One of our users, let’s call them domain\Name1 was changed in AD to domain\Name2.
For some reason SQL automatically created a new login for them and gave it securityadmin and sysadmin roles for the server along with db_owner, db_securityadmin, db_datareader and db_datawriter and two custom roles on one of our databases.
After an audit, we noticed this new login and promptly removed the login. The user now has inconsistent permissions compared with other users, like not being allowed to execute certain stored procedures.
Basically we add most users to a particular group to give them a level of access to one of the SQL databases relevant to an application. emwlaw\Name1 is in this AD group but SQL doesn’t appear to apply the same permissions to the account as everyone else gets.
We have noticed another user with exactly the same problem. They’ve also had an AD name change, an automatic login created and the same permission problems.
Is this normal behaviour? Automatically creating SQL logins seems a bit of a weird thing but we are a very small team and nobody here did it! Is SQL server able to do this by itself or is it application driven?
My main question is: How can I get SQL to recognise these users as part of the AD group again (as opposed to individual SQL Server logins), preferably without having to restart the server or SQL services.
