Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

domain admin sysadmin

Posted on 2013-06-04
3
Medium Priority
?
406 Views
Last Modified: 2013-06-20
By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql account? Or not neccesarily? Reason I ask is we queried sys.syslogins and the password field is just showing as a load of boxes when I though they'd be the encrypted hashes for sql auth accts. I wondered if this is perhaps a security mechanism? To stop non sysadmins exporting the hashesIs it?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Accepted Solution

by:
lcohan earned 2000 total points
ID: 39219305
"By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql "

As far as I'm aware - the answer is No, however they can add themselfs as they have enough authority to do it.

You could actually script and transfer logins from SQL to SQL hashed by using: "How to transfer logins and passwords between instances of SQL Server"

http://support.microsoft.com/kb/918992


Hopefully this clears somewhat your second question/concern.
0
 
LVL 3

Author Comment

by:pma111
ID: 39219321
Not really I wondered if its not showing the hash in the password column as the user is not a sysadmin ?
0
 
LVL 40

Expert Comment

by:lcohan
ID: 39219428
I suggest you take the direct approach and query the SQL sysadmin server role instead:

SELECT      Sid,
            name,
            IS_SRVROLEMEMBER('sysadmin', name)      AS      IsSysAdmin
FROM      sys.server_principals
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Instead of error trapping or hard-coding for non-updateable fields when using QODBC, let VBA automatically disable them when forms open. This way, users can view but not change the data. Part 1 explained how to use schema tables to do this. Part 2 h…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question