Whilst using my Drop-SQLLogins function, which is one of my PowerShell Box Of Tricks series, it failed to delete logins on some servers with the error
Login domain\user’ has granted one or more permissions. Revoke the permission before dropping the login (Microsoft SQL Server, Error: 15173)
I used the Show-SQLPermissions function and added the .grantor property to try and locate the permission the account had granted but it came back blank. A bit of googling and a AHA moment and I remembered mirroring
I checked the mirroring endpoints

and found the endpoints with the user as the owner so I needed to change them
This can be done in T-SQL as follows

but to do it on many endpoints it is easier to do it with Powershell

I could then drop the user successfully
|
$svrs = ## list of servers Get-Content from text fiel etc foreach ($svr in $svrs) { $server = New-Object Microsoft.SQLServer.Management.Smo.Server $svrs foreach ($endpoint in $server.Endpoints['Mirroring']) { if ($endpoint.Owner = 'Domain\User') { $endpoint.Owner = 'Domain\NEWUser' $endpoint.Alter() } } } |
Like this:
Like Loading...