Run SSMS as a domain user on a different domain

Like a lot of companies that use Windows, my PC is connected to a domain and this is great when I’m connecting to the companies SQL Servers using Windows Credentials in SSMS because it “just works”™.

But sometimes I need to VPN to another domain and connect to SQL Servers on the other domain using Windows Credentials. SSMS doesn’t have an option for this so how do you do it?

Quite a few people have already blogged about this, however none of their methods worked for me going across domains. The problem is that my local computer can’t launch SSMS using remote credentials, because my PC doesn’t trust them.

When I thought all was lost I stumbled across an answer on dba.stackexchange by Aaron Bertrand. Basically you need to use the runas command with the /netonly parameter. This will launch SSMS using your current credentials, but any network traffic will appear as if it’s coming from the specified user. On my PC I need to run the following from a command window, or from the run menu:

runas /netonly /user:RemoteDomain\Greg.Dodd "C:Program Files (x86)Microsoft SQL Server130ToolsBinnManagementStudiossms.exe"

I could make this into a shortcut if I used it regularly. When I run this command I’m prompted to enter the password for the remote domain. Once I do that SSMS will be started:

It looks wrong…

You can see that the User name field is still disabled and still has my normal domain. If you look at Task Manager you can confirm that SSMS is running under my normal Dodd domain credentials.

However, when I connect to the remote server, magic happens and SSMS connects to the remote server on the remote domain using the credentials of the remote domain!

2 thoughts on “Run SSMS as a domain user on a different domain

Add yours

  1. There is a far simpler solution. Register the connection using Registered Servers. Boom. Mind exploded?
    The only downside is if you open SQL Server profiler, it will remember the connection UNTIL you close the default trace.

    Like

  2. John – I use Registered Servers frequently, but how do you edit the username and password for Windows Authentication? It’s always disabled for me and uses the credentials that SSMS is running as.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a website or blog at WordPress.com

Up ↑