NT4 domain groups | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

NT4 domain groups

Running SQL Server 2000 on Win2k but the domain isn’t Active Directory yet, it’s NT4. My question is, can I add the NT4 domain groups to roles in my SQL Server security (just as I would with Active directory)? And When it moves to active directory, providing the same groups are there, will the change be seamless to my SQL server security? (I doubt this one). And If the Domain controller is down, the person can still log into their workstation with their domain account (I guess windows caches the passwd) but will the SQL Server still pickup that that user is a part of the domain role ‘Managers’ ? Thanks,
Hi ya, most of this you probably need to test in a separate environment, but as far as I know:
– yes you can add NT groups to SQL
– as long as you upgrade the NT domain in place OR you use the AD Migration tool to preserver SID history, then the NT groups will still work once you go to AD
– If all DCs are down then you will not be able to log into SQL, the only reason that you can log into a workstation is that the ws caches the last user’s login credentials. You should always have multiple DCs in a domain Cheers

Thanks What if they have a local msde installation that uses Windows Auth and they take their laptop home (being off the network) ? I presume that they can log into windows with their domain account if they were the last person to login to that machine, but SQL Windows Auth will deny them access since it cannot validate against NT4 or AD, correct ?
hmm, I must say, I’m not sure… I think that is the MSDE allows only their NT domain account to connect to the database, then the database cannot be connected to while they are not on the network… Cheers