How to resolve, the server principal owns one or more availability group(s) and cannot be dropped?

by

This article about,

How to resolve, the server principal owns one or more availability group(s) and cannot be dropped?

What is availability group?

Availability Groups are a feature in Microsoft SQL Server that provide high-availability and disaster recovery for user databases. They were introduced in SQL Server 2012 as a database-level solution, allowing multiple databases to failover as a single entity.

An Availability Group comprises a set of synchronized user databases that can fail over together to a secondary replica in case the primary replica fails. It includes multiple replicas, such as one primary replica and one or more secondary replicas. The primary replica serves as the primary read-write database, while the secondary replicas are used for read-only operations or as failover targets in case of a disaster. Availability Groups offer both automatic and manual failover options and provide a robust and flexible solution for high-availability and disaster recovery for SQL Server databases.

To configure availability group, you need to create endpoints and grant permission to endpoints to user which getting used to configure availability group.

If you have requirement to drop the user which getting used in availability group then drop login will give below error

USE [master]
GO

DROP LOGIN [sa]
GO
--Error message
Msg 15141, Level 16, State 1, Line 8 

The server principal owns one or more availability group(s) and cannot be dropped.

How to resolve, the server principal owns one or more availability group(s) and cannot be dropped?

So to drop the login which is getting used by endpoint of one or more availability group(s), you need to check endpoint permission of login using below script.

Check endpoint permission owned by sa login. 

USE [master] 
GO 
SELECT pm.class, pm.class_desc, pm.major_id, pm.minor_id,  
   pm.grantee_principal_id, pm.grantor_principal_id,  
   pm.[type], pm.[permission_name], pm.[state],pm.state_desc,  
   pr.[name] AS [owner], gr.[name] AS grantee 
FROM sys.server_permissions pm  
   JOIN sys.server_principals pr ON pm.grantor_principal_id = pr.principal_id 
   JOIN sys.server_principals gr ON pm.grantee_principal_id = gr.principal_id 
WHERE pr.[name] = N'sa'; 

Once you found the endpoint permission you need to change endpoint permission to other SQL Login. If you are using service account as AD user then map it to SQL Service account.

Run this query to change endpoint permission to SQL service account. Change Service account as per customer and environment. 

USE [master] 
GO 
ALTER AUTHORIZATION ON ENDPOINT::Hadr_Endpoint TO [PRD\SvcSQLAgent]; 
GO

Once you remove endpoint permission you can drop user with below command and recreate it if required.

USE [master]
GO

DROP LOGIN [sa]
GO

--Command executed successfully

You can map endpoint permission again post re creation of login.

1 thought on “How to resolve, the server principal owns one or more availability group(s) and cannot be dropped?”

  1. Pingback: microsoft sql server error 1412 always on | Always on Error - The remote copy of database “DB Name” has not been rolled forward to a point in time that is encompassed in the local copy of the database log. - omkarclouddba.tech

Leave a Comment