New-DbaServiceMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Creates a service master key in the master database for instance-level encryption hierarchy
Description Creates a service master key in the master database, which sits at the top of SQL Server’s encryption hierarchy. The service master key automatically encrypts and protects database master keys, certificates, and other encryption objects across all databases on the instance. This is typically the first step when implementing any encryption strategy on a SQL Server instance, as it eliminates the need to manually manage individual database master key passwords.
Read-DbaAuditFile View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Parses SQL Server audit files (.sqlaudit) into structured event data for security analysis and compliance reporting.
Description Reads and parses SQL Server audit files (.sqlaudit) created by SQL Server Audit functionality, converting binary audit data into readable PowerShell objects. Each audit event is returned with its timestamp, event details, fields, and actions in a structured format that’s easy to filter, export, or analyze.
Remove-DbaComputerCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes certificates from Windows certificate stores on local or remote computers
Description Removes certificates from Windows certificate stores on local or remote computers using PowerShell remoting. This is essential for managing SSL/TLS certificates used by SQL Server instances for encrypted connections and authentication. DBAs commonly use this to clean up expired certificates, remove compromised certificates during security incidents, or manage certificate lifecycle during SQL Server migrations and decommissions.
Remove-DbaCredential View Source Mikey Bronowski (@MikeyBronowski), bronowski.it Windows, Linux, macOS Synopsis Removes SQL credential(s).
Description Removes the SQL credential(s) that have passed through the pipeline.
If not used with a pipeline, Get-DbaCredential will be executed with the parameters provided
and the returned SQL credential(s) will be removed.
Syntax Remove-DbaCredential [-SqlInstance <DbaInstanceParameter[]>] [-SqlCredential <PSCredential>] [-Credential <String[]>] [-ExcludeCredential <String[]>] [-Identity <String[]>] [-ExcludeIdentity <String[]>] [-WhatIf] [-Confirm] [<CommonParameters>] Remove-DbaCredential [-SqlInstance <DbaInstanceParameter[]>] [-SqlCredential <PSCredential>] [-Credential <String[]>] [-ExcludeCredential <String[]>] [-Identity <String[]>] [-ExcludeIdentity <String[]>] -InputObject <Credential[]> [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>] Examples Example: 1 PS C:\> Remove-DbaCredential -SqlInstance localhost, localhost\namedinstance Removes all SQL credentials on the localhost, localhost\namedinstance instances.
Remove-DbaDbAsymmetricKey View Source Stuart Moore (@napalmgram), stuart-moore.com Windows, Linux, macOS Synopsis Removes asymmetric keys from SQL Server databases
Description Removes asymmetric keys from SQL Server databases by executing DROP ASYMMETRIC KEY commands. Asymmetric keys are part of SQL Server’s cryptographic hierarchy used for encryption, digital signatures, and protecting symmetric keys or certificates. This function helps DBAs clean up unused encryption objects during security audits, decommission old encryption schemes, or remove keys that are no longer needed for compliance requirements.
Remove-DbaDbCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes database certificates from SQL Server databases
Description Removes database certificates from specified SQL Server databases using the DROP CERTIFICATE statement. This function is commonly used during certificate rotation, security cleanup, or when decommissioning encryption features like Transparent Data Encryption (TDE) or Always Encrypted. Certificates can be targeted individually by name or removed in bulk using pipeline input from Get-DbaDbCertificate.
Remove-DbaDbEncryptionKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes database encryption keys from SQL Server databases to disable Transparent Data Encryption
Description Removes database encryption keys (DEK) from specified databases by executing DROP DATABASE ENCRYPTION KEY. This is typically used when disabling Transparent Data Encryption (TDE) on a database or during encryption key rotation workflows. The database must be unencrypted before the key can be removed, so run ALTER DATABASE [database] SET ENCRYPTION OFF first if TDE is currently active.
Remove-DbaDbMasterKey View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes database master keys from SQL Server databases
Description Removes database master keys from specified SQL Server databases by executing DROP MASTER KEY. Database master keys are used to encrypt other database-level encryption keys, including those for Transparent Data Encryption (TDE), Always Encrypted, and certificate private keys. This function is typically used when decommissioning database encryption, migrating to different encryption strategies, or cleaning up unused encryption infrastructure during database maintenance or compliance changes.
Remove-DbaLinkedServerLogin View Source Adam Lancaster, github.com/lancasteradam Windows, Linux, macOS Synopsis Removes linked server login mappings that define credential relationships between local and remote server logins.
Description Removes linked server login mappings, which are the credential associations that determine how local SQL Server logins authenticate to remote servers through linked server connections. These mappings control which credentials are used when executing queries against remote servers, so removing them effectively blocks access through that linked server for the specified local login.
Remove-DbaNetworkCertificate View Source Chrissy LeMaire (@cl), netnerds.net Windows, Linux, macOS Synopsis Removes the SSL certificate configuration from SQL Server network encryption settings
Description Removes the certificate thumbprint from SQL Server’s network encryption configuration by clearing the Certificate registry value in SuperSocketNetLib. This disables forced SSL encryption for client connections and returns the instance to unencrypted or optional encryption mode. Use this when decommissioning certificates, troubleshooting SSL connection issues, or when you need to reconfigure encryption settings from scratch.
dbatools