SUMMARY
You may see the following error when you add a Microsoft Windows NT user or a Microsoft Windows NT group as a login to Microsoft SQL Server, or when you move logins from a server in one domain to a server in a different domain:
Error 15401: Windows NT user or group '%s' not found. Check the name again.
This step-by-step article discusses potential causes of the error and how to troubleshoot this problem.
back to the topThe login does not exist
- Verify that the Windows login still exists in the domain. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server.
- Verify that you are spelling the domain and login name correctly and that you are using the following format:
- If the login exists, and it is correct, and you still receive the error, continue with the following sections in this article.
back to the topDuplicate security identifiers
In a Windows domain, unique Security Identifiers (SIDs) are automatically assigned to Windows logins in the domain. When you add a Windows login as a SQL Server login, the SID is stored in a system table in SQL Server. If you try to add a new login which has the same SID as an existing SQL Server login, the 15401 error occurs.
Note In SQL Server 2005, duplicate SIDs are not allowed.
- To determine if this is the cause of your error, run the following code while you are logged on to SQL Server as a member of the sysadmin role:
SELECT name FROM sysxlogins WHERE sid = SUSER_SID ('YourDomain\YourLogin')
- If a row is returned from this query, a duplicate SID is the cause of your problem.
- One potential cause of this scenario is loading a master database from a server in another domain. One of the logins in that domain may have had the same SID as the login that you are trying to add in this domain. This might also occur in an environment where you have clone or ghost systems.
- You must use sp_revokelogin to drop the login with the matching SID, or, to keep the existing logins, correctly map the logins from the old domain to logins in the new domain.
For additional information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
314546
How to move databases between computers that are running SQL Server
back to the topAuthentication failure
You might receive error 15401 when the domain controller for the domain where the login resides (the same or a different domain) is not available for some reason.
- If the login is in a different domain than the SQL Server, verify that the correct trusts exist between the domains.
- Verify that the domain controller of the login is accessible by using the ping command from the computer that is running SQL Server. Check both the IP address and the name of the domain controller.
For additional information about ping command, click the following article number to view the article in the Microsoft Knowledge Base:
102908
How to troubleshoot TCP/IP connectivity with Windows 2000 or Windows NT
back to the topCase sensitivity
You may be experiencing case-sensitivity problems, which are described in the following Microsoft Knowledge Base article:
245768 PRB: Case-sensitive Unicode collating sequence and Windows NT logins
In this case, use the
sp_configure or
sp_helpsort stored procedure to determine if the sort order or collation of your instance of SQL Server is case sensitive. If the server is case-sensitive, follow the steps in the referenced article (Q245768) to successfully add the login.
back to the topLocal accounts
Local (non-domain) accounts require special handling. If you are trying to add a local account from the local computer that is running SQL Server, view the following Microsoft Knowledge Base article for the correct steps:
322988 PRB: sp_grantlogin "NT AUTHORITY\SYSTEM" fails on Microsoft Windows NT 4.0
- To add the Local System Account as a SQL Server login on Windows NT 4.0, view the procedure in the article Q322988 in the Microsoft Knowledge Base.
- When you add predefined local groups, you must use BUILTIN as the domain.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
216808
PRB: Use BUILTIN\Group to grant access to predefined Windows NT groups
back to the topName resolution
If you have problems resolving the name of a computer that is involved in adding the login or group, you might receive error 15401.
Verify that your name resolution mechanism (such as, WINS, DNS, HOSTS or LMHOSTS) is configured correctly.
back to the top