Migrate / Move / Copy SQL Logins to another SQL Server

There are often situations where you need to copy/move/migrate/transfer SQL logins from one SQL server to another. For example, if you've restored a database to a new SQL server (and will do so frequently in the future, such as in a log shipping environment) and you want to use the same SQL login credentials to login to the new server as you used on the previous server.

In order to properly move/copy/migrate/transfer a SQL login (and maintain the same SID), you'll need to perform the steps from the following procedure:

1. copy script from method 2 on this page: http://support.microsoft.com/kb/918992

2. In the SSMS query editor, select the Results to Text option.

3. run the following command on the original server: EXEC sp_help_revlogin

4. copy the output (or just a portion of it) and run it on the new server (from sql management studio)



In case the Microsoft Article from step 1 is unavailable:


USE masterGOIF OBJECT_ID ('sp_hexadecimal') IS NOT NULLDROP PROCEDURE sp_hexadecimalGOCREATE PROCEDURE sp_hexadecimal@binvalue varbinary(256),@hexvalue varchar (514) OUTPUTASDECLARE @charvalue varchar (514)DECLARE @i intDECLARE @length intDECLARE @hexstring char(16)SELECT @charvalue = '0x'SELECT @i = 1SELECT @length = DATALENGTH (@binvalue)SELECT @hexstring = '0123456789ABCDEF'WHILE (@i <= @length)BEGINDECLARE @tempint intDECLARE @firstint intDECLARE @secondint intSELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1))SELECT @firstint = FLOOR(@tempint/16)SELECT @secondint = @tempint - (@firstint*16)SELECT @charvalue = @charvalue +SUBSTRING(@hexstring, @firstint+1, 1) +SUBSTRING(@hexstring, @secondint+1, 1)SELECT @i = @i + 1END
SELECT @hexvalue = @charvalueGO
IF OBJECT_ID ('sp_help_revlogin') IS NOT NULLDROP PROCEDURE sp_help_revloginGOCREATE PROCEDURE sp_help_revlogin @login_name sysname = NULL ASDECLARE @name sysnameDECLARE @type varchar (1)DECLARE @hasaccess intDECLARE @denylogin intDECLARE @is_disabled intDECLARE @PWD_varbinary varbinary (256)DECLARE @PWD_string varchar (514)DECLARE @SID_varbinary varbinary (85)DECLARE @SID_string varchar (514)DECLARE @tmpstr varchar (1024)DECLARE @is_policy_checked varchar (3)DECLARE @is_expiration_checked varchar (3)
DECLARE @defaultdb sysname
IF (@login_name IS NULL)DECLARE login_curs CURSOR FOR
SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROMsys.server_principals p LEFT JOIN sys.syslogins lON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name <> 'sa'ELSEDECLARE login_curs CURSOR FOR
SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROMsys.server_principals p LEFT JOIN sys.syslogins lON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name = @login_nameOPEN login_curs
FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denyloginIF (@@fetch_status = -1)BEGINPRINT 'No login(s) found.'CLOSE login_cursDEALLOCATE login_cursRETURN -1ENDSET @tmpstr = '/* sp_help_revlogin script 'PRINT @tmpstrSET @tmpstr = '** Generated ' + CONVERT (varchar, GETDATE()) + ' on ' + @@SERVERNAME + '*/'PRINT @tmpstrPRINT ''WHILE (@@fetch_status <> -1)BEGINIF (@@fetch_status <> -2)BEGINPRINT ''SET @tmpstr = '-- Login: ' + @namePRINT @tmpstrIF (@type IN ( 'G', 'U'))BEGIN -- NT authenticated account/group
SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name ) + ' FROM WINDOWS WITH DEFAULT_DATABASE = [' + @defaultdb + ']'ENDELSE BEGIN -- SQL Server authentication-- obtain password and sidSET @PWD_varbinary = CAST( LOGINPROPERTY( @name, 'PasswordHash' ) AS varbinary (256))EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUTEXEC sp_hexadecimal @SID_varbinary,@SID_string OUT
-- obtain password policy stateSELECT @is_policy_checked = CASE is_policy_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @nameSELECT @is_expiration_checked = CASE is_expiration_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name
SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name ) + ' WITH PASSWORD = ' + @PWD_string + ' HASHED, SID = ' + @SID_string + ', DEFAULT_DATABASE = [' + @defaultdb + ']'
IF ( @is_policy_checked IS NOT NULL )BEGINSET @tmpstr = @tmpstr + ', CHECK_POLICY = ' + @is_policy_checkedENDIF ( @is_expiration_checked IS NOT NULL )BEGINSET @tmpstr = @tmpstr + ', CHECK_EXPIRATION = ' + @is_expiration_checkedENDENDIF (@denylogin = 1)BEGIN -- login is denied accessSET @tmpstr = @tmpstr + '; DENY CONNECT SQL TO ' + QUOTENAME( @name )ENDELSE IF (@hasaccess = 0)BEGIN -- login exists but does not have accessSET @tmpstr = @tmpstr + '; REVOKE CONNECT SQL TO ' + QUOTENAME( @name )ENDIF (@is_disabled = 1)BEGIN -- login is disabledSET @tmpstr = @tmpstr + '; ALTER LOGIN ' + QUOTENAME( @name ) + ' DISABLE'ENDPRINT @tmpstrEND
FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denyloginENDCLOSE login_cursDEALLOCATE login_cursRETURN 0GO