14,494 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 30%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
You can use AD authentication with contained databases. Just add the windows user/group as a user to the database. That's it!
Was that your question?
Contained database users with alwayson
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 42%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Ashwan
536
Reputation points
We have SQL server 2016 SP2 with contained database with contained users . so Planing to plug in to AG group . As per the micosoft says benifit of using Contained database which not tie up with logins .
My concerns is this.
Q1. Contained user passwords stored in the database level . In this setup let say aplication user (what ever) is connected to contained database user contaied user and password also need to store somewhrere system files in application layer .if change the passwrod in DB side, then need to change the application system files accordintly .
I am not sure how its works smoothly on single signe on setup .
If we use AD accounts logins smoth ways of authentiction provision .
secondly , if compay wish to progress with on prem / cloud integration great to have AD logins with Azure AD.
There fore what your thoughts of having contained database user is going be not a good idea
any one have idea please
thanks
SQL Server Other
{count} votes
-
CathyJi-MSFT 22,396 Reputation points Microsoft External Staff2020-10-26T01:20:22.21+00:00 Hi @Ashwan ,
Any update for this thread? Did the reply could help you? If the response helped, do "Accept Answer".
Best regards,
Cathy
Sign in to comment
3 answers
Sort by: Most helpful
-
-
CathyJi-MSFT 22,396 Reputation points Microsoft External Staff
2020-10-23T09:07:00.157+00:00 Hi @Ashwan ,
SQL Server supports contained database users for both Windows and SQL Server authentication. If you want to use AD login.
- Create AD user
- ---Create ContainedDB sp_configure 'contained database authentication', 1;
GO
RECONFIGURE ;
GO USE [master]
GO
ALTER DATABASE ContainedDB SET CONTAINMENT = PARTIAL
GO - ---Create Contained user (Windows Authentication)
USE ContainedDB;
GO
CREATE USER [CONTOSO\Containeduser];
GO - Run SSMS as AD user
- Connect to Contained database
Azure SQL database supports Azure Active Directory identities as contained database users.
Please refer to the MS document the differences and benefits of using the contained database model compared to traditional login/user model.
Best regards,
Cathy
If the response is helpful, please click "Accept Answer" and upvote it.
-
Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator2020-10-23T22:23:31.003+00:00 As Tibor says, you can have contained AD Users. Should you have it? If you typically grant permissions through AD groups, there may be little point in it, as you could grant these logins access to all servers for the AG. I would guess that this is something you typically do once.
On the other hand, if you grant access to each individual AD user, which I would assume is something that happens about daily, contained users gives you the advantage that you only need to add them once to the database.