Step #1: You can't fix what you don't measure
$userName = 'TonyW'
$logins = @()
Get-DbaRegisteredServer -SqlInstance 'OurCMSServer' |
sort-object -unique |
ForEach-Object {
write-verbose $psitem.name -verbose
try {
$s = Connect-DbaInstance $PSItem
}
catch { return; }
if ($s.logins[$username]) {
$logins +=
[pscustomobject]@{
Server = $psitem
Version = $s.Version
Login = $username
Sid =
($s.logins[$username].Get_Sid() |
ForEach-Object { ("{0:X}" -f $_).PadLeft(2, "0") }
) -join ""
}
}
}
$logins |
sort-object SID, Server |
ft -AutoSize -GroupBy SID
Step #2: Fixing it the hard way...
- On the Source server get the:
- Current SID
- On the Destination server:
- Collect the following information
- Hashed password
- Databases owned by login
- SQL Agent Jobs owned by login
- Server roles the login is a member of
- Server permissions for the login
- Kill existing connections and drop the login
- Recreate the login using the SID from the source server and the hashed password from the Destination server
- Reapply the following
- Database ownership
- SQL Agent Job ownership
- Server Role memberships
- Server Permissions
- Repair orphaned database users.
Step #3 Fixing it the easy way
Stay tuned to see how to do all this with PowerShell (I promise it won't be as long as it was between the previous post and this one).
No comments:
Post a Comment