Pages

Thursday, 2 August 2012

SQL Server : Fixing the Orphaned Users

In my last post , we have discussed about orphaned uses and how to find out the orphaned users. In this post let us see how to fix the orphaned users.

In the scenario where the login is got deleted , the orphan users can be fixed by dropping the user from the databases using the below script.
DROP USER Testwindows

Some time the above script may throw an error saying that the users owns a schema.Find out the schema owned by this login by querying the catalog view sys.schema and mapping the principal_id to sys.database_principals.Either drop these schemas or change the ownership based on your environment. To change the ownership of the schema ,use the below command

ALTER AUTHORIZATION ON SCHEMA::SchemaName TO NewUserName;

In the scenario where  database restored in a different environment, we can fix the SID mismatch between the sys.server_principals and sys.database_principals by using the system stored procedure sp_change_users_login. For example you have login Mydomain\Lastname.Firstname in two instances namely INST1 and INST2. This login is associated with the user TestWindowsUser with  db_owner right on one of the database (MyDb) in INST1. Now you have taken backup of MyDb and restored it on the INST2 and  Mydomain\Lastname.Firstname will not be able to access the restored database as its SID is not matching with sys.server_principals SID . To fix this issue we can run the below command on the restored database.
USE MyDb
GO
Exec sp_change_users_login 'update_one''TestWindowsUser''Mydomain\Lastname.Firstname'

Note: This is a deprecated feature in SQL server 2008 and you can use alter user as given below

ALTER USER TestWindowsUser WITH LOGIN [Mydomain\Lastname.Firstname]

If you liked this post, do like my page on FaceBook 

2 comments:

  1. We should learn how to fix these mismatches using ALTER USER.

    SP_CHANGE_USERS_LOGIN has been deprecated since SQL Server 2008...

    ReplyDelete
    Replies
    1. Thank you for pointing it out. I will update my post with this information. I read about this sometime back in deprecated features of SQL server.Still I am using it :(

      Delete