Fix DAC connection reuse detection causing excessive DAC errors in Sync-DbaAvailabilityGroup

The dacConnected check in multiple commands was checking Server.Name for the ADMIN:
prefix, but the ADMIN: prefix lives in ConnectionContext.ServerInstance. Since Server.Name
never starts with ADMIN:, the check always returned false - causing commands to mark
$dacOpened = $true and disconnect the shared DAC connection at their end blocks.

This resulted in Sync-DbaAvailabilityGroup's DAC being unintentionally closed by each
sub-command (Copy-DbaCredential, Copy-DbaDbMail, Copy-DbaLinkedServer).

Additionally, Sync-DbaLoginPermission was passed the DAC server object. Update-SqlPermission
calls SqlConnectionObject.Close() in tight loops (per role per database per login), causing
repeated DAC slot acquire/release cycles that trigger "max 1 DAC connections" SQL errors.

Fixes:
- Change all dacConnected checks from .InputObject.Name to
  .InputObject.ConnectionContext.ServerInstance (or .Parent.ConnectionContext.ServerInstance)
- In Sync-DbaAvailabilityGroup, pass DomainInstanceName string to Sync-DbaLoginPermission
  so it opens a normal pooled connection instead of reusing the DAC server

Fixes #10284

(do *AvailabilityGroup*, *Credential*, *LinkedServer*, *DbMail*, *Migration*, *Decrypt*)

Co-authored-by: Andreas Jordan <andreasjordan@users.noreply.github.com>

Author: github-actions[bot]

public/Copy-DbaCredential.ps1

@@ -156,7 +156,7 @@ function Copy-DbaCredential {
             if ($ExcludePassword) { $dacNeeded = $false } else { $dacNeeded = $true }
 
             # Do we have a dedicated admin connection already?
-            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.Name -match '^ADMIN:'
+            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
 
             $dacOpened = $false
             if ($dacNeeded) {

public/Copy-DbaDbMail.ps1

@@ -390,7 +390,7 @@ function Copy-DbaDbMail {
             if ($ExcludePassword) { $dacNeeded = $false } else { $dacNeeded = $true }
 
             # Do we have a dedicated admin connection already?
-            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.Name -match '^ADMIN:'
+            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
 
             $dacOpened = $false
             if ($dacNeeded) {

public/Copy-DbaLinkedServer.ps1

@@ -307,7 +307,7 @@ function Copy-DbaLinkedServer {
             if ($ExcludePassword) { $dacNeeded = $false } else { $dacNeeded = $true }
 
             # Do we have a dedicated admin connection already?
-            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.Name -match '^ADMIN:'
+            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
 
             $dacOpened = $false
             if ($dacNeeded) {

public/Export-DbaCredential.ps1

@@ -115,7 +115,7 @@ function Export-DbaCredential {
                 if ($ExcludePassword) { $dacNeeded = $false } else { $dacNeeded = $true }
 
                 # Do we have a dedicated admin connection already?
-                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.Name -match '^ADMIN:'
+                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
 
                 $dacOpened = $false
                 if ($dacNeeded) {

public/Export-DbaInstance.ps1

@@ -240,7 +240,7 @@ function Export-DbaInstance {
                 if ($ExcludePassword) { $dacNeeded = $false }
 
                 # Do we have a dedicated admin connection already?
-                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.Name -match '^ADMIN:'
+                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
 
                 $dacOpened = $false
                 if ($dacNeeded) {

public/Export-DbaLinkedServer.ps1

@@ -129,7 +129,7 @@ function Export-DbaLinkedServer {
                 if ($ExcludePassword) { $dacNeeded = $false } else { $dacNeeded = $true }
 
                 # Do we have a dedicated admin connection already?
-                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.Name -match '^ADMIN:'
+                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
 
                 $dacOpened = $false
                 if ($dacNeeded) {

public/Invoke-DbaDbDecryptObject.ps1

@@ -198,7 +198,7 @@ function Invoke-DbaDbDecryptObject {
             # Try to connect to instance
             try {
                 # Do we have a dedicated admin connection already?
-                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.Name -match '^ADMIN:'
+                $dacConnected = $instance.Type -eq 'Server' -and $instance.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
                 $dacOpened = $false
                 if ($dacConnected) {
                     Write-Message -Level Verbose -Message "Reusing dedicated admin connection."

public/Start-DbaMigration.ps1

@@ -366,7 +366,7 @@ function Start-DbaMigration {
             if ($ExcludePassword) { $dacNeeded = $false }
 
             # Do we have a dedicated admin connection already?
-            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.Name -match '^ADMIN:'
+            $dacConnected = $Source.Type -eq 'Server' -and $Source.InputObject.ConnectionContext.ServerInstance -match '^ADMIN:'
 
             $dacOpened = $false
             if ($dacNeeded) {

public/Sync-DbaAvailabilityGroup.ps1

@@ -194,7 +194,7 @@ function Sync-DbaAvailabilityGroup {
             if ($ExcludePassword) { $dacNeeded = $false } else { $dacNeeded = $true }
 
             # Do we have a dedicated admin connection already?
-            $dacConnected = $InputObject.Parent.Name -match '^ADMIN:'
+            $dacConnected = $InputObject.Parent.ConnectionContext.ServerInstance -match '^ADMIN:'
 
             if ($dacNeeded -and -not $dacConnected) {
                 Stop-Function -Message "Pipeline source must use a dedicated admin connection to retrieve passwords. Use -ExcludePassword to bypass this requirement if you don't need passwords."
@@ -399,7 +399,18 @@ function Sync-DbaAvailabilityGroup {
 
             if ($Exclude -notcontains "LoginPermissions") {
                 Write-ProgressHelper -Activity $activity -StepNumber ($stepCounter++) -Message "Syncing login permissions"
-                Sync-DbaLoginPermission -Source $server -Destination $secondaries -Login $Login -ExcludeLogin $ExcludeLogin
+                # Use DomainInstanceName (string) instead of the server object to ensure Sync-DbaLoginPermission
+                # opens a normal (non-DAC) connection. Update-SqlPermission calls SqlConnectionObject.Close()
+                # in loops, which on a DAC connection causes repeated DAC slot acquire/release cycles
+                # that generate "max 1 DAC connections" errors in the SQL Error Log.
+                $splatLoginPermission = @{
+                    Source              = $server.DomainInstanceName
+                    SourceSqlCredential = $PrimarySqlCredential
+                    Destination         = $secondaries
+                    Login               = $Login
+                    ExcludeLogin        = $ExcludeLogin
+                }
+                Sync-DbaLoginPermission @splatLoginPermission
             }
         }