dbatools is a free PowerShell module with over 300 SQL Server administration, best practice and migration commands included.

Please note that documentation and command names may be out of date while we work furiously towards 1.0


The purpose of this function is to find SQL Server logins that are used by Active Directory users that are either disabled or removed from the domain. It allows you to keep your logins accurate and up to date by removing accounts that are no longer needed.



To test all logins in the domain ran from (check $env:domain) that are either disabled or do not exist

Test-DbaValidLogin -SqlServer Dev01

To test all Active directory groups that have logins on Dev01 returning a detailed view.

Test-DbaValidLogin -SqlServer Dev01 -FilterBy GroupsOnly -Detailed

To test all logins excluding any that are from the subdomain.ad.localDomain

Test-DbaValidLogin -SqlServer Dev01 -ExcludeDomains subdomain.ad.local


This command was created by Stephen Bennett. You can find Stephen on his blog.


From PowerShell, execute Get-Help Test-DbaValidLogin -Detailed for more information on this function.

Source Code

Want to see the source code? View Test-DbaValidLogin.ps1 on GitHub

Related commands