< Back
Remove-DbaDbOrphanUser
Post
NAME Remove-DbaDbOrphanUser
SYNOPSIS
Drop orphan users with no existing login to map
SYNTAX
Remove-DbaDbOrphanUser [-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>
[[-SqlCredential] <Pscredential>] [[-Database] <System.Object[]>] [[-ExcludeDatabase] <System.Object[]>] [[-User]
<System.Object[]>] [-Force <Switch>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
Allows the removal of orphan users from one or more databases
Orphaned users in SQL Server occur when a database user is based on a login in the master database, but the login
no longer exists in master.
This can occur when the login is deleted, or when the database is moved to another server where the login does not
exist.
If user is the owner of the schema with the same name and if if the schema does not have any underlying objects
the schema will be dropped.
If user owns more than one schema, the owner of the schemas that does not have the same name as the user, will be
changed to 'dbo'. If schemas have underlying objects, you must specify the -Force parameter so the user can be
dropped.
If a login of the same name exists (which could be re-mapped with Repair-DbaDbOrphanUser) the drop will not be
performed unless you specify the -Force parameter (only when calling from Repair-DbaDbOrphanUser.
PARAMETERS
-Database [<System.Object[]>]
Specifies the database(s) to process. Options for this list are auto-populated from the server. If
unspecified, all databases will be processed.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeDatabase [<System.Object[]>]
Specifies the database(s) to exclude from processing. Options for this list are auto-populated from the server
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Force [<Switch>]
If this switch is enabled:
If exists any schema which owner is the User, this will force the change of the owner to 'dbo'.
If a login of the same name exists the drop will not be performed unless you specify this parameter.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-User [<System.Object[]>]
Specifies the list of users to remove.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Orphan, Database, Security, Login
Author: Claudio Silva (@ClaudioESSilva) | Simone Bizzotto (@niphlod)
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sql2005
Finds and drops all orphan users without matching Logins in all databases present on server 'sql2005'.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -SqlCredential $cred
Finds and drops all orphan users without matching Logins in all databases present on server 'sqlserver2014a'. SQL
Server authentication will be used in connecting to the server.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -Database db1, db2 -Force
Finds and drops orphan users even if they have a matching Login on both db1 and db2 databases.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -ExcludeDatabase db1, db2 -Force
Finds and drops orphan users even if they have a matching Login from all databases except db1 and db2.
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -User OrphanUser
Removes user OrphanUser from all databases only if there is no matching login.
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -User OrphanUser -Force
Removes user OrphanUser from all databases even if they have a matching Login. Any schema that the user owns will
change ownership to dbo.
RELATED LINKS
https://dbatools.io/Remove-DbaDbOrphanUser
SYNOPSIS
Drop orphan users with no existing login to map
SYNTAX
Remove-DbaDbOrphanUser [-SqlInstance] <Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>
[[-SqlCredential] <Pscredential>] [[-Database] <System.Object[]>] [[-ExcludeDatabase] <System.Object[]>] [[-User]
<System.Object[]>] [-Force <Switch>] [-EnableException <Switch>] [<CommonParameters>]
DESCRIPTION
Allows the removal of orphan users from one or more databases
Orphaned users in SQL Server occur when a database user is based on a login in the master database, but the login
no longer exists in master.
This can occur when the login is deleted, or when the database is moved to another server where the login does not
exist.
If user is the owner of the schema with the same name and if if the schema does not have any underlying objects
the schema will be dropped.
If user owns more than one schema, the owner of the schemas that does not have the same name as the user, will be
changed to 'dbo'. If schemas have underlying objects, you must specify the -Force parameter so the user can be
dropped.
If a login of the same name exists (which could be re-mapped with Repair-DbaDbOrphanUser) the drop will not be
performed unless you specify the -Force parameter (only when calling from Repair-DbaDbOrphanUser.
PARAMETERS
-Database [<System.Object[]>]
Specifies the database(s) to process. Options for this list are auto-populated from the server. If
unspecified, all databases will be processed.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-EnableException [<Switch>]
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables
advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own
try/catch.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-ExcludeDatabase [<System.Object[]>]
Specifies the database(s) to exclude from processing. Options for this list are auto-populated from the server
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-Force [<Switch>]
If this switch is enabled:
If exists any schema which owner is the User, this will force the change of the owner to 'dbo'.
If a login of the same name exists the drop will not be performed unless you specify this parameter.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlCredential [<Pscredential>]
Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential).
Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory -
Integrated are all supported.
For MFA support, please use Connect-DbaInstance.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-SqlInstance [<Sqlcollaborative.Dbatools.Parameter.DbaInstanceParameter[]>]
The target SQL Server instance or instances.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
-User [<System.Object[]>]
Specifies the list of users to remove.
Required? false
Position? named
Default value
Accept pipeline input? False
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
Tags: Orphan, Database, Security, Login
Author: Claudio Silva (@ClaudioESSilva) | Simone Bizzotto (@niphlod)
Website: https://dbatools.io
Copyright: (c) 2018 by dbatools, licensed under MIT
License: MIT https://opensource.org/licenses/MIT
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sql2005
Finds and drops all orphan users without matching Logins in all databases present on server 'sql2005'.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -SqlCredential $cred
Finds and drops all orphan users without matching Logins in all databases present on server 'sqlserver2014a'. SQL
Server authentication will be used in connecting to the server.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -Database db1, db2 -Force
Finds and drops orphan users even if they have a matching Login on both db1 and db2 databases.
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -ExcludeDatabase db1, db2 -Force
Finds and drops orphan users even if they have a matching Login from all databases except db1 and db2.
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -User OrphanUser
Removes user OrphanUser from all databases only if there is no matching login.
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>Remove-DbaDbOrphanUser -SqlInstance sqlserver2014a -User OrphanUser -Force
Removes user OrphanUser from all databases even if they have a matching Login. Any schema that the user owns will
change ownership to dbo.
RELATED LINKS
https://dbatools.io/Remove-DbaDbOrphanUser