Solved

Error adding domain account to SQL Server in 2008 R2 AD

Posted on 2011-03-03
5
2,110 Views
Last Modified: 2013-10-12
We are having an issue adding a domain user as an SQL server login.
Environment:
Server: SQL Server 2008 R2, Windows 2008 R2. Computer is on a domain
Domain Controller: Windows 2008 R2, Active Directory on same machine, running on 2008 R2 compatibility mode (not 2000 or 2003 mode as in other posts on this problem!).

When we try to add a domain user to Sql server we get an error 15401 (user or user group not found). However, the active directory can be browsed from that machine - we see the domain users when browsing them in sql server but cannot add them.

The problem has identical symptoms like the often-discussed problem found in Windows 200/2003 active directories and we tried all suggestions we found for this (MS hotfix, kicking the server out of the domain and back in, changing group policy, even disabling the firewall for a moment). Nothing works. It doesn't matter if we try to add the login after having logged into Windows with a local or a domain account. We can add local users as new logins to SQL server without a problem. The behaviour is identical on a second (test) machine running only SQL Server Express 2008 R2 on Win2008R2.

Any ideas how to solve this?

BTW: We stumbled across this when trying to install Team Foundation Server - it's setup stops with a message that the domain controller is unavailable. However, the DC is available as we can login with domain accounts and browse the AD from that server with no problem. We couldn't get this to work so I figured I give it a try in SQL server.
0
Comment
Question by:NilsIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 20

Accepted Solution

by:
Marten Rune earned 500 total points
ID: 35034268
Is it possible that this name of ther user/group has been altered in the AD?
if so check: http://social.msdn.microsoft.com/forums/en-US/sqlsecurity/thread/240775af-690a-46bf-be21-e1ae63ea024e
(there is also a hotfix at the end of this thread)

This article shows how to errorseek it: http://support.microsoft.com/kb/324321/en-us

//Marten
0
 

Assisted Solution

by:NilsIT
NilsIT earned 0 total points
ID: 35093316
We found the problem was that we used cloned Hyper-V virtual machines that had been cloned AFTER installing Windows Server but without using the sysprep utility. Of course we changed the Netbios name and joined the domain after cloning. Everything SEEMED to work fine but then we got these strange Active Directory errors.

We solved the problem by creating a new virtual machine and installing Windows on it from the scratch (instead of cloning an existing virtual machine). The AD-related problems both in SQL server and Team Foundation Server are gone.

Thank you martenrune for pointing me to that thread as it contained a hint by Chris that the problem can be related to cloned virtual machines.
0
 
LVL 20

Expert Comment

by:Marten Rune
ID: 35093656
Glad to se it resolved
//Marten
0
 

Author Closing Comment

by:NilsIT
ID: 35135762
Solution is described in comment NilsIT
0
 
LVL 1

Expert Comment

by:Tec-Futures
ID: 39568166
I had the same issue and ran sysprep to resolve the problem. Removed servers from network and added them back.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question