CJSmith dot me

I dump stuff I find useful here

Simple method to see what AD Users SQL Server can see in AD Groups

Published / by Chris Smith / Leave a Comment

Credit: Microsoft
StackOverflow user Saranya Kumaran

Simple method to see what AD Users SQL Server can see in AD Groups

exec xp_logininfo 'Domain/AD Group', 'all'
exec xp_logininfo 'Domain/AD Group', 'members'

Notes:
Non ad group first command returns error, second command returns no output
Msg 15404, Level 16, State 10, Procedure xp_logininfo, Line 64 [Batch Start Line 0]
Could not obtain information about Windows NT group/user , error code 0xffff0002.

Run against AD user not group first command works, second does not
Msg 15404, Level 16, State 5, Procedure xp_logininfo, Line 43 [Batch Start Line 1]
Could not obtain information about Windows NT group/user , error code 0x8ac.

Leave a Reply