Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Accessing MS SQL server from different AD domain

Posted on 2011-09-28
5
Medium Priority
?
188 Views
Last Modified: 2012-05-12
Assumptions:

We are moving clients from one domain to another.
The application is client/sever.
The clients are moving to a new domain,
the MS SQL 2005 server is remaining in the old domain
The current clients are using AD authentication.
All new client will log into the new domain.

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?

1. Do I need to change the user ids in the ms sql database?
2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
3. Is sql login ids an option?
4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?

0
Comment
Question by:bdorsey63
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 36814901
Do you plan to have trusts in place between the old and the new domain?

Does the application itself ask for a username and password or is it pass-through authentication?
0
 
LVL 29

Expert Comment

by:sammySeltzer
ID: 36814902
If your new domain is within the same firewall that your old domain resides in, then you should have no problem.

I am not real sure if you are referring to server when you use the word domain.

Quite frankly, the whole thing is a bit confusing.

0
 

Author Comment

by:bdorsey63
ID: 36818778
Do you plan to have trusts in place between the old and the new domain? Yes

The word from the windows team is that they will use "SID History".

Does the application itself ask for a username and password or is it pass-through authentication? Good question, I will find out next week.

I am not real sure if you are referring to server when you use the word domain.

Good catch... By domain, I mean active directory domain.
0
 
LVL 12

Accepted Solution

by:
Chris M earned 2000 total points
ID: 36902537
Hi bdorsey63,
I'll answer each of the questions as follows:

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?
The clients will have to be authenticated by the new domain since they are no longer on the old domain. If you do not have an issue with setting up a trust relationship, the best solution would be to let the old domain trust the new domain.

1. Do I need to change the user ids in the ms sql database?
Yes! Like I stated earlier, the clients will be in a new domain and so they will authenticate using the new domain.

2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
Setup trust betweeen the old & new domains by letting the old domain trust the new domain, then re-create the client loging on SQL server.

3. Is sql login ids an option?
Oh yes, you can optionally use SQL login (a bit hectic because users will have to know & remember their credentials). Of course this way you do not have to setup the trust relationship if you opt for DB logins instead.

4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?
If you are using Windows login, nothing needs to be done at the client side but if you choose to change to SQL logins, then you will have to change the authentication mode to DQL login at the client side.

In summary:
Option 1 is using Integrated authentication, no changes at the client side but setting up a trust relationships and after which you have to re-create the Windows logins at the database server.

Option 2 is going for SQL login, create SQL logins for all your clients, make changes at the client side to use the new logins, and of course there's no need for a trust relationships between the domains.

The first option is more convenient than the second option but both are good solutions. The choice is in your hands.

Regards,
Chris.
0
 

Author Closing Comment

by:bdorsey63
ID: 36952693
Thanks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question