functions/Test-DbaDatabaseOwner.ps1
function Test-DbaDatabaseOwner { <# .SYNOPSIS Checks database owners against a login to validate which databases do not match that owner. .DESCRIPTION This function will check all databases on an instance against a SQL login to validate if that login owns those databases or not. By default, the function will check against 'sa' for ownership, but the user can pass a specific login if they use something else. Only databases that do not match this ownership will be displayed, but if the -Detailed switch is set all databases will be shown. Best Practice reference: http://weblogs.sqlteam.com/dang/archive/2008/01/13/Database-Owner-Troubles.aspx .NOTES Tags: Author: Michael Fal (@Mike_Fal), http://mikefal.net Website: https://dbatools.io Copyright: (C) Chrissy LeMaire, clemaire@gmail.com License: GNU GPL v3 https://opensource.org/licenses/GPL-3.0 .PARAMETER SqlInstance Specifies the SQL Server instance(s) to scan. .PARAMETER SqlCredential Allows you to login to servers using SQL Logins instead of Windows Authentication (AKA Integrated or Trusted). To use: $scred = Get-Credential, then pass $scred object to the -SqlCredential parameter. Windows Authentication will be used if SqlCredential is not specified. SQL Server does not accept Windows credentials being passed as credentials. To connect as a different Windows user, run PowerShell as that user. .PARAMETER Database Specifies the database(s) to process. Options for this list are auto-populated from the server. If unspecified, all databases will be processed. .PARAMETER ExcludeDatabase Specifies the database(s) to exclude from processing. Options for this list are auto-populated from the server. .PARAMETER TargetLogin Specifies the login that you wish check for ownership. This defaults to 'sa' or the sysadmin name if sa was renamed. This must be a valid security principal which exists on the target server. .PARAMETER Detailed If this switch is enabled, a list of all databases and whether or not their owner matches TargetLogin. .LINK https://dbatools.io/Test-DbaDatabaseOwner .EXAMPLE Test-DbaDatabaseOwner -SqlInstance localhost Returns all databases where the owner does not match 'sa'. .EXAMPLE Test-DbaDatabaseOwner -SqlInstance localhost -TargetLogin 'DOMAIN\account' Returns all databases where the owner does not match 'DOMAIN\account'. #> [OutputType("System.Object[]")] [CmdletBinding()] param ( [parameter(Mandatory = $true)] [Alias("ServerInstance", "SqlServer")] [DbaInstanceParameter[]]$SqlInstance, [PSCredential]$SqlCredential, [Alias("Databases")] [object[]]$Database, [object[]]$ExcludeDatabase, [string]$TargetLogin, [Switch]$Detailed ) begin { #connect to the instance and set return array empty $return = @() } process { foreach ($servername in $SqlInstance) { Write-Verbose "Connecting to $servername" $server = Connect-SqlInstance $servername -SqlCredential $SqlCredential # dynamic sa name for orgs who have changed their sa name if ($TargetLogin.length -eq 0) { $TargetLogin = ($server.logins | Where-Object { $_.id -eq 1 }).Name } #Validate login if (($server.Logins.Name) -notcontains $TargetLogin) { if ($SqlInstance.count -eq 1) { throw "Invalid login: $TargetLogin" return $null } else { Write-Warning "$TargetLogin is not a valid login on $servername. Moving on." Continue } } #use online/available dbs $dbs = $server.Databases #filter database collection based on parameters if ($Database) { $dbs = $dbs | Where-Object { $Database -contains $_.Name } } if ($ExcludeDatabase) { $dbs = $dbs | Where-Object Name -NotIn $ExcludeDatabase } #for each database, create custom object for return set. foreach ($db in $dbs) { Write-Verbose "Checking $db" $row = [ordered]@{ Server = $server.Name Database = $db.Name DBState = $db.Status CurrentOwner = $db.Owner TargetOwner = $TargetLogin OwnerMatch = ($db.owner -eq $TargetLogin) } #add each custom object to the return array $return += New-Object PSObject -Property $row } } } end { #return results if ($Detailed) { Write-Verbose "Returning detailed results." return $return } else { Write-Verbose "Returning default results." return ($return | Where-Object { $_.OwnerMatch -eq $false }) } } } |