Version Update, Code Signing and publishing to the PowerShell Gallery with VSTS

Posted on May 1, 2018 by RobSewell

At the fabulous PowerShell Conference EU I presented about Continuous Delivery to the PowerShell Gallery with VSTS and explained how we use VSTS to enable CD for dbachecks. We even released a new version during the session 🙂

Next on @sqldbawithbeard presenting "Continuous delivery for modules to the PowerShell gallery" #PSConfEU pic.twitter.com/AubbhdewQv

— Fabian Bader (@fabian_bader) April 19, 2018

So how do we achieve this?

We have a few steps

Create a project and link to our GitHub
Run unit uests with Pester to make sure that our code is doing what we expect.
Update our module version and commit the change to GitHub
Sign our code with a code signing certificate
Publish to the PowerShell Gallery

Create Project and link to GitHub

First you need to create a VSTS project by going to https://www.visualstudio.com/ This is free for up to 5 users with 1 concurrent CI/CD queue limited to a maximum of 60 minutes run time which should be more than enough for your PowerShell module.

Click on Get Started for free under Visual Studio Team Services and fill in the required information. Then on the front page click new project

Fill in the details and click create

Click on builds and then new definition

next you need to link your project to your GitHub (or other source control providers) repository

You can either authorise with OAuth or you can provide a PAT token following the instructions here. Once that is complete choose your repo. Save the PAT as you will need it later in the process!

and choose the branch that you want this build definition to run against.

I chose to run the Unit Tests when a PR was merged into the development branch. I will then create another build definition for the master branch to sign the code and update module version. This enables us to push several PRs into the development branch and create a single release for the gallery.

Then I start with an empty process

and give it a suitable name

i chose the hosted queue but you can download an agent to your build server if you need to do more or your integration tests require access to other resources not available on the hosted agent.

Run Unit Tests with Pester

We have a number of Unit tests in our tests folder in dbachecks so we want to run them to ensure that everything is as it should be and the new code will not break existing functionality (and for dbachecks the format of the PowerBi)

You can use the Pester Test Runner Build Task from the folk at Black Marble by clicking on the + sign next to Phase 1 and searching for Pester

You will need to click Get It Free to install it and then click add to add the task to your build definition. You can pretty much leave it as default if you wish and Pester will run all of the *.Tests.ps1 files that it finds in the directory where it downloads the GitHub repo which is referred to using the variable $(Build.SourcesDirectory). It will then output the results to a json file called Test-Pester.XML ready for publishing.

However, as dbachecks has a number of dependent modules, this task was not suitable. I spoke with Chris Gardner b | t from Black Marble at the PowerShell Conference and he says that this can be resolved so look out for the update. Chris is a great guy and always willing to help, you can often find him in the PowerShell Slack channel answering questions and helping people

But as you can use PowerShell in VSTS tasks, this is not a problem although you need to write your PowerShell using try catch to make sure that your task fails when your PowerShell errors. This is the code I use to install the modules

$ErrorActionPreference = 'Stop'

# Set location to module home path in artifacts directory
try {
    Set-Location $(Build.SourcesDirectory)
    Get-ChildItem
}
catch {
    Write-Error "Failed to set location"

}

# Get the Module versions
Install-Module Configuration -Scope CurrentUser -Force
$Modules = Get-ManifestValue -Path .\dbachecks.psd1 -PropertyName RequiredModules

$PesterVersion = $Modules.Where{$_.Get_Item('ModuleName') -eq 'Pester'}[0].Get_Item('ModuleVersion')
$PSFrameworkVersion = $Modules.Where{$_.Get_Item('ModuleName') -eq 'PSFramework'}[0].Get_Item('ModuleVersion')
$dbatoolsVersion = $Modules.Where{$_.Get_Item('ModuleName') -eq 'dbatools'}[0].Get_Item('ModuleVersion')

# Install Pester
try {
    Write-Output "Installing Pester"
    Install-Module Pester  -RequiredVersion $PesterVersion  -Scope CurrentUser -Force -SkipPublisherCheck
    Write-Output "Installed Pester"

}
catch {
    Write-Error "Failed to Install Pester $($_)"
}
# Install dbatools
try {
    Write-Output "Installing PSFramework"
    Install-Module PSFramework  -RequiredVersion $PsFrameworkVersion  -Scope CurrentUser -Force 
    Write-Output "Installed PSFramework"

}
catch {
    Write-Error "Failed to Install PSFramework $($_)"
}
# Install dbachecks
try {
    Write-Output "Installing dbatools"
    Install-Module dbatools  -RequiredVersion $dbatoolsVersion  -Scope CurrentUser -Force 
    Write-Output "Installed dbatools"

}
catch {
    Write-Error "Failed to Install dbatools $($_)"
}

# Add current folder to PSModulePath
try {
    Write-Output "Adding local folder to PSModulePath"
    $ENV:PSModulePath = $ENV:PSModulePath + ";$pwd"
    Write-Output "Added local folder to PSModulePath"    
    $ENV:PSModulePath.Split(';')
}
catch {
    Write-Error "Failed to add $pwd to PSModulePAth - $_"
}

I use the Configuration module from Joel Bennett to get the required module versions for the required modules and then add the path to $ENV:PSModulePath so that the modules will be imported. I think this is because the modules did not import correctly without it.

