functions/Get-DbaLogin.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
function Get-DbaLogin {
    <#
  .SYNOPSIS
   Function to get an SMO login object of the logins for a given SQL Instance. Takes a server object from the pipe
 
  .DESCRIPTION
   The Get-DbaLogin function returns an SMO Login object for the logins passed, if there are no users passed it will return all logins.
 
  .PARAMETER SqlInstance
   The SQL Server instance, or instances.You must have sysadmin access and server version must be SQL Server version 2000 or higher.
 
  .PARAMETER SqlCredential
   Allows you to login to servers using SQL Logins as opposed to Windows Auth/Integrated/Trusted.
 
  .PARAMETER Login
   The login(s) to process - this list is auto-populated from the server. If unspecified, all logins will be processed.
 
  .PARAMETER ExcludeLogin
   The login(s) to exclude - this list is auto-populated from the server
 
  .PARAMETER Locked
   Filters on the SMO property to return locked Logins.
 
  .PARAMETER Disabled
   Filters on the SMO property to return disabled Logins.
 
  .PARAMETER HasAccess
   Filters on the SMO property to return Logins that has access to the instance of SQL Server.
 
  .PARAMETER Silent
   Use this switch to disable any kind of verbose messages
 
  .NOTES
   Author: Mitchell Hamann (@SirCaptainMitch)
   Author: Klaas Vandenberghe (@powerdbaklaas)
 
   Website: https://dbatools.io
   Copyright: (C) Chrissy LeMaire, clemaire@gmail.com
   License: GNU GPL v3 https://opensource.org/licenses/GPL-3.0
 
  .LINK
   https://dbatools.io/Get-DbaLogin
 
  .EXAMPLE
   Get-DbaLogin -SqlInstance sql2016
 
   Gets all the logins from server sql2016 using NT authentication and returns the SMO login objects
 
  .EXAMPLE
   Get-DbaLogin -SqlInstance sql2016 -SqlCredential $sqlcred
 
   Gets all the logins for a given SQL Server using a passed credential object and returns the SMO login objects
 
  .EXAMPLE
   Get-DbaLogin -SqlInstance sql2016 -SqlCredential $sqlcred -Login dbatoolsuser,TheCaptain
 
   Get specific logins from server sql2016 returned as SMO login objects.
 
  .EXAMPLE
   Get-DbaLogin -SqlInstance sql2016 -ExcludeLogin dbatoolsuser
 
   Get all user objects from server sql2016 except the login dbatoolsuser, returned as SMO login objects.
 
  .EXAMPLE
   'sql2016', 'sql2014' | Get-DbaLogin -SqlCredential $sqlcred
 
   Using Get-DbaLogin on the pipeline, you can also specify which names you would like with -Login.
 
  .EXAMPLE
   'sql2016', 'sql2014' | Get-DbaLogin -SqlCredential $sqlcred -Locked
 
   Using Get-DbaLogin on the pipeline to get all locked logins on servers sql2016 and sql2014.
 
  .EXAMPLE
   'sql2016', 'sql2014' | Get-DbaLogin -SqlCredential $sqlcred -HasAccess -Disabled
 
   Using Get-DbaLogin on the pipeline to get all Disabled logins that have access on servers sql2016 or sql2014.
 #>

    [CmdletBinding()]
    Param (
        [parameter(Position = 0, Mandatory = $true, ValueFromPipeline = $true)]
        [Alias("ServerInstance", "SqlServer")]
        [DbaInstanceParameter[]]$SqlInstance,
        [PSCredential]
        $SqlCredential,
        [object[]]$Login,
        [object[]]$ExcludeLogin,
        [switch]$HasAccess,
        [switch]$Locked,
        [switch]$Disabled,
        [switch]$Silent
    )

    process {
        foreach ($Instance in $sqlInstance) {
            try {
                Write-Message -Level Verbose -Message "Connecting to $instance"
                $server = Connect-SqlInstance -SqlInstance $instance -SqlCredential $SqlCredential
            }
            catch {
                Stop-Function -Message "Failure" -Category ConnectionError -ErrorRecord $_ -Target $instance -Continue
            }

            $serverLogins = $server.Logins

            if ($Login) {
                $serverLogins = $serverLogins | Where-Object Name -in $Login
            }

            if ($ExcludeLogin) {
                $serverLogins = $serverLogins | Where-Object Name -NotIn $ExcludeLogin
            }

            if ($HasAccess) {
                $serverLogins = $serverLogins | Where-Object HasAccess
            }

            if ($Locked) {
                $serverLogins = $serverLogins | Where-Object IsLocked
            }

            if ($Disabled) {
                $serverLogins = $serverLogins | Where-Object IsDisabled
            }

            foreach ($serverLogin in $serverlogins) {
                Write-Message -Level Verbose -Message "Processing $serverLogin on $instance"

                if ($server.VersionMajor -gt 9) {
                    # There's no reliable method to get last login time with SQL Server 2000, so only show on 2005+
                    Write-Message -Level Verbose -Message "Getting last login time"
                    $sql = "SELECT MAX(login_time) AS [login_time] FROM sys.dm_exec_sessions WHERE login_name = '$($serverLogin.name)'"
                    Add-Member -Force -InputObject $serverLogin -MemberType NoteProperty -Name LastLogin -Value $server.ConnectionContext.ExecuteScalar($sql)
                }
                else 
                {
                    Add-Member -Force -InputObject $serverLogin -MemberType NoteProperty -Name LastLogin -Value $null
                }

                Add-Member -Force -InputObject $serverLogin -MemberType NoteProperty -Name ComputerName -Value $server.NetName
                Add-Member -Force -InputObject $serverLogin -MemberType NoteProperty -Name InstanceName -Value $server.ServiceName
                Add-Member -Force -InputObject $serverLogin -MemberType NoteProperty -Name SqlInstance -Value $server.DomainInstanceName

                Select-DefaultView -InputObject $serverLogin -Property ComputerName, InstanceName, SqlInstance, Name, LoginType, CreateDate, LastLogin, HasAccess, IsLocked, IsDisabled
            } #foreach serverlogin
        } #foreach instance
    } #process
} #function