Hi everyone. I know the topic has been covered, but I couldnt find solution to my problem. The client used to grant permissions to database through single AD accounts and everything worked just fine. But the logical solution when there is a lot of users is to use groups. Client defined groups in Active Directory. Groups exist and members are assigned. The group has been added as SQL Server login(we can find the group in AD from SSMS, and add it as a login), which should grant group members access to server(we are talking about server access level, not database access). But it doesnt work. Accounts from group have no access. At the login properties in Securables -> Effective tab there is an error message: *Cannot execute as the server principal because the principal does not exist, this type of principal cannot be impresonated or you do not have the permission.* Such error does not appear for single accounts that has access to database. I'm running out of ideas here - what am I missing?
Check and see if the AD group has been added to a server group. It is possible to grant access to the SQL server without giving them access to the physical server itself. If you want to give the group access to the physical server, then they need to either be added to an existing server group.