Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Administration and Powershell Expand / Collapse
Author
Message
Posted Thursday, July 19, 2012 8:44 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, December 19, 2013 9:13 AM
Points: 36, Visits: 134
Hi,

I have a script I am writing to make life easier for myself around requests for new Database environments by our developers. (Dev/Test/Live).

All was going well until I stumbled on a little "issue-et". I can create my db and users on one SQL instance Fine.

When I created a loop to do this for each instance the second time around the loop I get the following error. from this line *** $SQLuser.Create("123456789Ac") **

Exception calling "Create" with "1" argument(s): "Create failed for Login 'XXzzx2314gsrdf_user'. "
At S:\Al\Scripts\PS script\New Database\CreateNewDatabase.ps1:108 char:16
+ $SQLuser.Create <<<< ("123456789Ac")
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

An extract of my code below

$DevServer = "MSSQL\DEV"
$TestServer = "MSSQL\TEST"
$LiveServer = "MSSQL\LIVE"
$AllServers = $DevServer,$TestServer,$LiveServer

.....get db name and user details here....

[System.Reflection.Assembly]::LoadWithPartialName('Microsoft.SqlServer.SMO') | Out-Null

foreach ($server in $AllServers)
{
$sqlSrv = New-Object Microsoft.SqlServer.Management.Smo.Server ($server)
$SQLLoginname = $DatabaseName + "_user"
$SQLuser = new-object Microsoft.SqlServer.Management.Smo.Login -ArgumentList ($sqlSrv,$SQLLoginname)
$SQLuser.Name = $SQLLoginname
$SQLuser.LoginType = "SQLLogin"
$SQLuser.PasswordExpirationEnabled = $false
$SQLuser.DefaultDatabase = $DatabaseName
$SQLuser.PasswordPolicyEnforced = $false
$SQLuser.Create("123456789Ac")

# Windows Group
$SQLLoginname = "MyDomain\$ADSQLGroup"
$WGuser = new-object Microsoft.SqlServer.Management.Smo.Login -ArgumentList ($sqlSrv,$SQLLoginname)
$WGuser.Name = $SQLLoginname
$WGuser.LoginType = "WindowsGroup"
$WGuser.DefaultDatabase = $DatabaseName
$WGuser.Create()

Remove-Variable -name sqlSrv
Remove-Variable -name SQLuser
Remove-Variable -name WGuser
}

Any help I can get on why I get the error would be great. (No alternative suggestions please)
Post #1332241
Posted Thursday, July 19, 2012 9:21 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Yesterday @ 6:08 AM
Points: 60, Visits: 890
That's an odd one. The code looks like what I have in my SQL Server installer script and you say it works on the first server.
I guess it's time to set up a test somewhere. One question before I do that. Are you sure all three of those servers are in Mixed Authentication mode? Someone changed one of our development servers a while back without letting me know.
Post #1332287
Posted Thursday, July 19, 2012 9:24 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, December 19, 2013 9:13 AM
Points: 36, Visits: 134
Thank you for looking. Yes, all three servers are in mixed Authentication mode.

Thanks
Taggs
Post #1332292
Posted Thursday, July 19, 2012 9:29 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, December 19, 2013 9:13 AM
Points: 36, Visits: 134
The plot thickens.

For a test, I thought I would remove the loop and add all three servers in manually (one at a time) to see if this works. Now my section "windows group" is failing with the same error!

This was working before I put it in the loop and it worked first time around the loop!



Post #1332298
Posted Thursday, July 19, 2012 11:53 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Yesterday @ 6:08 AM
Points: 60, Visits: 890
I didn't do the create database part but testing the Powershell from your OP works for me with only one change.
I hardcoded the DefaultDatabase for both logins to msdb. I initially had $Database = 'bkTest' but that database only existed on 2 of the 3 servers I was testing against. If the database you're setting as default doesn't exist you'll get that create() error.
Are you waiting to add the logins until after creating the databases?
Post #1332439
Posted Friday, July 20, 2012 3:15 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, December 19, 2013 9:13 AM
Points: 36, Visits: 134
Yes, creating the security will come next.

My plan is
Create AD groups
Created DB's
Create users
Set security
Created secuirty scripts
Created DB clone scipts (ie live -> Test etc)
Email Backup guys (we use Networker not SQL backups)
Email details to requesting user

Sit back and relax ;)

One further advancement I have found is it may be a timing issue. I have put a wait before the AD group creation in SQL and now it passes (sometimes - more often than not). But that raises the question (why didn't it need the pause in the loop?)



Post #1332787
Posted Friday, July 20, 2012 6:43 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, December 19, 2013 9:13 AM
Points: 36, Visits: 134
Ploblem solved? I'm not sure!!!

I've tested my script a couple of times now and it has worked OK. I've added a few sleeps into the script and that seems to have done the trick. One after the AD Group creation (maybe the group was created on another DC than that used by the SQL box to add the group?), the second after DB creation and alter (maybe due to slow disks still configuring the db files?).

Anyway it is working for now and its time to move on to the next bit (and break it again).

Thanks again
Post #1332918
Posted Friday, July 20, 2012 11:04 AM


Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Yesterday @ 6:08 AM
Points: 60, Visits: 890
That makes sense. I’ve seen AD groups created or modified but not seen the addition/change for almost 5 minutes until it finally propagated to other controllers.
So you’re welcome but I didn’t do anything but test what you’d already done.
Good luck with the rest.
Post #1333118
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse