< Back
Copy-DbaCredential
Post
NAME Copy-DbaCredential
SYNOPSIS
Copy-DbaCredential migrates SQL Server Credentials from one SQL Server to another while maintaining Credential
passwords.
SYNTAX
Copy-DbaCredential [-Source] <DbaInstanceParameter> [[-SourceSqlCredential] <Pscredential>] [[-Credential]
<Pscredential>] [-Destination] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>
[[-DestinationSqlCredential] <Pscredential>] [[-Name] <System.String[]>] [[-ExcludeName] <System.String[]>]
[[-Identity] <System.String[]>] [[-ExcludeIdentity] <System.String[]>] [-Force <Switch>] [-EnableException
<Switch>] [<CommonParameters>]
DESCRIPTION
By using password decryption techniques provided by Antti Rantasaari (NetSPI, 2014), this script migrates SQL
Server Credentials from one server to another while maintaining username and password.
Credit: https://blog.netspi.com/decrypting-mssq ... passwords/
PARAMETERS
-Credential [<Pscredential>]
This command requires access to the Windows OS via PowerShell remoting. Use this credential to connect to
Windows using alternative credentials.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Destination [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
Destination SQL Server. You must have sysadmin access and the server must be SQL Server 2000 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DestinationSqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeIdentity [<System.String[]>]
Excluded identities
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeName [<System.String[]>]
Excluded credential names
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Force [<Switch>]
If this switch is enabled, the Credential will be dropped and recreated if it already exists on Destination.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Identity [<System.String[]>]
Only include specific identities
Note: if spaces exist in the credential identity, you will have to type "" or '' around it.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Name [<System.String[]>]
Only include specific names
Note: if spaces exist in the credential name, you will have to type "" or '' around it.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Source [<DbaInstanceParameter>]
Source SQL Server. You must have sysadmin access and server version must be SQL Server version 2000 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SourceSqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: WSMan, Migration
Author: Chrissy LeMaire (@cl), netnerds.net
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
Requires:
- PowerShell Version 3.0
- Administrator access on Windows
- sysadmin access on SQL Server.
- DAC access enabled for local (default)
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Copy-DbaCredential -Source sqlserver2014a -Destination sqlcluster
Copies all SQL Server Credentials on sqlserver2014a to sqlcluster. If Credentials exist on destination, they will
be skipped.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Copy-DbaCredential -Source sqlserver2014a -Destination sqlcluster -Name "PowerShell Proxy Account" -Force
Copies over one SQL Server Credential (PowerShell Proxy Account) from sqlserver to sqlcluster. If the Credential
already exists on the destination, it will be dropped and recreated.
RELATED LINKS
https://dbatools.io/Copy-DbaCredential
SYNOPSIS
Copy-DbaCredential migrates SQL Server Credentials from one SQL Server to another while maintaining Credential
passwords.
SYNTAX
Copy-DbaCredential [-Source] <DbaInstanceParameter> [[-SourceSqlCredential] <Pscredential>] [[-Credential]
<Pscredential>] [-Destination] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>
[[-DestinationSqlCredential] <Pscredential>] [[-Name] <System.String[]>] [[-ExcludeName] <System.String[]>]
[[-Identity] <System.String[]>] [[-ExcludeIdentity] <System.String[]>] [-Force <Switch>] [-EnableException
<Switch>] [<CommonParameters>]
DESCRIPTION
By using password decryption techniques provided by Antti Rantasaari (NetSPI, 2014), this script migrates SQL
Server Credentials from one server to another while maintaining username and password.
Credit: https://blog.netspi.com/decrypting-mssq ... passwords/
PARAMETERS
-Credential [<Pscredential>]
This command requires access to the Windows OS via PowerShell remoting. Use this credential to connect to
Windows using alternative credentials.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Destination [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
Destination SQL Server. You must have sysadmin access and the server must be SQL Server 2000 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-DestinationSqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeIdentity [<System.String[]>]
Excluded identities
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeName [<System.String[]>]
Excluded credential names
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Force [<Switch>]
If this switch is enabled, the Credential will be dropped and recreated if it already exists on Destination.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Identity [<System.String[]>]
Only include specific identities
Note: if spaces exist in the credential identity, you will have to type "" or '' around it.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Name [<System.String[]>]
Only include specific names
Note: if spaces exist in the credential name, you will have to type "" or '' around it.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Source [<DbaInstanceParameter>]
Source SQL Server. You must have sysadmin access and server version must be SQL Server version 2000 or higher.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SourceSqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: WSMan, Migration
Author: Chrissy LeMaire (@cl), netnerds.net
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
Requires:
- PowerShell Version 3.0
- Administrator access on Windows
- sysadmin access on SQL Server.
- DAC access enabled for local (default)
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Copy-DbaCredential -Source sqlserver2014a -Destination sqlcluster
Copies all SQL Server Credentials on sqlserver2014a to sqlcluster. If Credentials exist on destination, they will
be skipped.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Copy-DbaCredential -Source sqlserver2014a -Destination sqlcluster -Name "PowerShell Proxy Account" -Force
Copies over one SQL Server Credential (PowerShell Proxy Account) from sqlserver to sqlcluster. If the Credential
already exists on the destination, it will be dropped and recreated.
RELATED LINKS
https://dbatools.io/Copy-DbaCredential