Solved

Accessing MS SQL server from different AD domain

Posted on 2011-09-28
5
178 Views
Last Modified: 2012-05-12
Assumptions:

We are moving clients from one domain to another.
The application is client/sever.
The clients are moving to a new domain,
the MS SQL 2005 server is remaining in the old domain
The current clients are using AD authentication.
All new client will log into the new domain.

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?

1. Do I need to change the user ids in the ms sql database?
2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
3. Is sql login ids an option?
4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?

0
Comment
Question by:bdorsey63
5 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 36814901
Do you plan to have trusts in place between the old and the new domain?

Does the application itself ask for a username and password or is it pass-through authentication?
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 36814902
If your new domain is within the same firewall that your old domain resides in, then you should have no problem.

I am not real sure if you are referring to server when you use the word domain.

Quite frankly, the whole thing is a bit confusing.

0
 

Author Comment

by:bdorsey63
ID: 36818778
Do you plan to have trusts in place between the old and the new domain? Yes

The word from the windows team is that they will use "SID History".

Does the application itself ask for a username and password or is it pass-through authentication? Good question, I will find out next week.

I am not real sure if you are referring to server when you use the word domain.

Good catch... By domain, I mean active directory domain.
0
 
LVL 12

Accepted Solution

by:
pastorchris earned 500 total points
ID: 36902537
Hi bdorsey63,
I'll answer each of the questions as follows:

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?
The clients will have to be authenticated by the new domain since they are no longer on the old domain. If you do not have an issue with setting up a trust relationship, the best solution would be to let the old domain trust the new domain.

1. Do I need to change the user ids in the ms sql database?
Yes! Like I stated earlier, the clients will be in a new domain and so they will authenticate using the new domain.

2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
Setup trust betweeen the old & new domains by letting the old domain trust the new domain, then re-create the client loging on SQL server.

3. Is sql login ids an option?
Oh yes, you can optionally use SQL login (a bit hectic because users will have to know & remember their credentials). Of course this way you do not have to setup the trust relationship if you opt for DB logins instead.

4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?
If you are using Windows login, nothing needs to be done at the client side but if you choose to change to SQL logins, then you will have to change the authentication mode to DQL login at the client side.

In summary:
Option 1 is using Integrated authentication, no changes at the client side but setting up a trust relationships and after which you have to re-create the Windows logins at the database server.

Option 2 is going for SQL login, create SQL logins for all your clients, make changes at the client side to use the new logins, and of course there's no need for a trust relationships between the domains.

The first option is more convenient than the second option but both are good solutions. The choice is in your hands.

Regards,
Chris.
0
 

Author Closing Comment

by:bdorsey63
ID: 36952693
Thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question