commands

^

Copy-DbaDbCertificate

Author Chrissy LeMaire (@cl), netnerds.net
Availability Windows, Linux, macOS

 

Want to see the source code for this command? Check out Copy-DbaDbCertificate on GitHub.
Want to see the Bill Of Health for this command? Check out Copy-DbaDbCertificate.

Synopsis

Copy-DbaDbCertificate migrates certificates from one SQL Server to another.

Description

By default, all certificates are copied.

If the certificate already exists on the destination, it will be skipped.

Syntax

Copy-DbaDbCertificate
    [-Source] <DbaInstanceParameter>
    [[-SourceSqlCredential] <PSCredential>]
    [-Destination] <DbaInstanceParameter[]>
    [[-DestinationSqlCredential] <PSCredential>]
    [[-Database] <String[]>]
    [[-ExcludeDatabase] <String[]>]
    [[-Certificate] <String[]>]
    [[-ExcludeCertificate] <String[]>]
    [[-SharedPath] <String>]
    [[-MasterKeyPassword] <SecureString>]
    [[-EncryptionPassword] <SecureString>]
    [[-DecryptionPassword] <SecureString>]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Copy-DbaDbCertificate -Source sql01 -Destination sql02 -EncryptionPassword $cred.Password -MasterKeyPassword $cred.Password -SharedPath \\nas\sql\shared

Copies database certificates for matching databases on sql02 and creates master keys if needed
Uses password from $cred object created by Get-Credential

Example: 2
PS C:\> $params1 = @{
>>      Source = "sql01"
>>      Destination = "sql02"
>>      EncryptionPassword = $passwd
>>      MasterKeyPassword = $passwd
>>      SharedPath = "\\nas\sql\shared"
>>  }
PS C:\> Copy-DbaDbCertificate @params1 -Confirm:$false -OutVariable results

Copies database certificates for matching databases on sql02 and creates master keys if needed

Required Parameters

-Source

Source SQL Server. You must have sysadmin access and server version must be SQL Server version 2000 or higher.

Alias
Required True
Pipeline false
Default Value
-Destination

Destination SQL Server. You must have sysadmin access and the server must be SQL Server 2000 or higher.

Alias
Required True
Pipeline false
Default Value

Optional Parameters

-SourceSqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-DestinationSqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-Database

The database(s) to process.

Alias
Required False
Pipeline false
Default Value
-ExcludeDatabase

The database(s) to exclude.

Alias
Required False
Pipeline false
Default Value
-Certificate

The certificate(s) to process.

Alias
Required False
Pipeline false
Default Value
-ExcludeCertificate

The certificate(s) to exclude.

Alias
Required False
Pipeline false
Default Value
-SharedPath

Specifies the network location for the backup files. The SQL Server service accounts on both Source and Destination must have read/write permission to access this location.

Alias
Required False
Pipeline false
Default Value
-MasterKeyPassword

The password to encrypt the exported key. This must be a SecureString.

Alias
Required False
Pipeline false
Default Value
-EncryptionPassword

A string value that specifies the secure password to encrypt the private key.

Alias
Required False
Pipeline false
Default Value
-DecryptionPassword

Secure string used to decrypt the private key.

Alias
Required False
Pipeline false
Default Value
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False
-WhatIf

If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.

Alias wi
Required False
Pipeline false
Default Value
-Confirm

If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.

Alias cf
Required False
Pipeline false
Default Value