functions/Remove-DbaLogin.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
function Remove-DbaLogin {
    <#
.SYNOPSIS
Drops a Login
 
.DESCRIPTION
Tries a bunch of different ways to remove a Login or two or more.
 
.PARAMETER SqlInstance
The SQL Server instance holding the Logins to be removed.You must have sysadmin access and server version must be SQL Server version 2000 or higher.
 
.PARAMETER SqlCredential
Allows you to login to servers using alternative credentials.
 
.PARAMETER Login
The Login(s) to process - this list is auto-populated from the server. If unspecified, all Logins will be processed.
 
.PARAMETER InputObject
A collection of Logins (such as returned by Get-DbaLogin), to be removed.
 
.PARAMETER Force
Kills any sessions associated with the login prior to drop
 
.PARAMETER WhatIf
Shows what would happen if the command were to run. No actions are actually performed.
 
.PARAMETER Confirm
Prompts you for confirmation before executing any changing operations within the command.
 
.PARAMETER EnableException
        By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
        This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
        Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
 
.NOTES
Tags: Delete, Logins
 
Website: https://dbatools.io
Copyright: (C) Chrissy LeMaire, clemaire@gmail.com
License: MIT https://opensource.org/licenses/MIT
 
.LINK
https://dbatools.io/Remove-DbaLogin
 
.EXAMPLE
Remove-DbaLogin -SqlInstance sql2016 -Login mylogin
 
Prompts then removes the Login mylogin on SQL Server sql2016
 
.EXAMPLE
Remove-DbaLogin -SqlInstance sql2016 -Login mylogin, yourlogin
 
Prompts then removes the Logins mylogin and yourlogin on SQL Server sql2016
 
.EXAMPLE
Remove-DbaLogin -SqlInstance sql2016 -Login mylogin -Confirm:$false
 
Does not prompt and swiftly removes mylogin on SQL Server sql2016
 
.EXAMPLE
Get-DbaLogin -SqlInstance server\instance -Login yourlogin | Remove-DbaLogin
 
removes mylogin on SQL Server server\instance
 
#>

    [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High', DefaultParameterSetName = "Default")]
    Param (
        [parameter(Mandatory, ParameterSetName = "instance")]
        [Alias("ServerInstance", "SqlServer")]
        [DbaInstanceParameter[]]$SqlInstance,
        [parameter(Mandatory = $false)]
        [Alias("Credential")]
        [PSCredential]$SqlCredential,
        [parameter(Mandatory, ParameterSetName = "instance")]
        [string[]]$Login,
        [Parameter(ValueFromPipeline, Mandatory, ParameterSetName = "Logins")]
        [Microsoft.SqlServer.Management.Smo.Login[]]$InputObject,
        [switch]$Force,
        [switch]$EnableException
    )
    
    process {
        
        foreach ($instance in $SqlInstance) {
            try {
                Write-Message -Level Verbose -Message "Connecting to $instance"
                $server = Connect-SqlInstance -SqlInstance $instance -SqlCredential $sqlcredential
            }
            catch {
                Stop-Function -Message "Failure" -Category ConnectionError -ErrorRecord $_ -Target $instance -Continue
            }
            $InputObject += $server.Logins | Where-Object { $_.Name -in $Login }
        }
        
        foreach ($currentlogin in $InputObject) {
            try {
                $server = $currentlogin.Parent
                if ($Pscmdlet.ShouldProcess("$currentlogin on $server", "KillLogin")) {
                    if ($force) {
                        $null = Stop-DbaProcess -SqlInstance $server -Login $currentlogin
                    }
                    
                    $currentlogin.Drop()
                    
                    [pscustomobject]@{
                        ComputerName  = $server.NetName
                        InstanceName  = $server.ServiceName
                        SqlInstance   = $server.DomainInstanceName
                        Login         = $currentlogin.name
                        Status        = "Dropped"
                    }
                }
            }
            catch {
                [pscustomobject]@{
                    ComputerName  = $server.NetName
                    InstanceName  = $server.ServiceName
                    SqlInstance   = $server.DomainInstanceName
                    Login         = $currentlogin.name
                    Status        = $_
                }
                Stop-Function -Message "Could not drop Login $currentlogin on $server" -ErrorRecord $_ -Target $currentlogin -Continue
            }
        }
    }
}