Connect to SQL Server cross domain AD Group user

Rick 41 Reputation points
2020-10-28T13:02:19.303+00:00

Our MS SQL Server is on another trusted domain (Trusted Domain T). We created a Universal Group within Domain A with users from different forest domains and added the AD group onto the SQL Server. When the user from Child Domain B tries to connect, they get the error: "Login failed for user".

If I add the user directly instead of the AD Group in SQL Server, they can login without problems. Furthermore, if I create a AD group in Child Domain B, include all the users from that domain and add it to SQL Server, they have access.

Domain Forrest

  • Domain A
    • Child Domain B (Child Transitive - Relationship)
    • Child Domain C (Child Transitive - Relationship)
  • Trusted Domain T (External - Non Transitive Relationship)

I'm on SQL Server 2016 (13.0.4001.0)

SQL Server error logs displays the error for that particular user: Reason: Could not find a login matching the name provided.

We created a new AD Group within Child Domain B and added the users from that domain and added the group to SQL Server and it worked. So the problem is domain cross referencing in SQL Server

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,420 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. m 4,271 Reputation points
    2020-10-29T06:54:56.683+00:00

    Hi @Rick ,

    SQL Server error logs displays the error for that particular user: Reason: Could not find a login matching the name provided....So the problem is domain cross >referencing in SQL Server

    The error message describes clearly:"Could not find a login matching the name provided". If you want to log in SQL Server, you need to have corresponding logins on your sqlserver side. It means, quote from this case: cross-domain-windows-authentication-in-sql-server-2014

    As long as the trust relationship between domains is properly configured, and your windows account exists in the remote SQL Server instance, you should be fine.

    BR,
    Mia

    If the answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
  2. m 4,271 Reputation points
    2020-10-30T02:21:51.927+00:00

    Hi @Rick ,

    Is the reply helpful?

    BR,
    Mia

    If the answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.