How to Add Domain Admins to SQL Server

Step 1:

Right-click Start > Search > type in ‘ssms.exe’ > right-click Microsoft SQL Server Management Studio > Run as Administrator

Authenticate using an sa account > New Query > paste this line:

/* Adding Principle into SQL sysadmin role */
exec sp_addsrvrolemember 'whatDomain\Domain Admins', 'sysadmin';

Observe a result similar to this:

Commands completed successfully.
Completion time: 2012-09-03T18:42:58.1788611-07:00

That’s it. There is no ‘Step 2.’ Fin.

# Alternative Method via PowerShell
$domainAdmins="$env:USERDOMAIN\Domain Admins"

import-module sqlps
    if($sa -and $saPassword){
        invoke-sqlcmd -username $sa -password $saPassword -Query "exec sp_addsrvrolemember '$domainAdmins', 'sysadmin'"
        invoke-sqlcmd -Query "exec sp_addsrvrolemember '$domainAdmins', 'sysadmin'"
    write-warning $_

Alternative Graphical Interface Method:

Run Microsoft SQL Server Management Studio (ssms.exe) > authenticate as an sa > navigate to [Server Named Instance] > Security > right-click Logins > New Logins > set Login Name = YOURDOMAIN\Domain Admins & select ‘Windows authentication’

Click on Server Roles > put a check mark next to ‘sysadmin’ > click OK

Visually verify that ‘Domain Admins’ has been added to the security group


A member of the Domain Admins group could not logon to SQL Server even though such group has been granted the ‘sysadmin’ role on such database machine.


By default, Windows User Access Control (UAC) will associate the run-time of an un-elevated instance of SQL Server Management Studio in the context of a regular user, not ‘BUILTIN\Administrators’. To ensure that the GUI is initiated in the Admin contexts, one must right-click SSMS > select Run as Administrator. On then would members of the Domain Admins be granted access.

Leave a Reply

Your email address will not be published. Required fields are marked *