Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Auditing SQL 2000 Environment!!!

Status
Not open for further replies.
DrSql

DrSql

Programmer
Jul 16, 2000
615
US
I am trying to audit my SQL Server environment. Majority of my users are NT authentication. When an account is diabled or deleted from the Domain the account credetails are still in syslogin tables. I want to find those accounts and remove. Also I want to find out when was the last sucessfull logins by the users. Is there any sys tables that I refer and gather these details or any tools that I can obtain.
Thanks

Dr.Sql
Good Luck.
 
Sort by date Sort by votes
The procedure sp_validatelogins can be used to find app the accounts which have been removed from the domain.

I've used this script to handle this. It handles removing the login from all the databases, and will output some info if the users owns objects.

Code: 
declare @Login sysname
declare @sid varbinary(100)
declare @db sysname
declare @CMD varchar(8000)
create table #vl (SID varbinary(100), login sysname)

insert into #vl
exec sp_validatelogins

declare cur CURSOR for select SID, login from #vl
open cur
fetch next from cur into @sid, @login
while @@FETCH_STATUS = 0
BEGIN
	set @CMD = 'use [?] 
declare @name sysname
if exists (select * from sysusers where sid = convert(varbinary(100), ''' + convert(varchar(100), @sid) + ''')) 
begin 
	select @name = name 
		from sysusers 
		where sid = convert(varbinary(100), ''' + convert(varchar(100), @sid) + ''') 
	if @name = ''dbo''
	BEGIN
		exec sp_changedbowner ''sa''
		set @name = null
		select @name = name 
		from sysusers 
		where sid = convert(varbinary(100), ''' + convert(varchar(100), @sid) + ''') 
	END
	if @name is not null
	BEGIN
		if exists (select * from sysobjects where uid = (select uid from sysusers where name = @name))
		BEGIN
			print @name + '' owns objects in the database '' + db_name() + '' and can not be dropped.''
		END
		ELSE
		BEGIN
			exec sp_dropuser @name print @name + '' removed from '' + db_name() 
		END
	END
end'
	exec sp_MSForEachDB @CMD
	exec sp_revokelogin @loginame=@login
	--print @CMD
	fetch next from cur into @sid, @login
END
close cur
deallocate cur
drop table #vl

Denny
MCSA (2003) / MCDBA (SQL 2000) / MCTS (SQL 2005) / MCITP Database Administrator (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)
[noevil]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

grnzbra
  • Locked
  • Question
SQL Server in Windows
Replies
1
Views
975
pjw001
pjw001
CodeWell
  • Locked
  • Question
SQL Server 2017 Install Issue - Database Not in Configuration Manager
Replies
0
Views
845
CodeWell
CodeWell
RRinTetons
  • Locked
  • Question
SQL Server 2008 R2 login auditing
Replies
0
Views
493
RRinTetons
RRinTetons
dgillz
  • Locked
  • Question
SQL View not available to Excel Power Query
Replies
1
Views
715
dgillz
dgillz
bethabernathy
  • Locked
  • Question
Front End Access 365 Database dsn Connection Fails when attempting to link to 2016 SQL server
Replies
1
Views
719
dhookom
dhookom

Part and Inventory Search

Sponsor

Back
Top