File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -6,6 +6,10 @@ function Get-DbaDbOrphanUser {
66 . DESCRIPTION
77 An orphan user is defined by a user that does not have their matching login. (Login property = "").
88
9+ Note: Users in contained databases (Partial or Full containment type) are not considered orphaned for SQL logins,
10+ as these users authenticate directly to the database without requiring a server-level login.
11+ Windows users are still checked for orphaned status regardless of containment type.
12+
913 . PARAMETER SqlInstance
1014 The target SQL Server instance or instances.
1115
@@ -107,7 +111,13 @@ function Get-DbaDbOrphanUser {
107111 try {
108112 Write-Message - Level Verbose - Message " Validating users on database '$db '."
109113 $UsersToWork = @ ()
110- $UsersToWork += $db.Users | Where-Object { ($_.Login -eq " " -and ($_.ID -gt 4 ) -and ($_.Sid.Length -eq 16 ) -and ($_.LoginType -in ' SqlLogin' , ' Certificate'
114+ # In contained databases (Partial or Full), SQL users authenticate directly to the database
115+ # without requiring a server-level login, so they are not considered orphaned
116+ if ($db.ContainmentType.ToString () -eq " None"
117+ $UsersToWork += $db.Users | Where-Object { ($_.Login -eq " " -and ($_.ID -gt 4 ) -and ($_.Sid.Length -eq 16 ) -and ($_.LoginType -in ' SqlLogin' , ' Certificate'
118+ } else {
119+ Write-Message - Level Verbose - Message " Skipping SQL login orphan check on contained database '$db ' (ContainmentType: $ ( $db.ContainmentType ) )."
120+ }
111121 $UsersToWork += $db.Users | Where-Object { ($_.Login -notin $server.Logins.Name ) -and ($_.ID -gt 4 ) -and ($_.Sid.Length -gt 16 -and $_.LoginType -in ' WindowsUser' , ' WindowsGroup'
112122 if ($UsersToWork.Count -gt 0 ) {
113123 Write-Message - Level Verbose - Message " Orphan users found"
You can’t perform that action at this time.
0 commit comments