June 2025 Discount: Comprehensive Database Performance Health Check | Testimonials

Home

SQL SERVER – AlwaysOn Availability Groups: Script to Sync Logins Between Replicas?

Pinal Dave
SQL
12 Comments

SQL SERVER - AlwaysOn Availability Groups: Script to Sync Logins Between Replicas? script One of my blog readers was referring below blog SQL SERVER – Create Login with SID – Way to Synchronize Logins on Secondary Server. Let us learn in this blog post about the script to sync logins between replicas.

He sent me email asking if there is a script available to create multiple logins with SID and password? I was able to spend some time and referred various online blogs/content to come up with below script.

Please let me know if you find below script useful.

SELECT 'create login [' + sp.name + '] ' + CASE 
		WHEN sp.type IN (
				'U'
				,'G'
				)
			THEN 'from windows '
		ELSE ''
		END + 'with ' + CASE 
		WHEN sp.type = 'S'
			THEN 'password = ' + master.sys.fn_varbintohexstr(sl.password_hash) + ' hashed, ' + 'sid = ' + master.sys.fn_varbintohexstr(sl.sid) + ', check_expiration = ' + CASE 
					WHEN sl.is_expiration_checked > 0
						THEN 'ON, '
					ELSE 'OFF, '
					END + 'check_policy = ' + CASE 
					WHEN sl.is_policy_checked > 0
						THEN 'ON, '
					ELSE 'OFF, '
					END + CASE 
					WHEN sl.credential_id > 0
						THEN 'credential = ' + c.name + ', '
					ELSE ''
					END
		ELSE ''
		END + 'default_database = ' + sp.default_database_name + CASE 
		WHEN len(sp.default_language_name) > 0
			THEN ', default_language = ' + sp.default_language_name
		ELSE ''
		END
FROM sys.server_principals sp
LEFT JOIN sys.sql_logins sl ON sp.principal_id = sl.principal_id
LEFT JOIN sys.credentials c ON sl.credential_id = c.credential_id
WHERE sp.type IN (
		'S'
		,'U'
		,'G'
		)
	AND sp.name <> 'sa'
	AND sp.name NOT LIKE 'NT Authority%'
	AND sp.name NOT LIKE 'NT Service%'

How to use the script?

You need to run above script on primary replica. Once we execute this we would get a result which would have commanded to create a login. Copy the output and paste in a query window. The query needs to run against secondary server.

If you are using the Windows login than create them in every instance. In windows login case, the SID is managed by active directory, so you will be able to access in all replicas members of an availability group if the login exists in the primary replica.

Please note that user information is part of the database and it would come automatically via data synchronization.

Reference: Pinal Dave (https://darkslategrey-bat-805937.hostingersite.com

AlwaysOn, SQL Error Messages, , SQL Server, SQL Server Security
Previous Post
SQL SERVER – RDP Error to Azure Virtual Machines – The remote computer that you are trying to connect to requires Network Level Authentication (NLA)
Next Post
SQL SERVER – Execution Failed. See the Maintenance Plan and SQL Server Agent Job History Logs for Details

Related Posts

Leave a Reply

Pinal Dave is an SQL Server Performance Tuning Expert and independent consultant with over 22 years of hands-on experience. He holds a Masters of Science degree and numerous database certifications.

Pinal has authored 14 SQL Server database books and 92 Pluralsight courses. To freely share his knowledge and help others build their expertise, Pinal has also written more than 5,800 database tech articles on his blog at https://darkslategrey-bat-805937.hostingersite.com.

Pinal is an experienced and dedicated professional with a deep commitment to flawless customer service. If you need help with any SQL Server Performance Tuning Issues, please feel free to reach out at pinal@sqlauthority.com.

Pinal is also a CrossFit Level 1 Trainer (CF-L1) and CrossFit Level 2 Trainer (CF-L2).

Nupur Dave is a social media enthusiast and an independent consultant. She primarily focuses on the database domain, helping clients build short and long-term multi-channel campaigns to drive leads for their sales pipeline.

Comprehensive Database Performance Health Check

Is your SQL Server running slow and you want to speed it up without sharing server credentials? In my Comprehensive Database Performance Health Check, we can work together remotely and resolve your biggest performance troublemakers in less than 4 hours.

Once you learn my business secrets, you will fix the majority of problems in the future.

SQL Server Performance Tuning Practical Workshop

Have you ever opened any PowerPoint deck when you face SQL Server Performance Tuning emergencies? SQL Server Performance Tuning Practical Workshop is my MOST popular training with no PowerPoint presentations and 100% practical demonstrations.

Essentially I share my business secrets to optimize SQL Server performance.