forked from dsccommunity/SqlServerDsc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
4-RemoveConnectPermissionForTwoReplicasEachWithDifferentServiceAccount.ps1
109 lines (93 loc) · 3.7 KB
/
4-RemoveConnectPermissionForTwoReplicasEachWithDifferentServiceAccount.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
<#
.EXAMPLE
This example will remove connect permission to both an Always On primary replica and an
Always On secondary replica, and where each replica has a different SQL service account.
#>
$ConfigurationData = @{
AllNodes = @(
@{
NodeName = '*'
SqlInstanceName = 'MSSQLSERVER'
<#
NOTE! THIS IS NOT RECOMMENDED IN PRODUCTION.
This is added so that AppVeyor automatic tests can pass, otherwise
the tests will fail on passwords being in plain text and not being
encrypted. Because it is not possible to have a certificate in
AppVeyor to encrypt the passwords we need to add the parameter
'PSDscAllowPlainTextPassword'.
NOTE! THIS IS NOT RECOMMENDED IN PRODUCTION.
#>
PSDscAllowPlainTextPassword = $true
},
@{
NodeName = 'SQLNODE01.company.local'
Role = 'PrimaryReplica'
},
@{
NodeName = 'SQLNODE02.company.local'
Role = 'SecondaryReplica'
}
)
}
Configuration Example
{
param
(
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlAdministratorCredential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode1Credential,
[Parameter(Mandatory = $true)]
[System.Management.Automation.PSCredential]
$SqlServiceNode2Credential
)
Import-DscResource -ModuleName SqlServerDsc
node $AllNodes.Where{$_.Role -eq 'PrimaryReplica' }.NodeName
{
SqlServerEndpointPermission RemoveSQLConfigureEndpointPermissionPrimary
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission RemoveSQLConfigureEndpointPermissionSecondary
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
Node $AllNodes.Where{ $_.Role -eq 'SecondaryReplica' }.NodeName
{
SqlServerEndpointPermission RemoveSQLConfigureEndpointPermissionPrimary
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode1Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
SqlServerEndpointPermission RemoveSQLConfigureEndpointPermissionSecondary
{
Ensure = 'Absent'
ServerName = $Node.NodeName
InstanceName = $Node.SqlInstanceName
Name = 'DefaultMirrorEndpoint'
Principal = $SqlServiceNode2Credential.UserName
Permission = 'CONNECT'
PsDscRunAsCredential = $SqlAdministratorCredential
}
}
}