You may see the following error when you add a Microsoft Windows NT user or a Microsoft Windows NT group as a login to Microsoft SQL Server, or when you move logins from a server in one domain to a server in a different domain:
Error 15401: Windows NT user or group '%s' not found. Check the name again.
This step-by-step article discusses potential causes of the error and how to troubleshoot this problem.
The login does not exist
- Verify that the Windows login still exists in the domain. Your network administrator may have removed the Windows login for specific reasons, and you may not be able to grant that login access to the SQL Server.
- Verify that you are spelling the domain and login name correctly and that you are using the following format:
- If the login exists, and it is correct, and you still receive the error, continue with the following sections in this article.
Duplicate security identifiers
In a Windows domain, unique Security Identifiers (SIDs) are automatically assigned to Windows logins in the domain. When you add a Windows login as a SQL Server login, the SID is stored in a system table in SQL Server. If you try to add a new login which has the same SID as an existing SQL Server login, the 15401 error occurs.
In SQL Server 2005, duplicate SIDs are not allowed.
- To determine if this is the cause of your error, run the following code against the Master database while you are logged on to SQL Server as a member of the sysadmin role:
SELECT name FROM syslogins WHERE sid = SUSER_SID ('YourDomain\YourLogin')
- If a row is returned from this query, a duplicate SID is the cause of your problem.
- One potential cause of this scenario is loading a master database from a server in another domain. One of the logins in that domain may have had the same SID as the login that you are trying to add in this domain. This might also occur in an environment where you have clone or ghost systems.
- You must use sp_revokelogin to drop the login with the matching SID, or, to keep the existing logins, correctly map the logins from the old domain to logins in the new domain.
For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
How to move databases between computers that are running SQL Server
You might receive error 15401 when the domain controller for the domain where the login resides (the same or a different domain) is not available for some reason.
- If the login is in a different domain than the SQL Server, verify that the correct trusts exist between the domains.
- Verify that the domain controller of the login is accessible by using the ping command from the computer that is running SQL Server. Check both the IP address and the name of the domain controller.
For more information about ping command, click the following article number to view the article in the Microsoft Knowledge Base:
How to troubleshoot TCP/IP connectivity with Windows 2000 or Windows NT
You may be experiencing case-sensitivity problems, which are described in the following Microsoft Knowledge Base articles:
Case-sensitive Unicode collating sequence and Windows NT logins
In this case, use the sp_configure
stored procedure to determine if the sort order or collation of your instance of SQL Server is case sensitive. If the server is case-sensitive, follow the steps in the referenced article (Q245768) to successfully add the login.
FIX: "Windows NT user or group 'Domain_name\User_name' not found" error message when you add a login to a case-sensitive SQL Server 2008 instance
In this situation, an issue occurs when you try to add a Microsoft Windows NT user or group as a login to SQL Server 2008. If the server is case-sensitive, see the "Resolution" section in update 2770837.
Local (non-domain) accounts require special handling. If you are trying to add a local account from the local computer that is running SQL Server, view the following Microsoft Knowledge Base article for the correct steps:
sp_grantlogin "NT AUTHORITY\SYSTEM" fails on Microsoft Windows NT 4.0
- To add the Local System Account as a SQL Server login on Windows NT 4.0, view the procedure in the article Q322988 in the Microsoft Knowledge Base.
- When you add predefined local groups, you must use BUILTIN as the domain.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Use BUILTIN\Group to grant access to predefined Windows NT groups
If you have problems resolving the name of a computer that is involved in adding the login or group, you might receive error 15401.
Verify that your name resolution mechanism (such as, WINS, DNS, HOSTS or LMHOSTS) is configured correctly.