Sql Server Change Password Query

[Evelyn Normington]

ENABLEDISABLEEnables or disables this login. Disabling a login does not affect the behavior of logins that are already connected. (Use the KILL statement to terminate an existing connections.) Disabled logins retain their permissions and can still be impersonated.

When a login (or a contained database user) connects and is authenticated, the connection caches identity information about the login. For a Windows Authentication login, this includes information about membership in Windows groups. The identity of the login remains authenticated as long as the connection is maintained. To force changes in the identity, such as a password reset or change in Windows group membership, the login must logoff from the authentication authority (Windows or SQL Server), and log in again. A member of the sysadmin fixed server role or any login with the ALTER ANY CONNECTION permission can use the KILL command to end a connection and force a login to reconnect. SQL Server Management Studio can reuse connection information when opening multiple connections to Object Explorer and Query Editor windows. Close all connections to force reconnection.

HASHEDApplies to SQL Server logins only. Specifies that the password entered after the PASSWORD argument is already hashed. If this option is not selected, the password is hashed before being stored in the database. This option should only be used for login synchronization between two servers. Do not use the HASHED option to routinely change passwords.

OLD_PASSWORD ='oldpassword'Applies only to SQL Server logins. The current password of the login to which a new password will be assigned. Passwords are case-sensitive.

DEFAULT_LANGUAGE =languageSpecifies a default language to be assigned to the login. The default language for all SQL Database logins is English and cannot be changed. The default language of the sa login on SQL Server on Linux, is English but it can be changed.

NAME = login_nameThe new name of the login that is being renamed. If this is a Windows login, the SID of the Windows principal corresponding to the new name must match the SID associated with the login in SQL Server. The new name of a SQL Server login cannot contain a backslash character (\).

CHECK_POLICY = OFF Applies only to SQL Server logins. Specifies that the Windows password policies of the computer on which SQL Server is running should be enforced on this login. The default value is ON.

CREDENTIAL = credential_nameThe name of a credential to be mapped to a SQL Server login. The credential must already exist in the server. For more information, see Credentials. A credential cannot be mapped to the sa login.

DROP CREDENTIALRemoves an Extensible Key Management (EKM) provider credential from the login. For more information, see [Extensible Key Management (EKM)] (../.. /relational-databases/security/encryption/extensible-key-management-ekm.md).

In SQL Database, login data required to authenticate a connection and server-level firewall rules are temporarily cached in each database. This cache is periodically refreshed. To force a refresh of the authentication cache and make sure that a database has the latest version of the logins table, execute DBCC FLUSHAUTHCACHE.

If the login that is being changed is a member of the sysadmin fixed server role or a grantee of CONTROL SERVER permission, also requires CONTROL SERVER permission when making the following changes:

Continuously active connections to SQL Database require reauthorization (performed by the Database Engine) at least every 10 hours. The Database Engine attempts reauthorization using the originally submitted password and no user input is required. For performance reasons, when a password is reset in SQL Database, the connection will not be re-authenticated, even if the connection is reset due to connection pooling. This is different from the behavior of on-premises SQL Server. If the password has been changed since the connection was initially authorized, the connection must be terminated and a new connection made using the new password. A user with the KILL DATABASE CONNECTION permission can explicitly terminate a connection to SQL Database by using the KILL command. For more information, see KILL.

login_nameSpecifies the name of the SQL Server login that is being changed. Microsoft Entra logins must be specified as user@domain. For example, john....@contoso.com, or as the Microsoft Entra group or application name. For Microsoft Entra logins, the login_name must correspond to an existing Microsoft Entra login created in the master database.

ENABLE DISABLEEnables or disables this login. Disabling a login does not affect the behavior of logins that are already connected. (Use the KILL statement to terminate an existing connection.) Disabled logins retain their permissions and can still be impersonated.

PASSWORD ='password'Applies only to SQL Server logins. Specifies the password for the login that is being changed. Passwords are case-sensitive. Passwords also do not apply when used with external logins, like Microsoft Entra logins.

NAME = login_nameThe new name of the login that is being renamed. If the login is a Windows login, the SID of the Windows principal corresponding to the new name must match the SID associated with the login in SQL Server. The new name of a SQL Server login cannot contain a backslash character (\).

3a8082e126