| Author | Claudio Silva (@ClaudioESSilva) , Simone Bizzotto (@niphlod) |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out Repair-DbaDbOrphanUser on GitHub.
Want to see the Bill Of Health for this command? Check out Repair-DbaDbOrphanUser.
Repairs orphaned database users by remapping them to matching server logins or optionally removing them.
Identifies and repairs orphaned database users - users that exist in a database but are no longer associated with a server login. This commonly occurs after database restores, migrations, or when logins are recreated.
The function searches each database for users where the Login property is empty, then attempts to remap them to existing server logins with matching names. For a login to be eligible for remapping, it must be enabled, not a system object, not locked, and have the exact same name as the orphaned user.
Uses modern ALTER USER syntax for SQL Server 2005+ or the legacy sp_change_users_login procedure for SQL Server 2000. Optionally removes orphaned users that have no matching server login when -RemoveNotExisting is specified.
Repair-DbaDbOrphanUser
[-SqlInstance] <DbaInstanceParameter[]>
[[-SqlCredential] <PSCredential>]
[[-Database] <Object[]>]
[[-ExcludeDatabase] <Object[]>]
[[-Users] <Object[]>]
[-RemoveNotExisting]
[-Force]
[-EnableException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
PS C:\> Repair-DbaDbOrphanUser -SqlInstance sql2005
Finds and repairs all orphan users of all databases present on server 'sql2005'
PS C:\> Repair-DbaDbOrphanUser -SqlInstance sqlserver2014a -SqlCredential $cred
Finds and repair all orphan users in all databases present on server 'sqlserver2014a'. SQL credentials are used to authenticate to the server.
PS C:\> Repair-DbaDbOrphanUser -SqlInstance sqlserver2014a -Database db1, db2
Finds and repairs all orphan users in both db1 and db2 databases.
PS C:\> Repair-DbaDbOrphanUser -SqlInstance sqlserver2014a -Database db1 -Users OrphanUser
Finds and repairs user 'OrphanUser' in 'db1' database.
PS C:\> Repair-DbaDbOrphanUser -SqlInstance sqlserver2014a -Users OrphanUser
Finds and repairs user 'OrphanUser' on all databases
PS C:\> Repair-DbaDbOrphanUser -SqlInstance sqlserver2014a -RemoveNotExisting
Finds all orphan users of all databases present on server 'sqlserver2014a'. Removes all users that do not have matching Logins.
The target SQL Server instance or instances.
| Alias | |
| Required | True |
| Pipeline | true (ByValue) |
| Default Value |
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Specifies which databases to scan for orphaned users. Accepts wildcards for pattern matching and multiple database names.
Use this when you only need to repair orphaned users in specific databases rather than scanning all databases on the instance.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Specifies databases to skip when scanning for orphaned users. Useful for avoiding system databases or databases under maintenance.
Commonly used to exclude tempdb, distribution databases, or databases where orphaned users should remain untouched.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
Specifies specific database users to repair rather than processing all orphaned users found.
Use this when you need to target specific problematic users or when working with large databases where selective repair is preferred.
| Alias | |
| Required | False |
| Pipeline | true (ByValue) |
| Default Value |
Removes orphaned database users that have no corresponding server login instead of just reporting them.
Use this after database migrations or when cleaning up databases where some users should no longer exist. Exercise caution as this permanently removes users.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
Bypasses confirmation prompts and forces schema ownership changes to dbo when removing orphaned users.
Required when orphaned users own database schemas that prevent their removal. Use with caution as it can affect database object ownership.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |
If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run.
| Alias | wi |
| Required | False |
| Pipeline | false |
| Default Value |
If this switch is enabled, you will be prompted for confirmation before executing any operations that change state.
| Alias | cf |
| Required | False |
| Pipeline | false |
| Default Value |