functions/Rename-DbaLogin.ps1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
function Rename-DbaLogin { <# .SYNOPSIS Rename-DbaLogin will rename login and database mapping for a specified login. .DESCRIPTION There are times where you might want to rename a login that was copied down, or if the name is not descriptive for what it does. It can be a pain to update all of the mappings for a specific user, this does it for you. .PARAMETER SqlInstance Source SQL Server.You must have sysadmin access and server version must be SQL Server version 2000 or greater. .PARAMETER Destination Destination Sql Server. You must have sysadmin access and server version must be SQL Server version 2000 or greater. .PARAMETER SqlCredential Allows you to login to servers using SQL Logins as opposed to Windows Auth/Integrated/Trusted. To use: $scred = Get-Credential, then pass $scred object to the -SourceSqlCredential parameter. Windows Authentication will be used if DestinationSqlCredential is not specified. SQL Server does not accept Windows credentials being passed as credentials. To connect as a different Windows user, run PowerShell as that user. .PARAMETER Login The current Login on the server - this list is auto-populated from the server. .PARAMETER NewLogin The new Login that you wish to use. If it is a windows user login, then the SID must match. .PARAMETER Confirm Prompts to confirm actions .PARAMETER WhatIf Shows what would happen if the command were to run. No actions are actually performed. .PARAMETER EnableException By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch. .NOTES Tags: Login Author: Mitchell Hamann (@SirCaptainMitch) Website: https://dbatools.io Copyright: (C) Chrissy LeMaire, clemaire@gmail.com License: MIT https://opensource.org/licenses/MIT .LINK https://dbatools.io/Rename-DbaLogin .EXAMPLE Rename-DbaLogin -SqlInstance localhost -Login DbaToolsUser -NewLogin captain SQL Login Example .EXAMPLE Rename-DbaLogin -SqlInstance localhost -Login domain\oldname -NewLogin domain\newname Change the windowsuser login name. .EXAMPLE Rename-DbaLogin -SqlInstance localhost -Login dbatoolsuser -NewLogin captain -WhatIf WhatIf Example #> [CmdletBinding(DefaultParameterSetName = "Default", SupportsShouldProcess = $true)] param ( [parameter(Mandatory = $true)] [DbaInstanceParameter[]]$SqlInstance, [PSCredential]$SqlCredential, [parameter(Mandatory = $true)] [string]$Login, [parameter(Mandatory = $true)] [string]$NewLogin, [switch]$EnableException ) process { foreach ($instance in $SqlInstance) { try { $server = Connect-SqlInstance -SqlInstance $instance -SqlCredential $sqlcredential } catch { Stop-Function -Message "Failure" -Category ConnectionError -ErrorRecord $_ -Target $instance -Continue } $Databases = $server.Databases | Where-Object IsAccessible $currentLogin = $server.Logins[$Login] if ($Pscmdlet.ShouldProcess($SqlInstance, "Changing Login name from [$Login] to [$NewLogin]")) { try { $dbenums = $currentLogin.EnumDatabaseMappings() $currentLogin.rename($NewLogin) [pscustomobject]@{ ComputerName = $server.NetName InstanceName = $server.ServiceName SqlInstance = $server.DomainInstanceName Database = $null OldLogin = $Login NewLogin = $NewLogin Status = "Successful" } } catch { $dbenums = $null [pscustomobject]@{ ComputerName = $server.NetName InstanceName = $server.ServiceName SqlInstance = $server.DomainInstanceName Database = $null OldLogin = $Login NewLogin = $NewLogin Status = "Failure" } Stop-Function -Message "Failure" -ErrorRecord $_ -Target $login } } foreach ($db in $dbenums) { $db = $databases[$db.DBName] $user = $db.Users[$Login] Write-Message -Level Verbose -Message "Starting update for $db" if ($Pscmdlet.ShouldProcess($SqlInstance, "Changing database $db user $user from [$Login] to [$NewLogin]")) { try { $oldname = $user.name $user.Rename($NewLogin) [pscustomobject]@{ ComputerName = $server.NetName InstanceName = $server.ServiceName SqlInstance = $server.DomainInstanceName Database = $db.name OldUser = $oldname NewUser = $NewLogin Status = "Successful" } } catch { Write-Message -Level Warning -Message "Rolling back update to login: $Login" $currentLogin.rename($Login) [pscustomobject]@{ ComputerName = $server.NetName InstanceName = $server.ServiceName SqlInstance = $server.DomainInstanceName Database = $db.name OldUser = $NewLogin NewUser = $oldname Status = "Failure to rename. Rolled back change." } Stop-Function -Message "Failure" -ErrorRecord $_ -Target $NewLogin } } } } } } |