question

Daniel Ross avatar image
Daniel Ross asked

replicating user and group permissions

Hi All, We have migrated all of our users to a new domain, and instead of manually recreating the users and groups from active directory, is there a way I can script the creation on the new accounts? All the users and groups in the new domain are named the same, i.e. abc\\user1 is now xyz\\user1 and xyz\\user1 will need to have all the same permissions as abc\user1. We are not in the position yet to replace the users, we just need to replicate them. We are using 2005. Thanks for your help.
sql-server-2005security
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Pavel Pawlowski avatar image
Pavel Pawlowski answered
Hi, you can take a look on my post: [Cloning user rights in database][1]. But anyway once you will clone the rights, It is a good idea to create a roles in the database and then give all the rights to roles. Then you do not need to take care about right for the users, but you simply add/remove user from particular role. What more, the optimal solution is to have AD groups, then those AD groups you put as members of appropriate database roles. Then the Security team by simply adding/removing users from particular AD group will automatically grant/revoke appropriate user rights on database. [1]: http://www.pawlowski.cz/2011/03/cloning-user-rights-database/
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Daniel Ross avatar image Daniel Ross commented ·
Hi Pavel, you have done it again, looks like it is exactly what I need.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.