No longer have permission to access Management Reporter after you make changes to your domain
This article provides a resolution for the permission issue that occurs after you make changes to your domain.
Applies to: Microsoft Management Reporter 2012, Microsoft Dynamics GP, Microsoft Dynamics AX 2009, Microsoft Dynamics SL 2015, Microsoft Dynamics SL 2011
Original KB number: 3163587
Symptoms
After making changes to your domain, users are not able to access Management Reporter.
Cause
Windows SID has changed for the user and is no longer valid.
Resolution
Update Windows SID for a user that has the Administrator role in Management Reporter.
Sign in to the SQL server as one of the users that has the Administrator role in Management Reporter.
Select Start > Run and enter CMD.
At the Dos command type:
Whoami /user
In the DOS window, right-click, select Select All, and then press Enter.
Paste the information into Notepad.
Open SQL Server Management Studio and run the following SQL statement, against the Management Reporter database.
Management Reporter 2012 CU13 and later
SELECT A.UserName, B.Name, CASE A.ROLETYPE WHEN 2 THEN 'VIEWER' WHEN 3 THEN 'GENERATOR' WHEN 4 THEN 'DESIGNER' WHEN 5 THEN 'ADMINISTRATOR' END AS SecurityRole, A.WindowsSecurityIdentifier, A.UserID, CASE A. AccountDisabled When 0 Then 'Enabled' When 1 Then 'Disabled' End AS AccountStatus FROM Reporting.SecurityUser A JOIN Reporting.SecurityPrincipal B ON A.USERID = B.ID ORDER BY A.UserName
Management Reporter CU12 or earlier.
SELECT A.UserName, B.Name, CASE A.ROLETYPE WHEN 2 THEN 'VIEWER' WHEN 3 THEN 'GENERATOR' WHEN 4 THEN 'DESIGNER' WHEN 5 THEN 'ADMINISTRATOR' END AS SecurityRole, A.WindowsSecurityIdentifier, A.UserID, CASE A. AccountDisabled When 0 Then 'Enabled' When 1 Then 'Disabled' End AS AccountStatus FROM SECURITYUSER A JOIN SECURITYPRINCIPAL B ON A.USERID = B.ID ORDER BY A.UserName
Note the UserID.
Make a backup of your Management Reporter database and then run the following SQL statement. You must modify the statement to include the new user's Windows SID and their existing UserID.
Management Reporter CU13 or later
UPDATE Reporting.SecurityUser SET WindowsSecurityIdentifier = '<copy/paste new Windows SID>' WHERE UserID = '<paste UserId from step4>'
Management Reporter CU12 or earlier
UPDATE SecurityUser SET WindowsSecurityIdentifier = '<copy/paste new Windows SID>' WHERE UserID = '<paste UserId from step4>'
Run the following SQL statement, modifying the statement to include the new user's domain\alias.
Management Reporter 2012 CU13 or later.
UPDATE Reporting.SecurityPrincipal SET Name = '<enter new domain\alias>' WHERE ID = '<paste UserId from step4>'
Management Reporter 2012 CU12 or earlier
UPDATE SecurityPrincipal SET Name = '<enter new domain\alias>' WHERE ID = '<paste UserId from step4>'
The user should now be able to log into Management Reporter. To update the other users, select Security. Select Users and then remove the users that are unable to access Management Reporter. You can then add the users back with their new domain name.