Solved

Accessing MS SQL server from different AD domain

Posted on 2011-09-28
5
179 Views
Last Modified: 2012-05-12
Assumptions:

We are moving clients from one domain to another.
The application is client/sever.
The clients are moving to a new domain,
the MS SQL 2005 server is remaining in the old domain
The current clients are using AD authentication.
All new client will log into the new domain.

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?

1. Do I need to change the user ids in the ms sql database?
2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
3. Is sql login ids an option?
4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?

0
Comment
Question by:bdorsey63
5 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 36814901
Do you plan to have trusts in place between the old and the new domain?

Does the application itself ask for a username and password or is it pass-through authentication?
0
 
LVL 28

Expert Comment

by:sammySeltzer
ID: 36814902
If your new domain is within the same firewall that your old domain resides in, then you should have no problem.

I am not real sure if you are referring to server when you use the word domain.

Quite frankly, the whole thing is a bit confusing.

0
 

Author Comment

by:bdorsey63
ID: 36818778
Do you plan to have trusts in place between the old and the new domain? Yes

The word from the windows team is that they will use "SID History".

Does the application itself ask for a username and password or is it pass-through authentication? Good question, I will find out next week.

I am not real sure if you are referring to server when you use the word domain.

Good catch... By domain, I mean active directory domain.
0
 
LVL 12

Accepted Solution

by:
pastorchris earned 500 total points
ID: 36902537
Hi bdorsey63,
I'll answer each of the questions as follows:

What are the issue I will face regarding having the clients in the new doamin access the server in the old domains?
The clients will have to be authenticated by the new domain since they are no longer on the old domain. If you do not have an issue with setting up a trust relationship, the best solution would be to let the old domain trust the new domain.

1. Do I need to change the user ids in the ms sql database?
Yes! Like I stated earlier, the clients will be in a new domain and so they will authenticate using the new domain.

2. If the old domain controller is available, is there a method to map old ids to the new id's and there for still have single sign on?
Setup trust betweeen the old & new domains by letting the old domain trust the new domain, then re-create the client loging on SQL server.

3. Is sql login ids an option?
Oh yes, you can optionally use SQL login (a bit hectic because users will have to know & remember their credentials). Of course this way you do not have to setup the trust relationship if you opt for DB logins instead.

4. What else can be done on the client side to access the old sql server running on the old domain? Change ODBC config?
If you are using Windows login, nothing needs to be done at the client side but if you choose to change to SQL logins, then you will have to change the authentication mode to DQL login at the client side.

In summary:
Option 1 is using Integrated authentication, no changes at the client side but setting up a trust relationships and after which you have to re-create the Windows logins at the database server.

Option 2 is going for SQL login, create SQL logins for all your clients, make changes at the client side to use the new logins, and of course there's no need for a trust relationships between the domains.

The first option is more convenient than the second option but both are good solutions. The choice is in your hands.

Regards,
Chris.
0
 

Author Closing Comment

by:bdorsey63
ID: 36952693
Thanks
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question