SQL SERVER – Fix : Error : Error 15401: Windows NT user or group ‘username’ not found. Check the name again.

Fix : Error : Error 15401: Windows NT user or group ‘username’ not found. Check the name again.

This is quite a famous error and I was asked to write about it by couple of readers. The reason I was not writing about this as the solution of this error is very well explained in Book On Line. All the potential causes and their solutions are explained well here. This post/article should be considered as book mark to solution.

Refere Microsoft Help and Support : How to troubleshoot error 15401

Reference : Pinal Dave (https://blog.sqlauthority.com)

SQL Error Messages, , SQL Scripts
Previous Post
SQL SERVER – Database Coding Standards and Guidelines Complete List Download
Next Post
SQL SERVER – 2008 (Katmai) June CTP Released – Improvement Pillars – Diagram

Related Posts

24 Comments. Leave new

  • pls slove this error

    Windows NT user or group ‘username’ not found. Check the name again.

  • Hi,

    I have one suggestion, now that it works for me.
    I was unable to add a new login for a local windows user on a local sql server just because of case.
    The Sql Server management studio process would always give my user login like this : AMITY\Dave.
    In fact, the right case is Amity\Dave.

    By executing sp_grantlogin “Amity\Dave” it worked fine.

    Bad GUI tools don’t ease the use at all.


  • Hi Pinal,

    I got this err when I tried to manually change the Window group name after the physical server got renamed.

    After renaming the server, I use sp_dropserver and sp_addserver to bring SQL in sync with the new server name. Then I restart SQL Server. Everything seems to work fine. However, under Security -> Logins there are 3 groups that are prefixed by the old server name and also contain the old server name within their name (for example: oldservername\SQLServer2005SQLAgentUser$oldservername$MSSQLSERVER)

    Can you please advise how to fix it?

    I found out lots of useful information from your website.
    Thank you very much for your help!


    • Hi Alice,

      I encountered the same as yours. Then I right clicked on the name and click on rename. It seems working fine.

      Best Regards,

  • Hi, I am a new SQL server 2008 user. I like to add another user to existing window user service account in sql server 2008. as example I have a account on my name and want another account with different name. Please help.



  • hi its mike , a c# programmer . i tried to make a software that uses a data base . and i wan to apply a user management .every user see’s his data .but the table which stores data is the same for all users .one thing i hav done is to hav 1 column,in the table which stores the username .and when data is retrieved …select * from table where username =something ……. is there any method in sql server .row level sequrity .or any user management method

    thanks in advance

  • Hello Mike,

    SQL Server 2008 introduced encryption methods to encript or decrypt specific data, but incorporating that feature needs changes in data store and fetch procedurs.

    Pinal Dave

  • tnx . but some more information ….

  • Just got hit by this error and the KB above fails to help me out. I just installed SS2K8 Developer on W2K8 (64-bit) and am in the process of configuring/setting up. I can fire up Management Studio locally on the server and log in as domain admin via Windows Authentication.

    When I try to create a new login for a domain user, either through the GUI by typing it in or searching for the user via the search button, or via DDL, I get a 15401 error: “Windows NT user or group ‘\’ not found.” This is a fresh install; no logins exist except the \administrator one I added during install and the builtin ones. I was able to enumerate the domain user accounts via the Search box. I can ping the DC, the collation is CI and DNS is okay.

    Additionally, all services are running as NT AUTHORITY\NETWORK SERVICE.

    Where’s the issue? Any ideas?

    • Hi PT,

      This may be a bit late, but hopefully for the benefit of someone who is still experiencing the same problem. If you want to use Domain Credentials to login into SQL, the most consistent way I know and recommend is to have SQL Server Service running as a domain account as well. This enables the engine to read validate incoming connections to SQL Server using AD credentials. Multi-domain authentication is a bit tricky abstract in the sense that it depends on the trust between the domains.

      Check this article if you still need to run under “NT AUTHORITYNETWORK SERVICE” (they require special handing): https://support.microsoft.com/en-us/help/324321/how-to-troubleshoot-error-15401

      check the Local accounts section:

      Local (non-domain) accounts require special handling. If you are trying to add a local account from the local computer that is running SQL Server, view the following Microsoft Knowledge Base article for the correct steps:
      322988 sp_grantlogin “NT AUTHORITYSYSTEM” fails on Microsoft Windows NT 4.0
      To add the Local System Account as a SQL Server login on Windows NT 4.0, view the procedure in the article Q322988 in the Microsoft Knowledge Base.
      When you add predefined local groups, you must use BUILTIN as the domain.
      For more information, click the following article number to view the article in the Microsoft Knowledge Base:
      216808 Use BUILTINGroup to grant access to predefined Windows NT groups
      back to the top
      Name resolution

      If you have problems resolving the name of a computer that is involved in adding the login or group, you might receive error 15401.

