Orphaned users in SQL Server occurs when a database user is based on login at the master database. But the login doesn’t exist at master. Normally, this happens while taking a database backup from one server and restoring it to another server (Mostly during DB migration).
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to troubleshoot SQL related queries.
In this context, we shall look into how to identify and fix Orphaned Windows users in SQL Server.
How to identify and fix Orphaned Windows users in SQL Server ?
Here is the command we use to find the orphaned users in SQL Server:
USE
USER DATABASE
EXEC SP_CHANGE_USERS_LOGIN ‘REPORT’
GO
Different method to fix orphaned users in SQL Server ?
Use the following methods to fix these Orphaned users.
1. Using the Orphaned User ID
If we find the orphaned user then we create a login by using the orphaned user SID.
USE
MASTER
CREATE LOGIN [LoginName] WITH PASSWORD = ‘Login@12345’,
SID = 0xF0C10D1C8EDD1C40A735B07DAD54FFAE
2. Using update_one
We can make use of UPDATE_ONE to change the user’s SID with Logins SID.
Also, we can use this to map even if the Login name and Username are different or the same.
Now we can create a new login by running:
CREATE LOGIN [LoginName] WITH PASSWORD = 'Login@12345'
After that, we fix the orphaned user by using UPDATE_ONE.
USE
USER DATABASE
sp_change_users_login UPDATE_ONE, ‘UserName’, ‘LoginName’
GO
3. Using AUTO_FIX
It is possible to fix the orphaned users in two ways using AUTO_FIX.
Type 1:
We can use AUTO_FIX when the Login Name and User Name are the same.
For that, first, we create the login and then assign the Login SID to Orphan User.
CREATE LOGIN [LoginName] WITH PASSWORD = 'Login@12345'
After that, we fix the orphaned user by using the below syntax.
USE
USER DATABASE
sp_change_users_login AUTO_FIX, ‘LoginName/UserName’
Go
Type 2:
We can use AUTO_FIX even without creating a login. However, LoginName and UserName should be the same.
For that, we run the below command.
USE
USER DATABASE
sp_change_users_login AUTO_FIX, ‘UserName’, NULL, ‘login@123’
GO
If the orphaned user is fixed successfully, we will not get any orphaned user (UserName and SID) when we run the below command.
USE
USER DATABASE
EXEC SP_CHANGE_USERS_LOGIN ‘REPORT’
GO