Orphaned Windows Users….Annie?

A caveat when working with Windows domain users in your SQL Server is the possibility of orphaned users.  When a user is removed from AD, they are not automatically removed from SQL Server.  This is an orphaned user as far as SQL Server is concerned.  Thus, no access will be provided to this account even if the AD account is recreated because it will have a new SID that will not match the existing item stored in SQL Server.  You can run the sp_validatelogins stored procedure to display if any orphaned users are in the database.

To resolve this problem you will need to remove the user using DROP LOGIN ‘AD\Annie’.  Then you will need to revoke the user’s server access using EXEC sp_revokelogin ‘AD\Annie’ to remove the user’s access to the server.



About SQLGator

Microsoft Data Platform MVP, Florida Gator, Star Wars fanatic and is there anything else...oh yeah PS4! I am a geek and SQL Server Business Intelligence Consultant, there are other technologies greater than these? Not so fast my friend! I also love to travel to new and exotic places.

Posted on January 31, 2012, in Security and tagged , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: