Error 15401 Adding Domain Group to SQL Server

I have tried rebooting the system, I have ran the script to look for duplicate sids and am still having the issue when trying to add a domain group to SQL. I get the Error 15401: Windows NT user or group'mi\Trust Legal' not found. Check the name again. Running SQL 2000 Std, with SP3a, and the collation is set to SQL_Latin1_General_CP850_BIN, which makes this instance case sensitive, and the group name is spelt right and am following the case sensitivity of the name as well.

This is most likely an issue due to using a different casing. You could use a tool like sid2name, to obtain the correct casing of the group name from Windows. Then use that same casing and the statement should succeed. You might want to quickly try and capitalize the domain name: MI instead of mi; if this doesn't work then look for a sid2name tool and use it to determine the correct casing. If you cannot find such tool, you could write one easily by calling the LookupAccountSid WinAPI. You could use this post as an example: http://blogs.msdn.com/lcris/archive/2005/09/26/474202.aspx.

Thanks
Laurentiu

|||

Most likely the cause of such failure is because the SQL Server cannot gather the information for this account from the domain controller.

Please make sure that the service account used to run SQL Server has permission to query the domain controller (in most cases being a member of the domain is sufficient to query the domain controller), and that the machine has access to the domain controller.

-Raul Garcia

SDE/T

SQL Server Engine

|||

OK, so you've got two suggestions. To quickly discern between these, try to ACL something to the group, on the machine on which the server is installed. If you can, then the issue is not with reaching the DC; if you cannot, then it is a DC issue.

Thanks
Laurentiu

|||

Apprciate all the great advice, but nothing seemed to help.

1) I am able to login into server using the account in which sql is running under, and am able to add the group to a folder on the box

2) ran the groups sid up against sid2name, and found the following:

MI\Trust Legal, is a group

enter the username just like that when adding another user to SQL and get the same message?

|||

What command are you executing? sp_addlogin or sp_adduser?

Thanks
Laurentiu

|||

Neither actually:

use IMCEXCLUSIVE
exec sp_grantlogin 'MI\Trust Legal'

since its a domain group, from what I read grantlogin was the proper SP to use, am I wrong?

|||

No, you're right. sp_grantlogin is the right command.

You're using the right command and what appears to be the correct group name. So the issue is probably elsewhere. Does the command work for other groups or users in the same domain or does it consistently fail? What about users or groups from another domain? Does it work for local accounts? We need to try to identify the extent of this issue - it might hopefully lead us to its cause. If this is a blocking issue for you, I suggest to contact customer support as well.

Thanks
Laurentiu

|||Interesting idea, now when I try to add a user MI\15451a it works fine, when I try to add another group MI\Trust Technology Services it works just fine, just an issue so far with this one group MI\Trust Legal, arrgghhhhh this sucks. @. this point, if I cant get it fixed, I might just create a new group and go that route.|||

The group must be different in some way from the others. You might want to try downloading SQL Server 2005 Express SP1 and trying this command out on it, to see if you get the same issue.

Thanks
Laurentiu