Add-DbaServerRoleMember View Source Shawn Melton (@wsmelton) Windows, Linux, macOS Synopsis Adds logins or server roles to server-level roles for SQL Server security administration.
Description Grants server-level role membership to SQL logins or nests server roles within other server roles. Use this command when setting up security permissions, implementing role-based access control, or managing server-level privileges across multiple SQL Server instances. Supports both built-in roles (sysadmin, dbcreator, etc.) and custom server roles, so you don’t have to manually assign permissions through SSMS or T-SQL scripts.
Copy-DbaLogin View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Copies SQL Server logins between instances with passwords, permissions, and role memberships intact
Description Transfers SQL Server logins from one instance to another while preserving authentication details and security context. Essential for server migrations, disaster recovery setups, and environment synchronization where you need users to maintain the same access without recreating accounts manually.
Handles both SQL Server and Windows Authentication logins, copying passwords (with original SIDs to prevent orphaned users), server roles, database permissions, and login properties like password policy enforcement.
Export-DbaLogin View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Generates T-SQL scripts to recreate SQL Server logins with their complete security context for migration and disaster recovery.
Description Creates executable T-SQL scripts that recreate SQL Server and Windows logins along with their complete security configuration. The export includes login properties (SID, hashed passwords, default database), server-level permissions and role memberships, database user mappings and roles, plus SQL Agent job ownership assignments.
Stephen Bennett, sqlnotesfromtheunderground.wordpress.com | Simone Bizzotto (@niphlod)
Find-DbaLoginInGroup View Source Stephen Bennett, sqlnotesfromtheunderground.wordpress.com , Simone Bizzotto (@niphlod) Windows, Linux, macOS Synopsis Discovers individual Active Directory users within Windows group logins on SQL Server instances.
Description Connects to SQL Server instances and recursively expands all Windows Active Directory group logins to reveal the individual user accounts that inherit access through group membership. This function queries Active Directory to enumerate all users within each Windows group login, including nested groups, providing a complete view of who actually has access to your SQL Server through group-based authentication.
Get-DbaDbOrphanUser View Source Claudio Silva (@ClaudioESSilva) , Garry Bargsley (@gbargsley) , Simone Bizzotto (@niphlod) Windows, Linux, macOS Synopsis Get orphaned users.
Description An orphan user is defined by a user that does not have their matching login. (Login property = “”).
Syntax Get-DbaDbOrphanUser [-SqlInstance] <DbaInstanceParameter[]> [[-SqlCredential] <PSCredential>] [[-Database] <Object[]>] [[-ExcludeDatabase] <Object[]>] [-EnableException] [<CommonParameters>] Examples Example: 1 PS C:\> Get-DbaDbOrphanUser -SqlInstance localhost\sql2016 Finds all orphan users without matching Logins in all databases present on server ’localhost\sql2016’.
Get-DbaLinkedServerLogin View Source Adam Lancaster, github.com/lancasteradam Windows, Linux, macOS Synopsis Retrieves linked server login mappings and authentication configurations from SQL Server instances.
Description Retrieves the login mappings configured for linked servers, showing how local SQL Server logins are mapped to remote server credentials. This function returns details about each login mapping including the local login name, remote user account, and whether impersonation is enabled. Use this to audit linked server security configurations, troubleshoot authentication issues between servers, or document cross-server login relationships for compliance purposes.
Mitchell Hamann (@SirCaptainMitch) | Rob Sewell (@SQLDBaWithBeard)
Get-DbaLogin View Source Mitchell Hamann (@SirCaptainMitch) , Rob Sewell (@SQLDBaWithBeard) Windows, Linux, macOS Synopsis Retrieves SQL Server login accounts with filtering options for security audits and access management
Description Returns detailed information about SQL Server login accounts, including authentication type, security status, and last login times. This function helps DBAs perform security audits by identifying locked, disabled, or expired accounts, and distinguish between Windows and SQL authentication logins. Use it to troubleshoot access issues, generate compliance reports, or review login configurations across multiple instances.
Get-DbaServerRoleMember View Source Klaas Vandenberghe (@PowerDBAKlaas) Windows, Linux, macOS Synopsis Retrieves server-level role memberships for security auditing and compliance reporting.
Description Returns detailed information about which logins are members of server-level roles like sysadmin, dbcreator, and securityadmin. Essential for security audits, compliance reviews, and troubleshooting permission issues. Shows both the role assignments and provides access to the underlying SMO objects for further analysis. Supports filtering by specific roles or logins to focus on particular security concerns.
New-DbaLogin View Source Kirill Kravtsov (@nvarscar) Windows, Linux, macOS Synopsis Creates SQL Server logins for authentication with configurable security policies and mapping options
Description Creates new SQL Server logins supporting Windows Authentication, SQL Authentication, certificate-mapped, asymmetric key-mapped, and Azure AD authentication. Handles password policies, expiration settings, SID preservation for migration scenarios, and credential mapping. Can copy existing logins between instances while preserving or modifying security settings, making it essential for user provisioning, migration projects, and security standardization across environments.
Remove-DbaDbOrphanUser View Source Claudio Silva (@ClaudioESSilva) , Simone Bizzotto (@niphlod) Windows, Linux, macOS Synopsis Removes orphaned database users that no longer have corresponding SQL Server logins
Description Removes orphaned database users from one or more databases, handling schema ownership transfers automatically to prevent dependency issues.
Orphaned users occur when a database user exists but its corresponding login in the master database has been deleted or doesn’t exist on the current server.
dbatools