About credentials used with SQL Server Intelligent Policy
SQL Server instances or replicas must be registered with Windows credentials that have the proper permissions to perform backup and restore operations. Intelligent Policy supports Windows authentication and Windows Active Directory authentication. It does not support Mixed Mode or SQL Server authentication. Credentials are not supported at the database or the availability group level.
Table: Options to register credentials
Option to register credentials | Environment and configuration |
|---|---|
|
Use these specific credentials (recommended) |
The user account that is used to register credentials must have the SQL Server "sysadmin" role and be a member of the Windows Administrators group. The services can use the Local System logon account. If you want to use a different logon account, that account must also have certain local security privileges. See Configuring the services for SQL Server backups and restores. |
Use credentials that are defined locally on the client |
The user account that is used to register credentials must have the SQL Server "sysadmin" role and be a member of the Windows Administrators group. You must also configure the logon account for the services. See Configuring the services for SQL Server backups and restores. |
Add to group and register using group credentials | You want to be able to do one or more of the following:
See Registering instances or availability replicas with an instance group. |
Command line |
|
The following requirements apply when you use the option for registration:
The user must have the SQL Server "sysadmin" role.
The user must be a member of the Windows Administrators group.
The logon account for the Client Service and the Legacy Network Service can be either the SQL System administrator or Local System. The services do not have to use the same logon account.
See Configuring the services for SQL Server backups and restores.
The logon account for the Client Service and the Legacy Network Service must have the privileges to and .
When you use the option for registration, uses the credentials for the user that installed . The following requirements apply with this option:
The user must have the SQL Server "sysadmin" role.
The user must be a member of the Windows Administrators group.
The logon account for the Client Service and the Legacy Network Service can be either the SQL System administrator or Local System. The services must use the same logon account.
See Configuring the services for SQL Server backups and restores.
To register an instance or replica from the command line, the following configuration is required:
The administrator must authorize the nbsqladm command for a specific DBA or user on a specific host.
On the master server, use nbsqladm to authorize the user:
nbsqladm [-S master_server] -add_dba host_name user_name
If you have multiple NICs, authorize the DBA using the private interface name of the SQL Server host.
For a SQL Server cluster, authorize the DBA for each node in the cluster. (Do not authorize a DBA using the virtual name of the SQL Server cluster.) For the -host name provide one of the node names in the SQL Server cluster.
For a SQL Server cluster with multiple NICs, authorize the DBA using the private interface name for each of the nodes in the SQL Server cluster.
Once a DBA is authorized to use the nbsqladm command, the DBA can register instances with the local credentials (-local_credentials) or other specific credentials (-user name -domain name).
For complete details on the nbsqladm command, see the Commands Reference Guide.
When discovers a SQL Server cluster, it adds a single entry in the Applications utility. This instance represents all nodes in the cluster. The host name is the virtual name of the SQL Server cluster. When you register this instance validates the credentials on the active node. The credentials must be valid for all nodes in the cluster.
When discovers a SQL Server host that uses multiple NICs, it adds an entry using the client name in the Applications utility. If you installed the client using the public interface name, you must configure the client name as the private interface name. Then register the instance with its private interface name. For a SQL Server cluster that uses multiple NICs, add and register the instance with the private virtual name of the SQL Server cluster.
See Configuring the client with the private interface name.
See the for SQL Server Administrator's Guide or ask your administrator for assistance.
discovers and displays failover cluster instances (FCIs) under the cluster name and the physical node names. For example, instance FCI is enumerated with both its physical nodes hostvm10 and hostvm11 and with its cluster name sql-fci. Databases that exist for FCIs are also enumerated with the node names and the cluster name. Depending on how you want to protect a database, add credentials to either the cluster name (that are valid for all nodes) or to a physical node name.
After you add credentials, validates the credentials, marks the instances as registered, and adds the instances to the database. requests detailed information about the instances or replicas from the client and displays it in the or nodes.
For a SQL Server cluster or if an availability group instance is part of SQL Server cluster, validates the credentials on the active node. The credentials must be valid for all nodes in the cluster. For a SQL Server availability group, replicas are registered and validated individually. Note that the registered date reflects the date and time the credential was added or updated and does not indicate if the credentials are valid.