New-DbaLogin View Source Kirill Kravtsov (@nvarscar) Windows, Linux, macOS Synopsis Creates SQL Server logins for authentication with configurable security policies and mapping options
Description Creates new SQL Server logins supporting Windows Authentication, SQL Authentication, certificate-mapped, asymmetric key-mapped, and Azure AD authentication. Handles password policies, expiration settings, SID preservation for migration scenarios, and credential mapping. Can copy existing logins between instances while preserving or modifying security settings, making it essential for user provisioning, migration projects, and security standardization across environments.
Remove-DbaDbOrphanUser View Source Claudio Silva (@ClaudioESSilva) , Simone Bizzotto (@niphlod) Windows, Linux, macOS Synopsis Removes orphaned database users that no longer have corresponding SQL Server logins
Description Removes orphaned database users from one or more databases, handling schema ownership transfers automatically to prevent dependency issues.
Orphaned users occur when a database user exists but its corresponding login in the master database has been deleted or doesn’t exist on the current server.
Remove-DbaLogin View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes SQL Server logins from target instances
Description Removes one or more SQL Server logins from specified instances using the SMO Drop() method. This function handles the complete removal process including dependency checks and provides proper error handling when logins cannot be dropped due to existing sessions or database ownership. Use the -Force parameter to automatically terminate active sessions associated with the login before removal, which is useful when cleaning up test environments or decommissioning user accounts.
Remove-DbaServerRole View Source Claudio Silva (@ClaudioESSilva), claudioessilva.com Windows, Linux, macOS Synopsis Removes custom server-level roles from SQL Server instances.
Description Removes custom server-level roles that are no longer needed from SQL Server instances. This function helps clean up security configurations by permanently dropping user-defined server roles while preserving built-in system roles. Use this when decommissioning applications, consolidating permissions, or cleaning up after security audits. The operation requires confirmation due to its permanent nature and potential security impact.
Remove-DbaServerRoleMember View Source Mikey Bronowski (@MikeyBronowski), bronowski.it Windows, Linux, macOS Synopsis Revokes server-level role membership from SQL Server logins and roles.
Description Revokes membership from server-level roles by removing logins or nested roles from target roles like sysadmin, dbcreator, or custom server roles. This is essential for security management when you need to reduce user privileges or clean up role assignments after organizational changes. The function works with both fixed server roles (sysadmin, securityadmin, etc.
Rename-DbaLogin View Source Mitchell Hamann (@SirCaptainMitch) Windows, Linux, macOS Synopsis Renames SQL Server logins and optionally their associated database users
Description Renames SQL Server logins at the instance level, solving the common problem of needing to update login names after migrations, domain changes, or when improving naming conventions.
When migrating logins between environments or standardizing naming conventions, manually updating login names and all their database user mappings is time-consuming and error-prone.
Set-DbaLogin View Source Sander Stad (@sqlstad), sqlstad.nl Windows, Linux, macOS Synopsis Modifies SQL Server login properties including passwords, permissions, roles, and account status
Description Manages SQL Server login accounts by modifying passwords, account status, security settings, and server role memberships in a single operation. Handles common DBA tasks like unlocking accounts, resetting passwords with force-change requirements, and applying password policies for security compliance. Includes a special unlock feature that preserves existing passwords by temporarily disabling policy checks, eliminating the need to reset passwords when unlocking accounts.
Sync-DbaLoginPassword View Source Shawn Melton (@wsmelton), http://www.wsmelton.com Windows, Linux, macOS Synopsis Synchronizes SQL Server login passwords between instances using hashed password values.
Description Syncs SQL Server authentication login passwords from a source to destination instance(s) without requiring knowledge of the actual passwords. Uses the same technique as Microsoft’s sp_help_revlogin by extracting and applying hashed password values.
This is particularly useful for:
Maintaining consistent passwords across Availability Group replicas Migrating logins between instances when users cannot provide their passwords Disaster recovery scenarios where password synchronization is critical Keeping development/test environments synchronized with production passwords The function only works with SQL Server authentication logins.
Sync-DbaLoginPermission View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Synchronizes login permissions and role memberships between SQL Server instances.
Description Syncs comprehensive login security settings from a source to destination SQL Server instance, ensuring logins have consistent permissions across environments. This function only modifies permissions for existing logins - it will not create or drop logins themselves.
The sync process handles server roles (sysadmin, bulkadmin, etc.), server-level permissions (Connect SQL, View any database, etc.
Test-DbaLoginPassword View Source Peter Samuelsson Windows, Linux, macOS Synopsis Identifies SQL Server logins with weak passwords including empty, username-matching, or dictionary-based passwords
Description Tests SQL Server authentication logins for common weak password patterns using the PWDCOMPARE() function to validate password hashes stored in sys.sql_logins. This security audit function helps identify authentication vulnerabilities by checking for empty passwords, passwords that match the username, and passwords from a custom dictionary you provide.
dbatools