locked
cannot create new login using the FQDN of the domain RRS feed

  • Question

  • hi there,

    i have installed SQL Server 2012 on Windows Server 2012 using dual mode authentication (SQL and SSPI authentication are enabled).

    when i open Management Studio and i try to create a new login on the SQL server using "windows authentication", if i specify the

    account as FQDN\accountname (i.e. mytestingdomain.com\auseraccount), it fails with error

    Create failed for Login 'mytestingdomain.com\auseraccount'.

    Windows NT user or group 'mytestingdomain.com\auseraccount' not found. Check the name again Error 15401

    However, if i try to create the login using mytestindomain\auseraccount everything works great.

    is there a SQL limitation from using FQDN of the domain name when creating new logins?

    thanks!


    m2 -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, February 19, 2015 9:55 PM

Answers

  • Hi Michael,

    According to this article, you couldn't use FQDN to create a login using Windows Authentication, and must use the pre-Windows 2000 user logon name in the format [<domainName>\<login_name>] when creating logins that are mapped from a Windows domain account. In your case, mytestindomain\auseraccount is the pre-Windows 2000 user logon name of the domain account, so it works fine. In addition, you could check the pre-Windows 2000 user logon name of a domain account in Active Directory on the Domain Controller.

    If you have any feedback on our support, please click here.

    Regards,
    Michelle Li

    Friday, February 20, 2015 5:42 AM

All replies

  • i forgot to mention the domain level is win2k12 and both mytestingdomain and mytestingdomain.com are resolvable in DNS from the SQL server

    m2 -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Thursday, February 19, 2015 10:01 PM
  • Hi Michael,

    According to this article, you couldn't use FQDN to create a login using Windows Authentication, and must use the pre-Windows 2000 user logon name in the format [<domainName>\<login_name>] when creating logins that are mapped from a Windows domain account. In your case, mytestindomain\auseraccount is the pre-Windows 2000 user logon name of the domain account, so it works fine. In addition, you could check the pre-Windows 2000 user logon name of a domain account in Active Directory on the Domain Controller.

    If you have any feedback on our support, please click here.

    Regards,
    Michelle Li

    Friday, February 20, 2015 5:42 AM
  • perfect, this is the answer i was looking for.

    thank you so much!


    m2 -- This posting is provided "AS IS" with no warranties, and confers no rights.

    Friday, February 20, 2015 3:48 PM