      Verify that your name resolution mechanism (such as, WINS, DNS, HOSTS or LMHOSTS) is configured correctly.

      Hope this helps.

  • I’m using Windows Server 2008 and SQL Server 2008 – no windows domain. I encountered same error using GUI and i found workaround that work by usin CREATE LOGIN command.

    CREATE LOGIN ‘machine_nameuser’ WINDOWS

    here documentation:

  • I have also found that the GUI will deny the ability to create a user and throws this error when attempting to create a user with a space after the username.

  • When 2008 Server R2 is member of a Win2k Domain, than could be held this Hotfix


  • Can I connect to an SQL Server Instance hosted on a distant Windows XP machine ? Or shoud I always use a windows Server ?

  • …”This is quite a famous error” … “The reason I was not writing about this as the solution of this error is very well explained in Book On Line. ” …aha

    Still a “famous error”!

    Try to install an application via WebMatrix. Doesn’t work… lost hours (maybe I’m to stupid). But… I’m sure… somehow it would/should work…?!?!

    Would be very nice, if all(!) such “errors” or “babels” would be damned finally!

    Please begin to think from the “newbie” an not from you as a DB-expert because I don’t want/can’t “fight” to make a DB (SQL-Express) working.

  • Also had this problem when using TFS labs (HYperV). The SQL server 2008 VM simply would not add any domain users, despite deleting the computer account and readding to the domain, however I noticed some other unusual behaviour such as logging in with another domain admin created the user profile, but the user did not have any admin permissions on the server, yet on another server in the environment it all worked as expected. In the end I found the problem to be computer SID duplication and therefore required a Sysprep (WITH GENERALIZE OPTION) and then it all worked fine after readding the computer back to the domain (with its new SID). Windows requires activation again but not a big deal.

  • The fix I found for my case, was that the Login was in a different domain that the server, i ran ipconfig /all , noticed the DNS primary suffix and the DNS Suffix search list, and found that the domain to which the account belongs was not listed, so I added those domains to the windows IP config, and afterwards SQL server was able to find the login.

  • Dear sir,

    I am using 2008 std edition, i have live my server with SQl 2000 .
    After a 3 to 4 hrs its show an error” WIndows Nt services stop” .
    Can any body tell me why we are facing these issue.

  • It would be nice if there was some explanation as to how SQL server determine whether the user specified in “CREATE LOGIN” is a Windows user or not. We just had a subset of users’ names changed. I have tried using “Alter Login with name = ” That works for some users, but does not work for others. I search for users in activie directory and their account names have all been changed there. Previous versions of SQL server allowed you to search the sys procs to determine how it was deciding if a user was a Windows user or not – i.e. functions like Is_wintuser or something like that. At this point, since all of that is hidden, I’m at a lost to debug this.

    • Forgot to add that this is only a problem on one server. For the names that fail with error 15401 (Windows NT User or Group not found) on this one server, those names were able to be changed on 3 other servers without a problem. The only difference is that this server is part of a cluster. What doesn’t make sense in this case though is that some of the names on this cluster were able to be changed without a problem.

  • Lakshminarasu Chenduri
    December 19, 2012 2:16 pm

    Hi Pinal, I am trying to understand this specific problem:

    – I was having users from multiple regions to be added to my Windows AD Group and add them in SQLServer as a login and grant access to the group.

    – My windows admin created a domain group and 3 sub groups as local group
    and added the 3 subgroups under the domain group – he called them the members of the domain group.

    – When I tried to grant access to the Domain group, I was expecting the privileges to get cascaded to the local groups under Domain group

    – I saw that none of the users were having access.

    Hence we stared adding each of the subscribers under the SQLServer as a separate login.

    Can you please explain how this works exactly ? – Should granting access / role to a domain group be sufficed for giving access to users ?

  • Hi Pinal,

    I came across this error, and found that in AD when a new account is created (yes I waited 15 minutes for replication) there may be times when the name resolves, but you still get this 15401 error. In my case this happened because there was enough information to view the account, but it took longer to replicate the rest of the account’s metadata so the account could not be fully validated. So while I was researching the error (perhaps another 10 minutes into the search), I tried again and it worked…

    So if this case sounds similar to anyone, work with your AD Administrator and check if your replication has gone full circle or give it just a little more time.

    Kind Regards,


Leave a Reply