Jeff Moden wrote: Michael L John wrote:
I use the dbatools to do the same things. https://dbatools.io/commands/
There are a few different commands that copy logins and permissions between servers.
I've not delved into DBATools.io much. Which commands are you using that copy logins and permissions between servers? And are they actually better than the old "sp_HelpRevLogin" tool?
I stopped using "good old sp_HelpRevLogin" when I centralized all of the processes of this type. I have central server file server that I run all of these things from.
Weekly, I execute the Copy-DBALogin command from the primary to all of the secondary's in the various AG's that keeps the logins in sync. It kills any logins that may have been inadvertently created on the secondary's, and adds a new login that may have been created on the primary from a deployment.
Nightly I use the Get-DBALogin to export the logins from all of the servers into a file. The bad thing with this is creating SQL scripts to re-create them in the event of a disaster. It also does not do SQL logins, but we only have 3 of those and they are only on old legacy servers.
I use the Export-DBAConfigure to export the server configurations in this process.
There's way more work to make this foolproof, it's a work in progress.