Rob Sewell

Rob was a SQL Server DBA.

Now he just helps people with PowerShell, Azure, Automation, and Data.

He is a Cloud and Data Center MVP and a Data Platform MVP, co-leader of Data South West UK user group and PSConfEU organiser. One of the Admins for Data Saturdays https://datasaturdays.com

He is a proud supporter of the Data and PowerShell communities.

He has a fabulous beard

MVP Logo

less than 1 minute read

Whilst using my Drop-SQLLogins function, which is one of my PowerShell Box Of Tricks series, it failed to delete logins on some servers with the error

Login domain\user’ has granted one or more permissions. Revoke the permission before dropping the login (Microsoft SQL Server, Error: 15173)

I used the Show-SQLPermissions function and added the .grantor property to try and locate the permission the account had granted but it came back blank. A bit of googling and a AHA moment and I remembered mirroring

I checked the mirroring endpoints

mirroring endpoitn check

and found the endpoints with the user as the owner so I needed to change them

This can be done in T-SQL as follows

alter endpoint

but to do it on many endpoints it is easier to do it with Powershell

alterendpointPS

I could then drop the user successfully

$svrs = ## list of servers Get-Content from text fiel etc

foreach ($svr in $svrs) {
    $server = New-Object Microsoft.SQLServer.Management.Smo.Server $svrs
    foreach ($endpoint in $server.Endpoints['Mirroring']) {
        if ($endpoint.Owner = 'Domain\User') {
            $endpoint.Owner = 'Domain\NEWUser'
            $endpoint.Alter()
        }        
    }
}

Comments

You May Also Enjoy