SQL Server Security
We have began to use Windows AUthentication for our SQL 2000 Server. When we llok atthe groups in AD we do not see any Domain Local groups Is there a reason for that Can I just add the group without browsing I assume DLG will work with SQL for security.
Thanks
Brent
I know this scenario (access via domain local groups) works in SQL Server 2005, but to be honest I don¡¯t remember the behavior in SQL Server 2000 and I don¡¯t have the proper SQL Server 2000 environment at hand to verify it. As SQL Server uses the regular Windows APIs to call the AD, I would guess it should work as long as the API available at the time SQL Server 2000 was created also supported DLGs.
I am not familiar with the SQL Server 2000 tools, but it may be possible that the browser is only looking only for users and builtin principals but not for groups in the AD; make sure to check the tool¡¯s documentation to find out if there is an option to enable group browsing/lookup.
An alternative in case the tool doesn¡¯t work as you expect or you cannot change the settings is to grant permission to connect directly using T-SQL; in SQL Server 2000 you can use sp_grant login for this purpose: http://msdn2.microsoft.com/en-us/library/aa933411(sql.80).aspx
Please, let us know if you encounter any problem using sp_grantlogin and we will be glad to assist. Also, in case you have any problems let us know your environment (OS version, SQL Server 2000 SKU and SP version) so we can reproduce the problem.
Thanks,
-Raul Garcia
SDE/T
SQL Server Engine