commands

^

Test-DbaLoginPassword

Author Peter Samuelsson
Availability Windows, Linux, macOS

 

Synopsis

Test-DbaLoginPassword finds any logins on SQL instance that are SQL Logins and have a password that is either null or same as the login

Description

The purpose of this function is to find SQL Server logins that have no password or the same password as login. You can add your own password to check for or add them to a csv file. By default it will test for empty password and the same password as username.

Syntax

Test-DbaLoginPassword
    [[-SqlInstance] <DbaInstanceParameter[]>]
    [[-SqlCredential] <PSCredential>]
    [[-Login] <String[]>]
    [[-Dictionary] <String[]>]
    [[-InputObject] <Login[]>]
    [-EnableException]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> Test-DbaLoginPassword -SqlInstance Dev01

Test all SQL logins that the password is null or same as username on SQL server instance Dev01

Example: 2
PS C:\> Test-DbaLoginPassword -SqlInstance Dev01 -Login sqladmin

Test the 'sqladmin' SQL login that the password is null or same as username on SQL server instance Dev01

Example: 3
PS C:\> Test-DbaLoginPassword -SqlInstance Dev01 -Dictionary Test1,test2

Test all SQL logins that the password is null, same as username or Test1,Test2 on SQL server instance Dev0

Example: 4
PS C:\> Get-DbaLogin -SqlInstance "sql2017","sql2016" | Test-DbaLoginPassword

Test all logins on sql2017 and sql2016

Example: 5
PS C:\> $servers | Get-DbaLogin | Out-GridView -PassThru | Test-DbaLoginPassword

Test selected logins on all servers in the $servers variable

Optional Parameters

-SqlInstance

The SQL Server instance you're checking logins on. You must have sysadmin access and server version must be SQL Server version 2008 or higher.

Alias
Required False
Pipeline false
Default Value
-SqlCredential

Allows you to login to servers using SQL Logins instead of Windows Authentication (AKA Integrated or Trusted). To use: $scred = Get-Credential, then pass $scred object to the -SqlCredential parameter. Windows Authentication will be used if SqlCredential is not specified. SQL Server does not accept Windows credentials being passed as credentials. To connect as a different Windows user, run PowerShell as that user.

Alias
Required False
Pipeline false
Default Value
-Login

The login(s) to process.

Alias
Required False
Pipeline false
Default Value
-Dictionary

Specifies a list of passwords to include in the test for weak passwords.

Alias
Required False
Pipeline false
Default Value
-InputObject

Allows piping from Get-DbaLogin.

Alias
Required False
Pipeline true (ByValue)
Default Value
-EnableException

By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.

Alias
Required False
Pipeline false
Default Value False

 

Want to see the source code for this command? Check out Test-DbaLoginPassword on GitHub.
Want to see the Bill Of Health for this command? Check out Test-DbaLoginPassword.