make sure the new_account has all the same permissions as old_account and before deleting the old_account disable in AD wait a week or so , that way should something get hosed, all you have to do is just re-enable old_account and while you troubleshoot the new_account
> From: [email protected] > To: [email protected] > Subject: [NTSysADM] Re: SQL Server and SQL Server Agent account change > Date: Mon, 7 Dec 2015 18:16:37 +0000 > > This is working well so far. I do have one follow up question though. > > I have been changing the domain\old-accountname user account that the SQL and > SQL Server Agent are running under (by using the SQL Server Configuration > Manager) and changing it to domain\new-accountname. Works great! However, > the domain\old-accountname user account that those services previously ran > under, is ALSO listed under the Security->Logon section of SQL Management > Studio. Bringing up the properties of the domain\old-accountname user > account under Security->Logon gives options for Server Roles, User Mappings, > etc. shows that account is mapped to various DBs and has a Server Role of > public and sysadmin. > > Am I going to hose anything up by deleting this domain\old-accountname from > AD, as it relates to SQL? I'm not well versed in SQL security obviously... > Not even sure how domain\old-accountname ended up in SQL Management Studio > under Security->Logins. > > Thanks for any input. > > J > > ________________________________________ > From: [email protected] <[email protected]> on > behalf of Mayo, Bill <[email protected]> > Sent: Monday, November 16, 2015 3:32 PM > To: [email protected] > Subject: [NTSysADM] RE: SQL Server and SQL Server Agent account change > > +1. I have done this process recently with no issues. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Brian Desmond > Sent: Monday, November 16, 2015 4:30 PM > To: [email protected] > Subject: [NTSysADM] RE: SQL Server and SQL Server Agent account change > > That sounds like everything. If you have SQL Agent jobs touching things > external to SQL, you're going to need to update ACLs, etc. > > Thanks, > Brian Desmond > > (w) 312.625.1438 | (c) 312.731.3132 > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Jesse Rink > Sent: Monday, November 16, 2015 4:06 PM > To: '[email protected]' <[email protected]> > Subject: [NTSysADM] SQL Server and SQL Server Agent account change > > Wondering if anyone on the list has gone through this. > > I have two SQL 2008 R2 servers, let's call them SQL 1 and SQL2, both running > on Windows Server 2008 R2 virtual machines. > > Both server have the "SQL Server (instance name)" and "SQL Server Agent > (instance name)" services running under the domain\administrator user > account. I'd like to change this so my SQL services aren't tied to my main > domain admin account. > > According to what I've read, all I would need to do is create a new domain > user account without any special privileges (let's call it "SQLService1"), > set a password, and then go to the SQL Server Configuration Manager (SSCM) > tool on SQL1 and SQL2, and adjust the properties of "SQL Server (instance > name)" and "SQL Server Agent (instance name)" services to reflect it using > domain\SQLService1 account instead of domain\administrator. Restart the > services and viola. At that point, SQL should take care of all permissions > and such necessary, etc. > > Anyone done this before? Seems to work well? Anything I'm missing? > > JR > > > > > > >
