• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1170
  • Last Modified:

Return members of an AD Group from SQL Server stopred proc? - xp_logininfo fails

I want to list the members of an AD group added as a user in SQL Server 2000 (or 2005).  xp_logininofo works like a champ for local NT group, but does not like the AD groups.

this works:
EXECUTE master.dbo.xp_logininfo 'myserver\RS_Management_Team', 'members'

this fails with error MSG 8198:
EXECUTE master.dbo.xp_logininfo 'mydomain\NOPHI', 'members'

change the \ to a / and it runs but returns no records.

According to this article on sqlserverpedia.com "It really can not get much more simple than that"

I had a good sql admin query the members from this same AD group on this same server once, but I don't know how it was done.... with xp_logininfo or something else.  Our IT group has AD setup so we cannot query it directly.  Desperate for this, hope someone can help.

1 Solution
Ted BouskillSenior Software DeveloperCommented:
What service account is SQL running under?  As a guess it would have to be a 'Network Service' and even then it might not work unless the SQL service is running as a domain account to query AD outside the local server.

Have you read this article? http://support.microsoft.com/kb/834124
utmsa_MikeTAuthor Commented:
Thank you for responding.  The article was helpful.  I was not sure what type of account was running the service at first.  I have discovered my problem is related to the group scope of the AD group.  xp_logininfo is returing members for "Global" and the ones that fail are "Domain Local" which permit users from any trusted domain.  I'll post another question that's not as vague as this one was.  I really do appreciate your responding.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now