commands

^

Sync-DbaLoginPermission

Author Chrissy LeMaire (@cl), netnerds.net
Availability Windows, Linux, macOS

 

Synopsis

Copies SQL login permissions from one server to another.

Description

Syncs only SQL Server login permissions, roles, etc. Does not add or drop logins. If a matching login does not exist on the destination, the login will be skipped. Credential removal is not currently supported for this operation.

Syntax

Sync-DbaLoginPermission
    [-Source] <DbaInstanceParameter>
    [[-SourceSqlCredential] <PSCredential>]
    [-Destination] <DbaInstanceParameter[]>
    [[-DestinationSqlCredential] <PSCredential>]
    [[-Login] <String[]>]
    [[-ExcludeLogin] <String[]>]
    [-EnableException]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Sync-DbaLoginPermission -Source sqlserver2014a -Destination sqlcluster

Syncs only SQL Server login permissions, roles, etc. Does not add or drop logins or users. To copy logins and their permissions, use Copy-SqlLogin.

Example: 2
PS C:\> Sync-DbaLoginPermission -Source sqlserver2014a -Destination sqlcluster -Exclude realcajun -SourceSqlCredential $scred -DestinationSqlCredential $dcred

Copies all login permissions except for realcajun using SQL Authentication to connect to each server. If a login already exists on the destination, the permissions will not be migrated.

Example: 3
PS C:\> Sync-DbaLoginPermission -Source sqlserver2014a -Destination sqlcluster -Login realcajun, netnerds

Copies permissions ONLY for logins netnerds and realcajun.

Required Parameters

-Source

Source SQL Server. You must have sysadmin access and server version must be SQL Server version 2000 or higher.

Alias
Required True
Pipeline true (ByValue)
Default Value
-Destination

Destination SQL Server. You must have sysadmin access and the server must be SQL Server 2000 or higher.

Alias
Required True
Pipeline false
Default Value

Optional Parameters

-SourceSqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-DestinationSqlCredential

Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance.

Alias
Required False
Pipeline false
Default Value
-Login

The login(s) to process. Options for this list are auto-populated from the server. If unspecified, all logins will be processed.

Alias
Required False
Pipeline false
Default Value
-ExcludeLogin

The login(s) to exclude. Options for this list are auto-populated from the server.

Alias
Required False
Pipeline false
Default Value
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False

 

Want to see the source code for this command? Check out Sync-DbaLoginPermission on GitHub.
Want to see the Bill Of Health for this command? Check out Sync-DbaLoginPermission.