functions/Get-DbaServerRole.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
function Get-DbaServerRole {
    <#
        .SYNOPSIS
            Gets the list of server-level roles with the logins that are members of that role.
 
        .DESCRIPTION
            Gets the list of server-level roles for SQL Server instance.
 
        .PARAMETER SqlInstance
            The SQL Server instance. Server version must be SQL Server version 2005 or higher.
 
        .PARAMETER SqlCredential
            Allows you to login to servers using SQL Logins instead of Windows Authentication (AKA Integrated or Trusted). To use:
 
            $scred = Get-Credential, then pass $scred object to the -SqlCredential parameter.
 
            Windows Authentication will be used if SqlCredential is not specified. SQL Server does not accept Windows credentials being passed as credentials.
 
            To connect as a different Windows user, run PowerShell as that user.
 
        .PARAMETER ServerRole
            Server-Level role to filter results to that role only.
 
        .PARAMETER ExcludeServerRole
            Server-Level role to exclude from results.
 
        .PARAMETER ExcludeFixedRole
            Filter the fixed server-level roles. Only applies to SQL Server 2017 that supports creation of server-level roles.
 
        .PARAMETER EnableException
            By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
 
        .NOTES
            Tags: ServerRole, Security
            Original Author: Shawn Melton (@wsmelton)
 
            Website: https: //dbatools.io
            Copyright: (C) Chrissy LeMaire, clemaire@gmail.com
            License: GNU GPL v3 https: //opensource.org/licenses/GPL-3.0
 
        .LINK
            https://dbatools.io/Get-DbaServerRole
 
        .EXAMPLE
            Get-DbaServerRole -SqlInstance sql2016a
 
            Outputs list of server-level roles and logins that are members for sql2016a instance.
 
        .EXAMPLE
            Get-DbaServerRole -SqlInstance sql2016a -Role sysadmin
 
            Outputs members of sysadmin server-level role on sql2016a instance.
 
        .EXAMPLE
            Get-DbaServerRole -SqlInstance sql2017a -ExcludeFixedRole
 
            Outputs the server-level role(s) that are not fixed roles on sql2017a instance.
 
        .EXAMPLE
            Get-DbaServerRole -SqlInstance sql2016a -Login Bob
 
            Outputs the server-level role(s) that the login Bob is a member of on sql2016a instance.
 
            If Bob is not a member of any role, no output is returned.
 
        .EXAMPLE
            Get-DbaServerRole -SqlInstance sql2016a -Role sysadmin -Login Bob
 
            Outputs the server-level role sysadmin with the login Bob as a member on sql2016a instance.
 
            If Bob is not a member of that role, no output is returned.
    #>

    [CmdletBinding()]
    param (
        [Parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true)]
        [DbaInstance[]]$SqlInstance,
        [PSCredential]$SqlCredential,
        [object[]]$ServerRole,
        [object[]]$ExcludeServerRole,
        [switch]$ExcludeFixedRole,
        [switch]$EnableException
    )

    process {
        foreach ($instance in $SqlInstance) {
            try {
                Write-Message -Level Verbose -Message "Connecting to $instance"
                $server = Connect-SqlInstance -SqlInstance $instance -SqlCredential $SqlCredential
            }
            catch {
                Stop-Function -Message "Failure" -Category ConnectionError -ErrorRecord $_ -Target $instance -Continue
            }

            $roles = $server.Roles

            if ($ServerRole) {
                $roles = $roles | Where-Object Name -In $ServerRole
            }
            if ($ExcludeServerRole) {
                $roles = $roles | Where-Object Name -NotIn $ExcludeServerRole
            }
            if ($ExcludeFixedRole) {
                $roles = $roles | Where-Object IsFixedRole -eq $false
            }

            foreach ($role in $roles) {
                $members = $role.EnumMemberNames()

                Add-Member -Force -InputObject $role -MemberType NoteProperty -Name Login -Value $members
                Add-Member -Force -InputObject $role -MemberType NoteProperty -Name ComputerName -value $server.NetName
                Add-Member -Force -InputObject $role -MemberType NoteProperty -Name InstanceName -value $server.ServiceName
                Add-Member -Force -InputObject $role -MemberType NoteProperty -Name SqlInstance -value $server.DomainInstanceName

                $default = 'ComputerName', 'InstanceName', 'SqlInstance', 'Name as Role', 'IsFixedRole', 'DateCreated', 'DateModified'
                Select-DefaultView -InputObject $role -Property $default
            }
        }
    }
}