This is working well so far. I do have one follow up question though. I have been changing the domain\old-accountname user account that the SQL and SQL Server Agent are running under (by using the SQL Server Configuration Manager) and changing it to domain\new-accountname. Works great! However, the domain\old-accountname user account that those services previously ran under, is ALSO listed under the Security->Logon section of SQL Management Studio. Bringing up the properties of the domain\old-accountname user account under Security->Logon gives options for Server Roles, User Mappings, etc. shows that account is mapped to various DBs and has a Server Role of public and sysadmin.
Am I going to hose anything up by deleting this domain\old-accountname from AD, as it relates to SQL? I'm not well versed in SQL security obviously... Not even sure how domain\old-accountname ended up in SQL Management Studio under Security->Logins. Thanks for any input. J ________________________________________ From: [email protected] <[email protected]> on behalf of Mayo, Bill <[email protected]> Sent: Monday, November 16, 2015 3:32 PM To: [email protected] Subject: [NTSysADM] RE: SQL Server and SQL Server Agent account change +1. I have done this process recently with no issues. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Desmond Sent: Monday, November 16, 2015 4:30 PM To: [email protected] Subject: [NTSysADM] RE: SQL Server and SQL Server Agent account change That sounds like everything. If you have SQL Agent jobs touching things external to SQL, you're going to need to update ACLs, etc. Thanks, Brian Desmond (w) 312.625.1438 | (c) 312.731.3132 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jesse Rink Sent: Monday, November 16, 2015 4:06 PM To: '[email protected]' <[email protected]> Subject: [NTSysADM] SQL Server and SQL Server Agent account change Wondering if anyone on the list has gone through this. I have two SQL 2008 R2 servers, let's call them SQL 1 and SQL2, both running on Windows Server 2008 R2 virtual machines. Both server have the "SQL Server (instance name)" and "SQL Server Agent (instance name)" services running under the domain\administrator user account. I'd like to change this so my SQL services aren't tied to my main domain admin account. According to what I've read, all I would need to do is create a new domain user account without any special privileges (let's call it "SQLService1"), set a password, and then go to the SQL Server Configuration Manager (SSCM) tool on SQL1 and SQL2, and adjust the properties of "SQL Server (instance name)" and "SQL Server Agent (instance name)" services to reflect it using domain\SQLService1 account instead of domain\administrator. Restart the services and viola. At that point, SQL should take care of all permissions and such necessary, etc. Anyone done this before? Seems to work well? Anything I'm missing? JR
