functions/Test-DbaJobOwner.ps1

function Test-DbaJobOwner {
    <#
        .SYNOPSIS
            Checks SQL Agent Job owners against a login to validate which jobs do not match that owner.
 
        .DESCRIPTION
            This function checks all SQL Agent Jobs on an instance against a SQL login to validate if that login owns those SQL Agent Jobs or not.
 
            By default, the function checks against 'sa' for ownership, but the user can pass a specific login if they use something else.
             
            Only SQL Agent Jobs that do not match this ownership will be displayed, but if the -Detailed switch is set all SQL Agent Jobs will be returned.
 
            Best practice reference: http://sqlmag.com/blog/sql-server-tip-assign-ownership-jobs-sysadmin-account
 
        .PARAMETER SqlInstance
            Specifies the SQL Server instance(s) to scan.
             
        .PARAMETER SqlCredential
            Allows you to login to servers using SQL Logins instead of Windows Authentication (AKA Integrated or Trusted). To use:
 
            $scred = Get-Credential, then pass $scred object to the -SqlCredential parameter.
 
            Windows Authentication will be used if SqlCredential is not specified. SQL Server does not accept Windows credentials being passed as credentials.
 
            To connect as a different Windows user, run PowerShell as that user.
 
        .PARAMETER Job
            Specifies the job(s) to process. Options for this list are auto-populated from the server. If unspecified, all jobs will be processed.
         
        .PARAMETER ExcludeJob
            Specifies the job(s) to exclude from processing. Options for this list are auto-populated from the server.
         
        .PARAMETER Login
            Specifies the login that you wish check for ownership. This defaults to 'sa' or the sysadmin name if sa was renamed. This must be a valid security principal which exists on the target server.
 
        .PARAMETER Detailed
            If this switch is enabled, a list of all jobs and whether or not their owner matches Login is returned.
 
        .PARAMETER EnableException
            By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
            This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
            Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
             
        .NOTES
            Tags: Agent, Job, Owner
            Author: Michael Fal (@Mike_Fal), http://mikefal.net
 
            Website: https://dbatools.io
            Copyright: (C) Chrissy LeMaire, clemaire@gmail.com
            License: GNU GPL v3 https://opensource.org/licenses/GPL-3.0
 
        .LINK
            https://dbatools.io/Test-DbaJobOwner
 
        .EXAMPLE
            Test-DbaJobOwner -SqlInstance localhost
 
            Returns all databases where the owner does not match 'sa'.
 
        .EXAMPLE
            Test-DbaJobOwner -SqlInstance localhost -Login DOMAIN\account
 
            Returns all databases where the owner does not match DOMAIN\account. Note
            that Login must be a valid security principal that exists on the target server.
    #>

    [CmdletBinding()]
    [OutputType('System.Object[]')]
    param (
        [parameter(Mandatory = $true, ValueFromPipeline = $true)]
        [Alias("ServerInstance", "SqlServer")]
        [DbaInstanceParameter[]]$SqlInstance,
        [PSCredential]$SqlCredential,
        [Alias("Jobs")]
        [object[]]$Job,
        [object[]]$ExcludeJob,
        [Alias("TargetLogin")]
        [string]$Login,
        [switch]$Detailed,
        [switch][Alias('Silent')]$EnableException
    )

    begin {
        #connect to the instance and set return array empty
        $return = @()
    }
    process {
        foreach ($servername in $SqlInstance) {
            #connect to the instance
            Write-Message -Level Verbose -Message "Connecting to $servername."
            $server = Connect-SqlInstance $servername -SqlCredential $SqlCredential

            #Validate login
            if ($Login -and ($server.Logins.Name) -notcontains $Login) {
                if ($SqlInstance.count -eq 1) {
                    Stop-Function -Message "Invalid login: $Login."
                    return
                }
                else {
                    Write-Message -Level Warning -Message "$Login is not a valid login on $servername. Moving on."
                    continue
                }
            }
            if ($Login -and $server.Logins[$Login].LoginType -eq 'WindowsGroup') {
                Stop-Function -Message "$Login is a Windows Group and can not be a job owner."
                return
            }

            #sql2000 id property is empty -force target login to 'sa' login
            if ($Login -and ( ($server.VersionMajor -lt 9) -and ([string]::IsNullOrEmpty($Login)) )) {
                $Login = "sa"
            }
            # dynamic sa name for orgs who have changed their sa name
            if ($Login -eq "sa") {
                $Login = ($server.Logins | Where-Object { $_.id -eq 1 }).Name
            }

            #Get database list. If value for -Job is passed, massage to make it a string array.
            #Otherwise, use all jobs on the instance where owner not equal to -TargetLogin
            Write-Message -Level Verbose -Message "Gathering jobs to check."
            if ($Job) {
                $jobCollection = $server.JobServer.Jobs | Where-Object { $Job -contains $_.Name }
            }
            elseif ($ExcludeJob) {
                $jobCollection = $jobCollection | Where-Object { $ExcludeJob -notcontains $_.Name }
            }
            else {
                $jobCollection = $server.JobServer.Jobs
            }

            #for each database, create custom object for return set.
            foreach ($j in $jobCollection) {
                Write-Message -Level Verbose -Message "Checking $j"
                $row = [ordered]@{
                    Server       = $server.Name
                    Job          = $j.Name
                    CurrentOwner = $j.OwnerLoginName
                    TargetOwner  = $Login
                    OwnerMatch   = ($j.OwnerLoginName -eq $Login)

                }
                #add each custom object to the return array
                $return += New-Object PSObject -Property $row
            }
        }
    }
    end {
        #return results
        if ($Detailed) {
            Write-Message -Level Verbose -Message "Returning detailed results."
            return $return
        }
        else {
            Write-Message -Level Verbose -Message "Returning default results."
            return ($return | Where-Object { $_.OwnerMatch -eq $false })
        }
    }

}