I don’t know about you but, very few companies I have worked for in the last 10 years have had only 1 domain for me to support. At the very least you might get 2 or 3 to separate out prod, uat and dev. The companies I have worked for though have been growth through acquisition. Rarely do the old domains ever go away. Sometimes you are lucky and they all trust each other and you only need 1 account to log onto each of those domains. Usually you have 1 or 2 that don’t have any trust and usually that means you have to RDP into the servers to do anything because you can’t use management studio from your local machine.
That is not strictly true, barring firewalls preventing you from getting to the servers I am going to show you how to trick SSMS into thinking it is someone else. If there is trust between domains and your account in the other domain is allowed to be used on your local machine, then that is easy you shift right click on your SSMS icon and do a run as different user.
Let’s be honest though when is it ever that easy. So the first thing we need is the command to use:
C:\Windows\System32\runas.exe /netonly /user:bz\bzugg “C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe”
You can see we are doing a runas command but we are specifying the switch /netonly which according to the help for runas:
Next we give it the domain and the user account followed by the path and exe to run. Notice we are not storing the password, which is a glorious sacrifice to the Info Sec gods and brings them much happiness. So where to place this mystical command? I copy the shortcut to SSMS to my desktop that way I don’t mess up any of the standard shortcuts. The normal shortcut looks like this:
Once we have it copied to the desktop we can right click on it and go to properties.
Once we are in properties we are going to add this part to the being of what is already in the target. Be sure to leave a space after the user.
C:\Windows\System32\runas.exe /netonly /user:bz\bzugg
Once you have added the runas command then click ok. You will now see that the icon for this SSMS shortcut has changed.
And now when you run your edited shortcut it prompts you for your password.
Type your password for your account and hit enter. I will warn you that it may take longer to load and connect to servers but the trade off maybe worth it. For instance if you can’t copy and paste scripts via RDP or you have to pass it through several file-share servers to get it to all your target servers, this could be really helpful.
One other word of warning once you have connected it will look like you are connected with the account you have logged into your local machine with.
But if you run:
select distinct login_name from sys.dm_exec_sessions
You will see that you are actually connected with the account you specified in the runas command.
I hope this helps calm some of the insanity that torments the multiple domains that we all deal with.