DSCResources/xSQLServer/2.0.0.0/Examples/xSQLServerEndpointPermission.ps1
$ConfigData = @{ AllNodes = @( @{ NodeName= "*" CertificateFile = "C:\Certificates\dsc-public.cer" Thumbprint = "D6F57B6BE46A7162138687FB74DBAA1D4EB1A59B" SqlInstanceName = "MSSQLSERVER" PSDscAllowDomainUser = $true }, @{ NodeName = 'SQLNODE01.company.local' Role = "PrimaryReplica" }, @{ NodeName = 'SQLNODE02.company.local' Role = "SecondaryReplica" } ) } Configuration SQLAlwaysOnNodeConfig { param ( [Parameter(Mandatory=$false)] [ValidateNotNullorEmpty()] [PsCredential] $SqlAdministratorCredential, [Parameter(Mandatory=$true)] [ValidateNotNullorEmpty()] [PsCredential] $SqlServiceCredentialNode1, [Parameter(Mandatory=$true)] [ValidateNotNullorEmpty()] [PsCredential] $SqlServiceCredentialNode2 ) Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName xSqlServer Node $AllNodes.Where{$_.Role -eq "PrimaryReplica" }.NodeName { #region Remove endpoint permissions xSQLServerEndpointPermission SQLConfigureEndpointPermissionPrimary { Ensure = "Present" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode1.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential } xSQLServerEndpointPermission SQLConfigureEndpointPermissionSecondary { Ensure = "Present" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode2.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential } #endregion #region Remove endpoint permissions xSQLServerEndpointPermission RemoveSQLConfigureEndpointPermissionPrimary { Ensure = "Absent" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode2.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerEndpointPermission]SQLConfigureEndpointPermissionPrimary" } xSQLServerEndpointPermission RemoveSQLConfigureEndpointPermissionSecondary { Ensure = "Absent" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode2.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerEndpointPermission]SQLConfigureEndpointPermissionSecondary" } #endregion } Node $AllNodes.Where{ $_.Role -eq "SecondaryReplica" }.NodeName { xSQLServerEndpointPermission SQLConfigureEndpointPermissionPrimary { Ensure = "Present" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode1.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerEndpoint]SQLConfigureEndpoint" } xSQLServerEndpointPermission SQLConfigureEndpointPermissionSecondary { Ensure = "Present" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode2.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerEndpoint]SQLConfigureEndpoint" } # Remove endpoint permissions xSQLServerEndpointPermission RemoveSQLConfigureEndpointPermissionPrimary { Ensure = "Absent" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode2.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerEndpointPermission]SQLConfigureEndpointPermissionPrimary" } xSQLServerEndpointPermission RemoveSQLConfigureEndpointPermissionSecondary { Ensure = "Absent" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Name = "DefaultMirrorEndpoint" Principal = $SqlServiceCredentialNode2.UserName Permission = "CONNECT" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerEndpointPermission]SQLConfigureEndpointPermissionSecondary" } } } $SqlAdministratorCredential = Get-Credential -Message "Enter credentials for SQL Server administrator account" $SqlServiceCredentialNode1 = Get-Credential -Message "Enter credentials for SQL Service account for primary replica" $SqlServiceCredentialNode2 = Get-Credential -Message "Enter credentials for SQL Service account for secondary replica" SQLAlwaysOnNodeConfig ` -SqlAdministratorCredential $SqlAdministratorCredential ` -SqlServiceCredentialNode1 $SqlServiceCredentialNode1 ` -SqlServiceCredentialNode2 $SqlServiceCredentialNode2 ` -ConfigurationData $ConfigData ` -OutputPath 'C:\Configuration' |