TLDR: dbatools is moving to Azure Trusted Signing, which means Microsoft backs our reputation and dbatools won’t trigger as many antivirus false positives.
Users upgrading from older signed versions will need -SkipPublisherCheck only once during the initial transition. PowerShell users with strict ExecutionPolicies (AllSigned/RemoteSigned) will need to trust each new certificate after every update due to Azure Trusted Signing’s daily cert rotation (but you can use the automation script provided below).
Add-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Imports X.509 certificates into the Windows certificate store on local or remote computers.
Description Imports X.509 certificates (including password-protected .pfx files with private keys) into the specified Windows certificate store on one or more computers. This function is essential for SQL Server TLS/SSL encryption setup, Availability Group certificate requirements, and Service Broker security configurations.
When importing PFX files, the function imports the entire certificate chain, including intermediate certificates.
Compare-DbaAgReplicaCredential View Source dbatools team Windows, Linux, macOS Synopsis Compares SQL Server Credentials across Availability Group replicas to identify configuration differences.
Description Compares SQL Server Credentials across all replicas in an Availability Group to identify differences in credential configurations. This helps ensure consistency across AG replicas and detect when credentials have been created or removed on one replica but not others.
This is particularly useful for verifying that junior DBAs have applied security changes to all replicas or for troubleshooting issues where credential configurations have drifted between replicas.
Compare-DbaAgReplicaLogin View Source dbatools team Windows, Linux, macOS Synopsis Compares SQL Server logins across Availability Group replicas to identify configuration differences.
Description Compares SQL Server logins across all replicas in an Availability Group to identify differences in login configurations. This helps ensure consistency across AG replicas and detect when logins have been created, modified, or removed on one replica but not others.
This is particularly useful for verifying that junior DBAs have applied security changes to all replicas or for troubleshooting access issues where login configurations have drifted between replicas.
Copy-DbaServerRole View Source the dbatools team + Claude Windows, Linux, macOS Synopsis Migrates custom server roles and their permissions between SQL Server instances
Description Copies user-defined server roles from the source server to one or more destination servers. This is essential when migrating SQL Server instances that use custom server roles for granular permission management, or when standardizing security configurations across multiple environments.
Only custom (user-defined) server roles are copied by default.
Disable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Transparent Data Encryption (TDE) on SQL Server databases and removes encryption keys
Description Disables Transparent Data Encryption (TDE) on specified databases by setting EncryptionEnabled to false and monitoring the decryption process until completion. Since TDE is not fully disabled until the Database Encryption Key (DEK) is removed, this command drops the encryption key by default to complete the decryption process.
Disable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Disables Force Network Encryption setting in SQL Server Configuration Manager
Description Modifies the Windows registry to disable Force Network Encryption for SQL Server instances, allowing unencrypted client connections. This is useful when troubleshooting connectivity issues, working with legacy applications that don’t support encryption, or when encryption is handled at the network level. Requires Windows administrator access to the target server and PowerShell remoting.
Disable-DbaHideInstance View Source Gareth Newman (@gazeranco), ifexists.blog Windows, Linux, macOS Synopsis Makes SQL Server instances visible to network discovery by disabling the Hide Instance registry setting.
Description Modifies the Windows registry to disable the Hide Instance setting, making SQL Server instances visible to the SQL Server Browser service and network discovery tools. When Hide Instance is enabled, the instance won’t respond to browse requests, which is often used for security hardening but makes instances harder to locate.
Enable-DbaDbEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Enables Transparent Data Encryption (TDE) on SQL Server databases
Description Enables Transparent Data Encryption (TDE) on specified databases to protect data at rest. This is essential for compliance with regulations like HIPAA, PCI-DSS, and organizational security policies. The function automatically creates a Database Encryption Key (DEK) if one doesn’t exist, using a certificate from the master database to encrypt it.
Enable-DbaForceNetworkEncryption View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Configures SQL Server to require encrypted connections from all clients by modifying the Windows registry
Description Modifies the Windows registry to force all client connections to SQL Server to use encryption, regardless of the client’s encryption settings. This security feature ensures that all data transmitted between clients and SQL Server is encrypted, protecting against network eavesdropping and man-in-the-middle attacks.
dbatools