New Server Query AD is giving permission error
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
We replaced a physical server with virtual, I copied all the logins, and linked servers from the old server and restored all the databases from the old server to the new. Everything works fine except for a query that uses a linked server to query Active directory. I get a permission error:
The OLE DB provider "ADSDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
If I go to the linked server and test connection it succeeds. The linked server is set to connect to AD using SQLService. The only think that changed is the physical box we were running on, so it has to be something on the sql side that is not configured correctly?
sql-server sql-server-2012
asked Mar 2 '17 at 17:46
user1910240user1910240
917
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
We replaced a physical server with virtual, I copied all the logins, and linked servers from the old server and restored all the databases from the old server to the new. Everything works fine except for a query that uses a linked server to query Active directory. I get a permission error:
The OLE DB provider "ADSDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
If I go to the linked server and test connection it succeeds. The linked server is set to connect to AD using SQLService. The only think that changed is the physical box we were running on, so it has to be something on the sql side that is not configured correctly?
sql-server sql-server-2012
asked Mar 2 '17 at 17:46
user1910240user1910240
917
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Is RPC OUT enabled in the "ASDI" Linked Server's settings? I get this error when that's disabled sometimes.
– MguerraTorres
Mar 2 '17 at 22:14
add a comment |
We replaced a physical server with virtual, I copied all the logins, and linked servers from the old server and restored all the databases from the old server to the new. Everything works fine except for a query that uses a linked server to query Active directory. I get a permission error:
The OLE DB provider "ADSDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
If I go to the linked server and test connection it succeeds. The linked server is set to connect to AD using SQLService. The only think that changed is the physical box we were running on, so it has to be something on the sql side that is not configured correctly?
sql-server sql-server-2012
asked Mar 2 '17 at 17:46
user1910240user1910240
917
We replaced a physical server with virtual, I copied all the logins, and linked servers from the old server and restored all the databases from the old server to the new. Everything works fine except for a query that uses a linked server to query Active directory. I get a permission error:
The OLE DB provider "ADSDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
If I go to the linked server and test connection it succeeds. The linked server is set to connect to AD using SQLService. The only think that changed is the physical box we were running on, so it has to be something on the sql side that is not configured correctly?
sql-server sql-server-2012
sql-server sql-server-2012
asked Mar 2 '17 at 17:46
user1910240user1910240
917
asked Mar 2 '17 at 17:46
user1910240user1910240
917
asked Mar 2 '17 at 17:46
user1910240user1910240
917
asked Mar 2 '17 at 17:46
user1910240user1910240
917
asked Mar 2 '17 at 17:46
user1910240user1910240
917
917
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 6 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
Is RPC OUT enabled in the "ASDI" Linked Server's settings? I get this error when that's disabled sometimes.
– MguerraTorres
Mar 2 '17 at 22:14
add a comment |
Is RPC OUT enabled in the "ASDI" Linked Server's settings? I get this error when that's disabled sometimes.
– MguerraTorres
Mar 2 '17 at 22:14
Is RPC OUT enabled in the "ASDI" Linked Server's settings? I get this error when that's disabled sometimes.
– MguerraTorres
Mar 2 '17 at 22:14
Is RPC OUT enabled in the "ASDI" Linked Server's settings? I get this error when that's disabled sometimes.
– MguerraTorres
Mar 2 '17 at 22:14
add a comment |
2 Answers
2
active
oldest
votes
I would presume the server Adam service GUID changed and or need to create a new computer object for your (virtual) as it's associated with the physical (adsi).
Presuming you've done all the user, machine creation. Perhaps run a com lime logo to confirm the ticket is valid database service and machine etc.?
Objects in ADS is what I'd audit and confirm.
Command kinit
edited Mar 2 '17 at 21:52
Erik
4,02931954
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
add a comment |
Appears as though my DOMAINSQLService account had gotten locked out somehow on AD, as soon as that was unlocked it started working fine.
answered Mar 3 '17 at 14:40
user1910240user1910240
917
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f165989%2fnew-server-query-ad-is-giving-permission-error%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I would presume the server Adam service GUID changed and or need to create a new computer object for your (virtual) as it's associated with the physical (adsi).
Presuming you've done all the user, machine creation. Perhaps run a com lime logo to confirm the ticket is valid database service and machine etc.?
Objects in ADS is what I'd audit and confirm.
Command kinit
edited Mar 2 '17 at 21:52
Erik
4,02931954
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
add a comment |
I would presume the server Adam service GUID changed and or need to create a new computer object for your (virtual) as it's associated with the physical (adsi).
Presuming you've done all the user, machine creation. Perhaps run a com lime logo to confirm the ticket is valid database service and machine etc.?
Objects in ADS is what I'd audit and confirm.
Command kinit
edited Mar 2 '17 at 21:52
Erik
4,02931954
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
add a comment |
I would presume the server Adam service GUID changed and or need to create a new computer object for your (virtual) as it's associated with the physical (adsi).
Presuming you've done all the user, machine creation. Perhaps run a com lime logo to confirm the ticket is valid database service and machine etc.?
Objects in ADS is what I'd audit and confirm.
Command kinit
edited Mar 2 '17 at 21:52
Erik
4,02931954
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
I would presume the server Adam service GUID changed and or need to create a new computer object for your (virtual) as it's associated with the physical (adsi).
Presuming you've done all the user, machine creation. Perhaps run a com lime logo to confirm the ticket is valid database service and machine etc.?
Objects in ADS is what I'd audit and confirm.
Command kinit
edited Mar 2 '17 at 21:52
Erik
4,02931954
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
edited Mar 2 '17 at 21:52
Erik
4,02931954
edited Mar 2 '17 at 21:52
Erik
4,02931954
edited Mar 2 '17 at 21:52
Erik
4,02931954
4,02931954
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
answered Mar 2 '17 at 21:29
TexasTAJTexasTAJ
1
1
add a comment |
add a comment |
Appears as though my DOMAINSQLService account had gotten locked out somehow on AD, as soon as that was unlocked it started working fine.
answered Mar 3 '17 at 14:40
user1910240user1910240
917
add a comment |
Appears as though my DOMAINSQLService account had gotten locked out somehow on AD, as soon as that was unlocked it started working fine.
answered Mar 3 '17 at 14:40
user1910240user1910240
917
add a comment |
Appears as though my DOMAINSQLService account had gotten locked out somehow on AD, as soon as that was unlocked it started working fine.
answered Mar 3 '17 at 14:40
user1910240user1910240
917
Appears as though my DOMAINSQLService account had gotten locked out somehow on AD, as soon as that was unlocked it started working fine.
answered Mar 3 '17 at 14:40
user1910240user1910240
917
answered Mar 3 '17 at 14:40
user1910240user1910240
917
answered Mar 3 '17 at 14:40
user1910240user1910240
917
answered Mar 3 '17 at 14:40
user1910240user1910240
917
917
add a comment |
add a comment |
Thanks for contributing an answer to Database Administrators Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f165989%2fnew-server-query-ad-is-giving-permission-error%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Is RPC OUT enabled in the "ASDI" Linked Server's settings? I get this error when that's disabled sometimes.
– MguerraTorres
Mar 2 '17 at 22:14