functions/Test-DbaConnectionAuthScheme.ps1

Function Test-DbaConnectionAuthScheme
{
<#
.SYNOPSIS
Returns the transport protocol and authentication scheme of the connection. This is useful to determine if your connection is using Kerberos.
     
.DESCRIPTION
By default, this command will return the ConnectName, ServerName, Transport and AuthScheme of the current connection.
     
ConnectName is the name you used to connect. ServerName is the name that the SQL Server reports as its @@SERVERNAME which is used to register its SPN. If you were expecting a Kerberos connection and got NTLM instead, ensure ConnectName and ServerName match.
 
If -Kerberos or -Ntlm is specified, the $true/$false results of the test will be returned. Returns $true or $false by default for one server. Returns Server name and Results for more than one server.
     
.PARAMETER SqlServer
The SQL Server that you're connecting to.
     
.PARAMETER Kerberos
Returns $true if the connection is using Kerberos, $false if other
 
.PARAMETER Ntlm
Returns $true if the connection is using NTLM, $false if other
     
.PARAMETER Detailed
Show a detailed list (SELECT * from sys.dm_exec_connections WHERE session_id = @@SPID)
 
.PARAMETER SqlCredential
Allows you to login to servers using SQL Logins as opposed to Windows Auth/Integrated/Trusted. To use:
   
$scred = Get-Credential, then pass $scred object to the -SqlCredential parameter.
  
Windows Authentication will be used if SqlCredential is not specified. SQL Server does not accept Windows credentials being passed as credentials. To connect as a different Windows user, run PowerShell as that user.
 
.NOTES
Tags: SPN
dbatools PowerShell module (https://dbatools.io, clemaire@gmail.com)
Copyright (C) 2016 Chrissy LeMaire
 
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 
You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.
 
.LINK
https://dbatools.io/Test-DbaConnectionAuthScheme
 
.EXAMPLE
Test-DbaConnectionAuthScheme -SqlServer sqlserver2014a, sql2016
 
Returns ConnectName, ServerName, Transport and AuthScheme for sqlserver2014a and sql2016.
 
.EXAMPLE
Test-DbaConnectionAuthScheme -SqlServer sqlserver2014a -Kerberos
 
Returns $true or $false depending on if the connection is Kerberos or not.
     
.EXAMPLE
Test-DbaConnectionAuthScheme -SqlServer sqlserver2014a -Detailed
 
Returns the results of "SELECT * from sys.dm_exec_connections WHERE session_id = @@SPID"
     
#>

    [CmdletBinding()]
    [OutputType("System.Collections.ArrayList")]
    Param (
        [parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [Alias("ServerInstance", "SqlInstance")]
        [string[]]$SqlServer,
        [Alias("Credential", "Cred")]
        [System.Management.Automation.PSCredential]$SqlCredential,
        [switch]$Kerberos,
        [switch]$Ntlm,
        [switch]$Detailed
    )
    
    BEGIN
    {
        $collection = New-Object System.Collections.ArrayList
    }
    
    PROCESS
    {
        foreach ($servername in $SqlServer)
        {
            try
            {
                Write-Verbose "Connecting to $servername"
                $server = Connect-SqlServer -SqlServer $servername -SqlCredential $SqlCredential
                
                if ($server.versionMajor -lt 9)
                {
                    Write-Warning "This command only supports SQL Server 2005 and above. Skipping $servername and moving on."
                    continue
                }
                
                if ($detailed -eq $true)
                {
                    $sql = "SELECT @@SERVERNAME AS ServerName, * from sys.dm_exec_connections WHERE session_id = @@SPID"
                }
                else
                {
                    $sql = "SELECT @@SERVERNAME AS ServerName, net_transport, auth_scheme from sys.dm_exec_connections WHERE session_id = @@SPID"
                }
                
                Write-Verbose "Getting results for the following query: $sql"
                $results = $server.ConnectionContext.ExecuteWithResults($sql).Tables
            }
            catch
            {
                Write-Warning "$_ `nMoving on"
                continue
            }
            
            if ($detailed -eq $true)
            {
                $null = $collection.Add($results.rows)
            }
            else
            {
                $null = $collection.Add([PSCustomObject]@{
                    ConnectName = $servername
                    ServerName = $results.ServerName
                    Transport = $results.net_transport
                    AuthScheme = $results.auth_scheme
                })
            }
        }
    }
    
    END
    {
        
        if ($Detailed -eq $true -or ($Kerberos -eq $false -and $Ntlm -eq $false))
        {
            return $collection
        }
        
        # Check if they specified auths
        $auths = 'Kerberos', 'NTLM'
        foreach ($auth in $auths)
        {
            $value = (Get-Variable -Name $auth).Value
            
            if ($value -eq $true)
            {
                if ($collection.Count -eq 1)
                {
                    return ($collection.AuthScheme -eq $auth)
                }
                else
                {
                    $newcollection = @()
                    foreach ($server in $collection)
                    {
                        $newcollection += [PSCustomObject]@{
                            Server = $server.ConnectName
                            Result = ($server.AuthScheme -eq $auth)
                        }
                    }
                    return $newcollection
                }
            }
        }
    }
}