SqlLogins.adoc

DSC Resource 'SqlLogins'

SqlLogins creates SQL Server logins (Windows or SQL authentication).

When to use 'SqlLogins'

Use this resource when you need to create SQL Server logins for users, service accounts, or applications that need to connect to the SQL Server instance. It supports both Windows-integrated logins and SQL Server authentication logins.

Source	https://github.com/dsccommunity/CommonTasks/tree/main/source/DSCResources/SqlLogins
DSC Resource	SqlServerDsc
Documentation	SqlServerDsc Wiki SqlLogin

Requirements

• Target machine must be running Windows Server 2012 or later.

• Target machine must be running SQL Server Database Engine 2012 or later.

• When the LoginType of SqlLogin is used, then the login authentication mode must have been set to Mixed or Normal. If set to Integrated and error will be thrown.

• The LoginMustChangePassword property/parameter is only valid on a SqlLogin where the LoginType property/parameter is set to SqlLogin'.

• The LoginMustChangePassword property/parameter can not be used to change this setting on a pre-existing SqlLogin. This property/parameter can only be used when creating a new SqlLogin and where subsequent updates will not be applied or, alternatively, when the desired state will not change (for example, where LoginMustChangePassword is initially set to $false and will always be set to $false).

Table 1. Attributes of category 'SqlLogins'

Parameter	Attribute	DataType	Description	Allowed Values
DefaultInstanceName		String	Default SQL InstanceName If the InstanceName of a value is not explicitly set, the DefaultInstanceName will be used.	Default: MSSQLSERVER
Values	Mandatory	Hashtable[]	List of SQL logins.

Table 2. Attributes of category 'SqlLogins/Values'

Parameter	Attribute	DataType	Description	Allowed Values
Name	Key	String	The name of the login.
InstanceName	Key	String	The name of the SQL Server instance to be configured.
LoginType		String	The type of login to be created. If LoginType is WindowsUser or WindowsGroup then provide the name in the format DOMAIN\name. The login types Certificate, AsymmetricKey, ExternalUser, and ExternalGroup are not yet implemented and will currently throw an exception if used.	WindowsUser (default) WindowsGroup SqlLogin Certificate AsymmetricKey ExternalUser ExternalGroup
Ensure		String	Determines whether the login should be added (Present) or removed (Absent).	Present (default) Absent
ServerName		String	The host name of the SQL Server to be configured. Default value is the current computer name.
LoginCredential		PSCredential	Specifies the password as a [PSCredential] object. Only applies to SQL Logins.
LoginMustChangePassword		Bool	Specifies if the login is required to have its password change on the next login. Only applies to SQL Logins. This cannot be updated on a pre-existing SQL Login and any attempt to do this will throw an exception.	True (default) False
LoginPasswordExpirationEnabled		Bool	Specifies if the login password is required to expire in accordance to the operating system security policy. Only applies to SQL Logins.	True (default) False
LoginPasswordPolicyEnforced		Bool	Specifies if the login password is required to conform to the password policy specified in the system security policy. Only applies to SQL Logins.	True (default) False
Disabled		Bool	Specifies if the login is disabled.	True False (default)
DefaultDatabase		String	Specifies the default database name.

Example

SqlLogins:
  Values:
  - Name: NT SERVICE\ClusSvc
    LoginType: WindowsUser
    InstanceName: MSSQLSERVER
  - Name: contoso\install
    LoginType: WindowsUser
    InstanceName: MSSQLSERVER

See also

• SqlServer

• SqlDatabases

• SqlPermissions

• SqlRoles