Resetting an SQL Server account when there is no access through SQL Server Authentication
Scenario:
- SQL Server ‘sa’ or any user id is locked out.
- User has no access to SQL Server authenitcation.
- Windows Logged in user is part of Windows local Administrators group where the SQL Server is running and has currently logged into the machine.
Microsoft has removed the functionality of automatically adding the local windows system admin to SQL 2008 Users. The following solutions are workaround to get inside the SQL server by adding a user to SQL Users Table.
Note: Since this involves SQLCMD and starting, stopping of SQL Instance the logged in user should be an administrator of that server where the SQL Server is running and both solutions should be run under an elevated command prompt.
Solution 1 : (Little difficult Solution. Check Solution 2 for automated script by Microsoft)
Open command prompt.
- If you have default instance run following command on command prompt to stop SQL service: “net stop mssqlserver”
- Now go to the directory where SQL server is installed. In my case the directory is “C:Program FilesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinn”. So need to run CD C:Program FilesMicrosoft SQL ServerMSSQL10_50.MSSQLSERVERMSSQLBinn.
- Now run the following command to start sql server in single user mode. As we have specified “SQLCMD”, now only SQLCMD connection can be made.
sqlservr -m”SQLCMD”
- Now open another command prompt window and write command SQLCMD
- Run following two commands
CREATE LOGIN [testAdmin] WITH PASSWORD=N’test@1234′, DEFAULT_DATABASE=[master];
EXEC sys.sp_addsrvrolemember @loginame = N’testAdmin’, @rolename = N’sysadmin’;
GO
- Go back to first command window and press Ctrl+C to stop the SQL server and then type ‘Y’ for confirmation. This will stop the sql server.
- Start SQL server again and no startup parameters need to specified this time.
- Now using SSMS, try to connect with “testAdmin” as user and “test@1234” as password.
- Create your own logins.
- Drop testAdmin as it is not required any more.
Note: If you do not have SQL authentication enabled then you can try adding your windows user and replace setp-6 with below queries. Here <<DOMAINUSERNAME>> is placeholder for your user name
create login [<<DOMAINUSERNAME>>] from windows;
EXEC sys.sp_addsrvrolemember @loginame = N'<<DOMAINUSERNAME>>’, @rolename = N’sysadmin’;
GO;
Solution 2 : (Easy Solution)
Download the following file, extract and run the cmd file in elevated command prompt.
http://downloads.binarybits.net/blog/addselftosqlsysadmin.zip
Input:
%1 specifies the instance name to be modified. Defaults to SQLEXPRESS.
%2 specifies the principal identity to be added (in the form “<domain><user>”).
If omitted, the script will request elevation and add the current user (pre-elevation) to the sysadmin role.
If provided explicitly, the script is assumed to be running elevated already.
Method:
1) restart the SQL service with the ‘-m’ option, which allows a single connection from a box admin (the box admin is temporarily added to the sysadmin role with this start option)
2) connect to the SQL instance and add the user to the sysadmin role
3) restart the SQL service for normal connections
Output:
Messages indicating success/failure.
Note that if elevation is done by this script, a new command process window is created: the output of this window is not directly accessible to the caller.
Source: http://archive.msdn.microsoft.com/addselftosqlsysadmin/