commands

^

Remove-DbaDbOrphanUser

Author Claudio Silva (@ClaudioESSilva) , Simone Bizzotto (@niphlod)
Availability Windows, Linux, macOS

 

Synopsis

Drop orphan users with no existing login to map

Description

Allows the removal of orphan users from one or more databases

Orphaned users in SQL Server occur when a database user is based on a login in the master database, but the login no longer exists in master. This can occur when the login is deleted, or when the database is moved to another server where the login does not exist.

If user is the owner of the schema with the same name and if if the schema does not have any underlying objects the schema will be dropped.

If user owns more than one schema, the owner of the schemas that does not have the same name as the user, will be changed to 'dbo'. If schemas have underlying objects, you must specify the -Force parameter so the user can be dropped.

If a login of the same name exists (which could be re-mapped with Repair-DbaDbOrphanUser) the drop will not be performed unless you specify the -Force parameter (only when calling from Repair-DbaDbOrphanUser.

Syntax

Remove-DbaDbOrphanUser
    [-SqlInstance] <DbaInstanceParameter[]>
    [[-SqlCredential] <PSCredential>]
    [[-Database] <Object[]>]
    [[-ExcludeDatabase] <Object[]>]
    [[-User] <Object[]>]
    [-Force]
    [-EnableException]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Remove-DbaDbOrphanUser -SqlInstance sql2005

Finds and drops all orphan users without matching Logins in all databases present on server 'sql2005'.

Example: 2
PS C:\> Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -SqlCredential $cred

Finds and drops all orphan users without matching Logins in all databases present on server 'sqlserver2014a'. SQL Server authentication will be used in connecting to the server.

Example: 3
PS C:\> Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -Database db1, db2 -Force

Finds and drops orphan users even if they have a matching Login on both db1 and db2 databases.

Example: 4
PS C:\> Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -ExcludeDatabase db1, db2 -Force

Finds and drops orphan users even if they have a matching Login from all databases except db1 and db2.

Example: 5
PS C:\> Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -User OrphanUser

Removes user OrphanUser from all databases only if there is no matching login.

Example: 6
PS C:\> Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -User OrphanUser -Force

Removes user OrphanUser from all databases even if they have a matching Login. Any schema that the user owns will change ownership to dbo.

Required Parameters

-SqlInstance

The target SQL Server instance or instances.

Alias
Required True
Pipeline true (ByValue)
Default Value

Optional Parameters

-SqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-Database

Specifies the database(s) to process. Options for this list are auto-populated from the server. If unspecified, all databases will be processed.

Alias
Required False
Pipeline false
Default Value
-ExcludeDatabase

Specifies the database(s) to exclude from processing. Options for this list are auto-populated from the server

Alias
Required False
Pipeline false
Default Value
-User

Specifies the list of users to remove.

Alias
Required False
Pipeline true (ByValue)
Default Value
-Force

If this switch is enabled: If exists any schema which owner is the User, this will force the change of the owner to 'dbo'. If a login of the same name exists the drop will not be performed unless you specify this parameter.

Alias
Required False
Pipeline false
Default Value False
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False
-WhatIf

If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.

Alias wi
Required False
Pipeline false
Default Value
-Confirm

If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.

Alias cf
Required False
Pipeline false
Default Value

 

Want to see the source code for this command? Check out Remove-DbaDbOrphanUser on GitHub.
Want to see the Bill Of Health for this command? Check out Remove-DbaDbOrphanUser.