Sunday, March 25, 2012

adding windows user via sp_cmdshell

assuming SQL server nt service is started under domain user with right to cr
eate windows user in domain, is there a way to execute sp_ in QA that allow
mw to create domain user, set password and add user to group in domain? if s
o can anyone provide this s
tatment.
Tom,Hi,
Yes. See the OS commands NET USER and NET GROUP in OS Help. You can use this
command from Query Anayzer using XP_CMDSHELL.
Sample
Master..XP_cmdshell 'net user Fin_user password /DOMAIN /ADD'
go
Master..XP_cmdshell 'net group Finance /DOMAIN /ADD'
go
For more details of command execute the below from command prompt
net user ?
net group ?
Thanks
Hari
MCDBA
"TOM P." <TOMP@.discussions.microsoft.com> wrote in message
news:E8D38151-CF4C-4EF9-A713-617E25BA2AEE@.microsoft.com...
> assuming SQL server nt service is started under domain user with right to
create windows user in domain, is there a way to execute sp_ in QA that
allow mw to create domain user, set password and add user to group in
domain? if so can anyone provide this statment.
> Tom,|||Hello Hari,
I have tried it, but it did not work for me, I got:
The request will be processedat DC ...
System error 5 has occurred
Access denied.
I got this regardless if I'm using SA account to open Query Analizer or wind
ows auth... where am member of domain admin. any idea...
"Hari Prasad" wrote:

> Hi,
> Yes. See the OS commands NET USER and NET GROUP in OS Help. You can use th
is
> command from Query Anayzer using XP_CMDSHELL.
> Sample
>
> Master..XP_cmdshell 'net user Fin_user password /DOMAIN /ADD'
> go
> Master..XP_cmdshell 'net group Finance /DOMAIN /ADD'
> go
>
> For more details of command execute the below from command prompt
> net user ?
> net group ?
> Thanks
> Hari
> MCDBA
>
> "TOM P." <TOMP@.discussions.microsoft.com> wrote in message
> news:E8D38151-CF4C-4EF9-A713-617E25BA2AEE@.microsoft.com...
> create windows user in domain, is there a way to execute sp_ in QA that
> allow mw to create domain user, set password and add user to group in
> domain? if so can anyone provide this statment.
>
>|||Hi Tom
As Hari said it is possible, but difficult. The problem
here is its taking the userid of SQL Server instance that
the runs the xp_cmdshell and attempting to create users.
If that userid doesn't have the Server (not SQL)
permission to do its going to crash and burn.

>--Original Message--
>Hello Hari,
>I have tried it, but it did not work for me, I got:
>The request will be processedat DC ...
>System error 5 has occurred
>Access denied.
>I got this regardless if I'm using SA account to open
Query Analizer or windows auth... where am member of
domain admin. any idea...
>"Hari Prasad" wrote:
>
Help. You can use this[vbcol=seagreen]
password /DOMAIN /ADD'[vbcol=seagreen]
command prompt[vbcol=seagreen]
message[vbcol=seagreen]
617E25BA2AEE@.microsoft.com...[vbcol=seagreen]
domain user with right to[vbcol=seagreen]
execute sp_ in QA that[vbcol=seagreen]
user to group in[vbcol=seagreen]
>.
>|||Hi,
I agree with you peter. To do this you might need to start the MSSQL server
service using
a Domain Administrator account. I will not suggest you this.
I will not recommend you to create users / Groups from Query Analyzer.
Thanks
Hari
MCDBA
"Peter" <anonymous@.discussions.microsoft.com> wrote in message
news:2dc001c470c1$74fea120$a301280a@.phx.gbl...[vbcol=seagreen]
> Hi Tom
> As Hari said it is possible, but difficult. The problem
> here is its taking the userid of SQL Server instance that
> the runs the xp_cmdshell and attempting to create users.
> If that userid doesn't have the Server (not SQL)
> permission to do its going to crash and burn.
>
> Query Analizer or windows auth... where am member of
> domain admin. any idea...
> Help. You can use this
> password /DOMAIN /ADD'
> command prompt
> message
> 617E25BA2AEE@.microsoft.com...
> domain user with right to
> execute sp_ in QA that
> user to group in|||Agreed.

>--Original Message--
>Hi,
>I agree with you peter. To do this you might need to
start the MSSQL server
>service using
>a Domain Administrator account. I will not suggest you
this.
>I will not recommend you to create users / Groups from
Query Analyzer.
>Thanks
>Hari
>MCDBA
>
>"Peter" <anonymous@.discussions.microsoft.com> wrote in
message
>news:2dc001c470c1$74fea120$a301280a@.phx.gbl...
that[vbcol=seagreen]
>
>.
>sql

No comments:

Post a Comment