×


Orphaned users in SQL Server

Orphaned users in SQL Server occurs when a database user is based on login at the master database. But the login doesn’t exist at master. Normally, this happens while taking a database backup from one server and restoring it to another server (Mostly during DB migration).
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to troubleshoot SQL related queries.
In this context, we shall look into how to identify and fix Orphaned Windows users in SQL Server.

How to identify and fix Orphaned Windows users in SQL Server ?

Here is the command we use to find the orphaned users in SQL Server:

USE
USER DATABASE
EXEC SP_CHANGE_USERS_LOGIN ‘REPORT’
GO

Different method to fix orphaned users in SQL Server ?

Use the following methods to fix these Orphaned users.

1. Using the Orphaned User ID

If we find the orphaned user then we create a login by using the orphaned user SID.

USE
MASTER
CREATE LOGIN [LoginName] WITH PASSWORD = ‘Login@12345’,
SID = 0xF0C10D1C8EDD1C40A735B07DAD54FFAE

2. Using update_one

We can make use of UPDATE_ONE to change the user’s SID with Logins SID.
Also, we can use this to map even if the Login name and Username are different or the same.
Now we can create a new login by running:

CREATE LOGIN [LoginName] WITH PASSWORD = 'Login@12345'

After that, we fix the orphaned user by using UPDATE_ONE.

USE
USER DATABASE
sp_change_users_login UPDATE_ONE, ‘UserName’, ‘LoginName’
GO

3. Using AUTO_FIX

It is possible to fix the orphaned users in two ways using AUTO_FIX.

Type 1:
We can use AUTO_FIX when the Login Name and User Name are the same.
For that, first, we create the login and then assign the Login SID to Orphan User.

CREATE LOGIN [LoginName] WITH PASSWORD = 'Login@12345'

After that, we fix the orphaned user by using the below syntax.

USE
USER DATABASE
sp_change_users_login AUTO_FIX, ‘LoginName/UserName’
Go

Type 2:
We can use AUTO_FIX even without creating a login. However, LoginName and UserName should be the same.
For that, we run the below command.

USE
USER DATABASE
sp_change_users_login AUTO_FIX, ‘UserName’, NULL, ‘login@123’
GO

If the orphaned user is fixed successfully, we will not get any orphaned user (UserName and SID) when we run the below command.

USE
USER DATABASE
EXEC SP_CHANGE_USERS_LOGIN ‘REPORT’
GO


[Need urgent assistance with SQL queries? – We'll help you. ]


Conclusion

This article will help you to identify #Orphaned #Windows #Logins and Groups in #SQL Server.
To Resolve an Orphaned User:
To map an orphaned user to a login which already exists in master, execute the ALTER USER #statement in the user database, specifying the login name.
ALTER USER <user_name> WITH Login = <login_name>; When you recreate a missing login, the user can access the database using the password provided.
To fix orphaned users for all databases in SQL Server:
1. Login with same name as user exists – generate ALTER LOGIN to map the user to the login.
2. No login with same name exists – generate DROP USER to delete the orphan user.
3. Orphan user is [dbo] – change the database owner to SA (or whatever SA was renamed to).