I had a need recently to restore a production SCCM backup into a lab environment in order to perform some tests. I built a domain and site system servers using the same names as production, and was able to restore the SCCM backup, using the “Recover a site” option. Then I went to log in (using an account of the same name from my production environment) and was greeted with an error implying that I didn’t have permission to access the database.
Here’s what I did to grant myself access:
- Open SQL Management Studio and execute the following query
use CM_%Site_Code%
select AdminID,AdminSID,LogonName,DisplayName from RBAC_Admins
Where %Site_Code% is the three letter site code
- In the results, I located the line that contained the information for the username I was using. I made note of the AdminID. I then needed to update the AdminSID with new information (since it was a new domain, after all)
- Opening ADSIEdit.msc, I located the user object I was logging in with, and opened the properties.
- In the properties, I opened the objectSID attribute and copied the value in hexadecimal format, pasted it into notepad and removed the spaces
- Then, I ran this query
use CM_%Site_Code%
update RBAC_Admins
set AdminSID=0x010500000000000515000000B92ACD62A473F62D825A8A49EA0D0100
where AdminID=%Old_Admin_AdminID%
Where %Old_Admin_AdminID% is the AdminID of the record located earlier, and the AdminSID is the Hexadecimal value from ADSIEdit
I was then able to log into the SCCM Console
Shane Skriletz, PEI
Hi,
Thanks for your blog. we were able to restore SCCM on a new domain.
Thanks again it really helped.
Regards,
sccmadm