How to Identify and Fix SQL Server Orphaned Users

What are Orphaned Users in SQL Server?

Orphaned users in SQL Server are database users who are linked with the corresponding login at a server level. In other words, the database users exist, but the server login does not depend on them.

In SQL Server, authentication works at two levels:

1. Server level – Login
2. Database Level – User

When the mapping between login and users breaks, it consequently creates orphaned database users in SQL Server.

Why Do SQL Server Orphaned Users Appear?

Commonly, orphaned users appear due to several reasons:

• When a database is restored on a new server, logins may not exist there.
• If a login is deleted but the database user remains, it becomes orphaned.
• During the migration process, logins might not be transferred correctly.
• Each login has a unique Security Identifier (SID). If the SID differs from the database user’s SID, the mapping fails.
• Not following a proper backup and restore SQL database procedure may lead to orphaned users.

How to Identify SQL Orphaned Users?

You can identify the SQL orphaned users using the T-SQL queries. Primarily, the following methods are used:

Method 01: Use System View

SELECT dp.name AS DatabaseUser FROM sys.database_principals dp LEFT JOIN sys.server_principals sp ON dp.sid = sp.sid WHERE sp.sid IS NULL AND dp.type IN (‘S’, ‘U’);

This query helps you to identify the users who do not match the server login.

Method 02: Use sp_change_users_login (Older version)

EXEC sp_change_users_login ‘Report’;

However, newer versions of SQL Server no longer support this stored process.

How to Fix Orphaned SQL Server Users?

There are multiple ways to fix the orphaned SQL server. Depending on the situation, you can choose the appropriate method.

Method 01: Map Existing Login to User

ALTER USER [username] WITH LOGIN = [loginname];

This remaps the users to the correct login.

Method 02: Create a missing login

If the login does not exist, then create it first.

CREATE LOGIN [loginname] WITH PASSWORD = ‘StrongPassword’; ALTER USER [username] WITH LOGIN = [loginname];

Method 03: Use SID Matching

If you want to maintain the same SID, then create an SID using the original login.

CREATE LOGIN [loginname] WITH PASSWORD = ‘StrongPassword’, SID = 0xYourSIDHere;

Method 04: Use Advanced Software for Microsoft SQL Server Orphan Users

Alternatively, you can use the SQL Server Database Migration Tool to securely migrate SQL orphaned users. This software securely connects the source to the destination using a reliable login process. Also, it allows you to select the data transfer mode for the simple view. It maintains the data structure and transfers data in SQL tables, views, columns, indexes, etc. If you have to backup and restore SQL database, you can use the same software.

Simple Process to Migrate SQL Orphaned User:

1. Download and install the SQL Server Database Migration Tool on your system.
   
   
2. Now, select the authentication mode: Windows or Server & enter login credentials.
   
   
3. Next, select the source and apply the required filters to proceed further.
   
   
4. Then, select the destination and enter the login credentials to connect >> Next.
   
   
5. At last, click on the Save button to start the process.
   
   

Ending Quote

In conclusion, this blog covered all the problems and solutions to recover your SQL Server orphaned users. You can use the above-mentioned queries to identify the issues and fix them. It is important to always opt for the right method to resolve the issues. Additionally, it is suggested to use the advanced software for better security and complete data integrity.

Frequently Asked Questions

Related Post