Solved

Accessing MS SQL server from different AD domain

Posted on 2011-09-28
5
175 Views
Last Modified: 2012-05-12
Assumptions:

We are moving clients from one domain to another.
The application is client/sever.
The clients are moving to a new domain,
the MS SQL 2005 server is remaining in the old domain
The current clients are using AD authentication.
All new client will log into the new domain.

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?

1. Do I need to change the user ids in the ms sql database?
2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
3. Is sql login ids an option?
4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?

0
Comment
Question by:bdorsey63
5 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 36814901
Do you plan to have trusts in place between the old and the new domain?

Does the application itself ask for a username and password or is it pass-through authentication?
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 36814902
If your new domain is within the same firewall that your old domain resides in, then you should have no problem.

I am not real sure if you are referring to server when you use the word domain.

Quite frankly, the whole thing is a bit confusing.

0
 

Author Comment

by:bdorsey63
ID: 36818778
Do you plan to have trusts in place between the old and the new domain? Yes

The word from the windows team is that they will use "SID History".

Does the application itself ask for a username and password or is it pass-through authentication? Good question, I will find out next week.

I am not real sure if you are referring to server when you use the word domain.

Good catch... By domain, I mean active directory domain.
0
 
LVL 12

Accepted Solution

by:
pastorchris earned 500 total points
ID: 36902537
Hi bdorsey63,
I'll answer each of the questions as follows:

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?
The clients will have to be authenticated by the new domain since they are no longer on the old domain. If you do not have an issue with setting up a trust relationship, the best solution would be to let the old domain trust the new domain.

1. Do I need to change the user ids in the ms sql database?
Yes! Like I stated earlier, the clients will be in a new domain and so they will authenticate using the new domain.

2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
Setup trust betweeen the old & new domains by letting the old domain trust the new domain, then re-create the client loging on SQL server.

3. Is sql login ids an option?
Oh yes, you can optionally use SQL login (a bit hectic because users will have to know & remember their credentials). Of course this way you do not have to setup the trust relationship if you opt for DB logins instead.

4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?
If you are using Windows login, nothing needs to be done at the client side but if you choose to change to SQL logins, then you will have to change the authentication mode to DQL login at the client side.

In summary:
Option 1 is using Integrated authentication, no changes at the client side but setting up a trust relationships and after which you have to re-create the Windows logins at the database server.

Option 2 is going for SQL login, create SQL logins for all your clients, make changes at the client side to use the new logins, and of course there's no need for a trust relationships between the domains.

The first option is more convenient than the second option but both are good solutions. The choice is in your hands.

Regards,
Chris.
0
 

Author Closing Comment

by:bdorsey63
ID: 36952693
Thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

In SQL Server, when rows are selected from a table, does it retrieve data in the order in which it is inserted?  Many believe this is the case. Let us try to examine for ourselves with an example. To get started, use the following script, wh…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now