It’s always good to know what users have access to your SQL instances but when it comes to Active Directory users and groups it can quickly become complicated and you might not know who has access at any given time.
Requests can come in for you to provide access to a user, but how can you identify if that user might already have some level of access?
That’s where xp_logininfo comes to the rescue!
This extended stored procedure will check to see if your user does actually have access and give you the relevant information associated. Just call the proc with the name of the user account:
As you can see it told me that the account I passed in is a user, it has admin level privileges on the server and that the access for the account is provided via the awesomesauce\DBAs group.
Wouldn’t it be great to see what other accounts also have access permissions via that group? Well xp_logininfo can do that for you too. By passing the group name along with the extra parameter of members you can get a list of group members':
This is a nice quick and easy way to see who has access on your systems via group membership.