?
Solved

Accessing MS SQL server from different AD domain

Posted on 2011-09-28
5
Medium Priority
?
184 Views
Last Modified: 2012-05-12
Assumptions:

We are moving clients from one domain to another.
The application is client/sever.
The clients are moving to a new domain,
the MS SQL 2005 server is remaining in the old domain
The current clients are using AD authentication.
All new client will log into the new domain.

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?

1. Do I need to change the user ids in the ms sql database?
2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
3. Is sql login ids an option?
4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?

0
Comment
Question by:bdorsey63
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 36814901
Do you plan to have trusts in place between the old and the new domain?

Does the application itself ask for a username and password or is it pass-through authentication?
0
 
LVL 29

Expert Comment

by:sammySeltzer
ID: 36814902
If your new domain is within the same firewall that your old domain resides in, then you should have no problem.

I am not real sure if you are referring to server when you use the word domain.

Quite frankly, the whole thing is a bit confusing.

0
 

Author Comment

by:bdorsey63
ID: 36818778
Do you plan to have trusts in place between the old and the new domain? Yes

The word from the windows team is that they will use "SID History".

Does the application itself ask for a username and password or is it pass-through authentication? Good question, I will find out next week.

I am not real sure if you are referring to server when you use the word domain.

Good catch... By domain, I mean active directory domain.
0
 
LVL 12

Accepted Solution

by:
Chris M earned 2000 total points
ID: 36902537
Hi bdorsey63,
I'll answer each of the questions as follows:

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?
The clients will have to be authenticated by the new domain since they are no longer on the old domain. If you do not have an issue with setting up a trust relationship, the best solution would be to let the old domain trust the new domain.

1. Do I need to change the user ids in the ms sql database?
Yes! Like I stated earlier, the clients will be in a new domain and so they will authenticate using the new domain.

2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
Setup trust betweeen the old & new domains by letting the old domain trust the new domain, then re-create the client loging on SQL server.

3. Is sql login ids an option?
Oh yes, you can optionally use SQL login (a bit hectic because users will have to know & remember their credentials). Of course this way you do not have to setup the trust relationship if you opt for DB logins instead.

4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?
If you are using Windows login, nothing needs to be done at the client side but if you choose to change to SQL logins, then you will have to change the authentication mode to DQL login at the client side.

In summary:
Option 1 is using Integrated authentication, no changes at the client side but setting up a trust relationships and after which you have to re-create the Windows logins at the database server.

Option 2 is going for SQL login, create SQL logins for all your clients, make changes at the client side to use the new logins, and of course there's no need for a trust relationships between the domains.

The first option is more convenient than the second option but both are good solutions. The choice is in your hands.

Regards,
Chris.
0
 

Author Closing Comment

by:bdorsey63
ID: 36952693
Thanks
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question