Unless you've got a well-defined strategy to manage SQL Server logins and database users via Active Directory groups (as I usually recommend when setting up SQL Server security), you're going to eventually find yourself in a situation where you'll need to clean up logins that don't have access to any database and database users that don't have an associated login. Usually, I find this in new clients where, after cleaning up database maintenance practices, security is the next step in getting things under control.
↧