找不到Windows NT用户或组“ DOMAIN\USER”吗？ [英] Windows NT user or group 'DOMAIN\USER' not found?

问题描述

我正在尝试从Active Directory组中的SQL服务器上创建用户，因为我正在使用的应用程序本身不支持Windows身份验证，并且依赖在SQL Server上创建的单个登录名，因为在应用程序而不是使用SQL角色。因此，每个要访问应用程序的用户都需要自己的用户来针对应用程序数据库所在的SQL实例进行创建，以便可以在应用程序内为该用户分配单独的权限。

I am trying to create users on a SQL server from an Active Directory group as an application I am working with does not natively support Windows authentication and relies upon individual logins being created on the SQL server, as application level permissions are managed in the application rather than using SQL roles. Due to this, each user that is to access the application needs their own user creating against the SQL instance that the applications database is on, so that the user can then be assigned individual permissions within the application.

我正在使用以下方法从我们指定的Active Directory组中读取用户列表；

I am reading the list of users from the Active Directory group we have designated using the following;

exec master。 .xp_logininfo'domain\groupname'，'members'

这将返回类似于以下内容的输出；

This returns output similar to the following;

account name    type  privilege  mapped login name  permission path
DOMAIN\USER     user  user       DOMAIN\USER        DOMAIN\GROUPNAME

在大多数情况下，可以在SQL实例上创建此列表中返回的用户，而不会产生任何麻烦。我首先使用 sp_grantlogin 将用户创建为SQL帐户，然后继续允许每个新的登录名访问应用程序数据库。但是，据报告有少数用户不存在。由于运行 sp_grantlogin ;

For the most part, the users returned in this list can be created on the SQL instance without any drama. I am creating the users as SQL accounts using sp_grantlogin in the first instance, before moving on to allow each new login access to the application database. However, a handful of users are being reported as not existing. I get the following error as a result of running sp_grantlogin;

Msg 15401, Level 11, State 1, Procedure sp_grantlogin, Line 49
Windows NT user or group 'DOMAIN\USER' not found. Check the name again.

显然在以上错误消息中，我删除了实际的用户名。为什么 xp_logininfo 返回无法使用 sp_grantlogin 创建的用户？

Obviously in the above error message, I have removed the actual username. Why would xp_logininfo return a user that cannot be created with sp_grantlogin? Is there anything obvious that I am missing?

推荐答案

这仅表示该用户不在管理员组中。如果您的问题像我的一样，则您的Active Directory位于其他虚拟机上，而SQL Server位于另一虚拟机上。并且您已经将Active Directory域加入到SQL Server虚拟机中，然后必须在SQL Server虚拟机上执行以下操作。

This just means that the user is not in the Administrator group. If your problem is like mine where your Active Directory in on a different Virtual Machine, and your SQL Server on another. And you have joined Active Directory Domain to your SQL Server Virtual Machine, then you have to do the following on your SQL Server Virtual MAchine.

1. 导航到工具-> 计算机管理。

窗口将打开，展开系统工具-> 本地用户和组。

The windows opens, Expand System Tools --> Local Users and Groups.

单击组 >，然后您应该会在窗口的
列右侧看到一个组的列表。

Click on Groups and you should see a list of groups to the right column of the window.

双击管理员，将打开一个新窗口，您会注意到链接的用户不在此处。

Double click Administrator, a new window opens and you will notice that the linked User is not under there.

单击添加，将打开新窗口。在此处的位置下，您可以选择更改域的
位置。

Click Add, new window opens. Here, under location, you may chose to change location of your domain.

点击高级，登录提示打开，只需使用管理员虚拟机帐户登录即可。

Click Advanced, a log in prompt opens, simply log in with you administrator Virtual Machine account.

单击立即查找，所有字段保持不变。从显示的用户列表中，双击从Active Directory导入的用户，然后单击确定。

Click Find Now with all fields as is. From a list of users presented, double click the user imported from Active Directory and click Ok.

这篇关于找不到Windows NT用户或组“ DOMAIN\USER”吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！