Connect to sql server with windows authentication in different domains

When you login to a computer you can do indeed in the pursue manner :

  • login to the computer with a user that is stored on the computer (e.g. COMPUTER_1\USER_3)
  • login to the computer with a user that is stored in the active directory of the domain you are using (e.g. DOMAIN_1\USER_1)

When the login is complete you have verified the authenticity of your account ( USER_n ) against either the computer ( COMPUTER_1 ) or against the Active Directory domain ( DOMAIN_1 ) .

Environment

nowadays let ‘s say we have the following information based on your questions :

  • first domain user account USER_1
  • second domain user account USER_2
  • first computer user account USER_3
  • second computer user account USER_4
  • first computer COMPUTER_1
  • second computer COMPUTER_2
  • first server SERVER_1
  • second server SERVER_2
  • first domain DOMAIN_1
  • second domain DOMAIN_2

future I am assuming the follow :

  • USER_1, COMPUTER_1 and SERVER_1 are members of the DOMAIN_1
  • USER_2, COMPUTER_2 and SERVER_2 are members of the DOMAIN_2
  • USER_3 is a user account on COMPUTER_1
  • USER_4 is a user account on COMPUTER_2

Scenario 1:

You login to COMPUTER_1 using the account USER_3 ( calculator exploiter score ). When you try to connect to the SERVER_1 using Windows Authentication you are deny entree .
Why ?
The COMPUTER_1\USER_3 local anesthetic Windows account can not be added to the SQL Server as a login on SERVER_1. lone SERVER_1\USER_n accounts could be added as SQL Server Logins to SERVER_1 or DOMAIN_1\USER_n accounts. SQL Server is ineffective to find COMPUTER_1\USER_n accounts when creating Windows Authenticated SQL Serer Logins .

Scenario 2

You login to COMPUTER_1 using the account DOMAIN_1\USER_1 ( Domain user report ). When you try to connect to the SQL Server SERVER_1 using Windows Authentication you are award access .
Why ?

DOMAIN_1\USER_n accounts can be added as Windows Authenticated SQL Server Logins to the SQL Server case running on SERVER_1 and then granted access to the SQL Server. SQL Server will determine that you ( DOMAIN_1\USER_1 ) are a valid Domain exploiter and will allow you to connect to the SQL Server ( assuming you have previously assigned these permissions to the account on your SQL Server ) .

Scenario 3

You login to COMPUTER_1 using the report DOMAIN_1\USER_1 ( Domain user report ). When you try to connect to the SERVER_2 ( remember server is in DOMAIN_2 ) using Windows Authentication you are most likely deny access .
Why ?
DOMAIN_1\USER_n accounts can not be added as SQL Server Logins to the SQL Server case running on SERVER_2. Unless you have a trust between the world DOMAIN_1 and DOMAIN_2. The SQL Server example on SERVER_2 will be unable to verify that you ( DOMAIN_1\USER_1 ) is a valid Domain login and will deny you access SQL Server.

Summary

When you login to a calculator you have only verified your authenticity towards either the calculator or to the knowledge domain the computer belongs to. Any other permissions ( SQL Server access, Windows Server access ) depend on the rights assigned to your account either in the knowledge domain or on the target arrangement. If a organization is out of setting of the DOMAIN_1 or SERVER_1, then you will be unable to access these servers with Windows Authenticated SQL Server logins .
If a exploiter is trying to connect to a SQL Server in a non-domain environment then you will possibly be better off with consecrated Native SQL Server Logins rather of Windows Authenticated SQL Server Logins. When you want to connect to the SQL Server you will have access via the SQL Server login .
This is a very short basic summary of how authentication works .

source : https://thefartiste.com
Category : Tech

About admin

I am the owner of the website thefartiste.com, my purpose is to bring all the most useful information to users.

Check Also

articlewriting1

Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.