question

Fatherjack avatar image
Fatherjack asked

Validating server principals with Active Directory

This is a question about methods as much as about "How To ...", I'm interested in how other SQL Server admins tally their Server Principals that are type G or U against Active Directory. Do you have processes that enforce a server principal deletion when an AD account is disabled/deleted? How do you verify/audit this process? Do you keep a server principal if you identify it has no related database principal? Any thoughts, ideas, experience will be interesting to hear.
securitybest-practicedatabase-principalsserver-principals
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Blackhawk-17 avatar image Blackhawk-17 commented ·
+1 - good question.
0 Likes 0 ·

1 Answer

·
WilliamD avatar image
WilliamD answered
I noted (and voted) this question back when you originally posted and waited to see what others had to say..... not much by the looks of it. I must admit to being a little lax on this. We have principals that are deactivated in AD but still exist on SQL Server. Some sort of automated clean-up is an entry on the to-do list, but has a very low priority. Do you have anything implemented since your original question?
1 comment
10 |1200

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Fatherjack avatar image Fatherjack ♦♦ commented ·
Sadly nothing that is in any way automated enough. Its a back-burner project that I'd like to work on more often
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.