09 PM
We're conducting an interforest AD migration for a client using the option to carry over the SIDHistory attribute. After migrating users, we can verify that the SIDHistory attribute is defined and works via accessing file shares with a user account in the new domain to a file share in the old domain.
The only outstanding issue is with SQL permissions. Our client's developers on the new domain cannot access any SQL resources from the old domain and receive the following message when logging in to SQL Server Management Studio:
"Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. Microsoft SQL Server, Error: 18452"
What process do we need to invoke in order for SQL to recognize logins from the new domain?
We configured an external two-way trust. Both domains have the same suffix name. Old domain/forest is ads.company.com. New domain/forest is corp.company.com.
MCITP Windows 7 MCTS Windows Server 2008
- Changed Type K_evin ZhuMicrosoft Contingent Staff, Moderator Friday, January 25, 2013 6:10 AM
All Replies
-
Monday, January 14, 2013 6:46 PM Issue resolved. Users from new domain were attempting to log in to a SQL server that is on an untrusted domain.
MCITP Windows 7 MCTS Windows Server 2008
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Friday, January 25, 2013 6:10 AM
.png)