Once I have the modules I can then run Pester as follows

try {
    Write-Output "Installing dbachecks"
    Import-Module .\dbachecks.psd1
    Write-Output "Installed dbachecks"

}
catch {
    Write-Error "Failed to Install dbachecks $($_)"
}
$TestResults = Invoke-Pester .\tests -ExcludeTag Integration,IntegrationTests  -Show None -OutputFile $(Build.SourcesDirectory)\Test-Pester.XML -OutputFormat NUnitXml -PassThru

if ($TestResults.failedCount -ne 0) {
    Write-Error "Pester returned errors"
}

As you can see I import the dbachecks module from the local folder, run Invoke-Pester and output the results to an XML file and check that there are no failing tests.

Whether you use the task or PowerShell the next step is to Publish the test results so that they are displayed in the build results in VSTS.

Click on the + sign next to Phase 1 and search for Publish

Choose the Publish Test Results task and leave everything as default unless you have renamed the xml file. This means that on the summary page you will see some test results

and on the tests tab you can see more detailed information and drill down into the tests

Trigger

The next step is to trigger a build when a commit is pushed to the development branch. Click on Triggers and tick enable continuous integration

Saving the Build Definition

I would normally save the build definition regularly and ensure that there is a good message in the comment. I always tell clients that this is like a commit message for your build process so that you can see the history of the changes for the build definition.

You can see the history on the edit tab of the build definition

If you want to compare or revert the build definition this can be done using the hamburger menu as shown below.

Update the Module Version

Now we need to create a build definition for the master branch to update the module version and sign the code ready for publishing to the PowerShell Gallery when we commit or merge to master

Create a new build definition as above but this time choose the master branch

Again choose an empty process and name it sensibly, click the + sign next to Phase 1 and search for PowerShell

I change the version to 2 and use this code. Note that the commit message has ***NO_CI*** in it. Putting this in a commit message tells VSTS not to trigger a build for this commit.

$manifest = Import-PowerShellDataFile .\dbachecks.psd1 
[version]$version = $Manifest.ModuleVersion
Write-Output "Old Version - $Version"
# Add one to the build of the version number
[version]$NewVersion = "{0}.{1}.{2}" -f $Version.Major, $Version.Minor, ($Version.Build + 1) 
Write-Output "New Version - $NewVersion"
# Update the manifest file
try {
    Write-Output "Updating the Module Version to $NewVersion"
    $path = "$pwd\dbachecks.psd1"
    (Get-Content .\dbachecks.psd1) -replace $version, $NewVersion | Set-Content .\dbachecks.psd1 -Encoding string
    Write-Output "Updated the Module Version to $NewVersion"
}
catch {
    Write-Error "Failed to update the Module Version - $_"
}

try {
    Write-Output "Updating GitHub"
git config user.email "mrrobsewell@outlook.com"
git config user.name "SQLDBAWithABeard"
git add .\dbachecks.psd1
git commit -m "Updated Version Number to $NewVersion ***NO_CI***"

git push https://$(RobsGitHubPAT)@github.com/sqlcollaborative/dbachecks.git HEAD:master
Write-Output "Updated GitHub "

}
catch {
    $_ | Fl -Force
    Write-Output "Failed to update GitHub"
}

I use Get-Content Set-Content as I had errors with the Update-ModuleManifest but Adam Murray g | t uses this code to update the version using the BuildID from VSTS

$newVersion = New-Object version -ArgumentList 1, 0, 0, $env:BUILD_BUILDID
$Public  = @(Get-ChildItem -Path $ModulePath\Public\*.ps1)
$Functions = $public.basename
Update-ModuleManifest -Path $ModulePath\$ModuleName.psd1 -ModuleVersion $newVersion -FunctionsToExport $Functions

You can commit your change by adding your PAT token as a variable under the variables tab. Don’t forget to tick the padlock to make it a secret so it is not displayed in the logs

Sign the code with a certificate

The SQL Collaborative uses a code signing certificate from DigiCert who allow MVPs to use one for free to sign their code for open source projects, Thank You. We had to upload the certificate to the secure files store in the VSTS library. Click on library, secure files and the blue +Secure File button

You also need to add the password as a variable under the variables tab as above. Again don’t forget to tick the padlock to make it a secret so it is not displayed in the logs

Then you need to add a task to download the secure file. Click on the + sign next to Phase 1 and search for secure

choose the file from the drop down

Next we need to import the certificate and sign the code. I use a PowerShell task for this with the following code

$ErrorActionPreference = 'Stop'
# read in the certificate from a pre-existing PFX file
# I have checked this with @IISResetMe and this does not go in the store only memory
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new("$(Agent.WorkFolder)\_temp\dbatools-code-signing-cert.pfx","$(CertPassword)")

try {
    Write-Output "Signing Files"
    # find all scripts in your module...
Get-ChildItem  -Filter *.ps1 -Include *.ps1 -Recurse -ErrorAction SilentlyContinue |
# ...that do not have a signature yet...
Where-Object {
  ($_ | Get-AuthenticodeSignature).Status -eq 'NotSigned'
  } |
# and apply one
# (note that we added -WhatIf so no signing occurs. Remove this only if you
# really want to add digital signatures!)
Set-AuthenticodeSignature -Certificate $cert
Write-Output "Signed Files"
}
catch {
    $_ | Format-List -Force
    Write-Error "Failed to sign scripts"
}

which will import the certificate into memory and sign all of the scripts in the module folder.

Publish your artifact

The last step of the master branch build publishes the artifact (your signed module) to VSTS ready for the release task. Again, click the + sign next to Phase one and choose the Publish Artifact task not the deprecated copy and publish artifact task and give the artifact a useful name

Don’t forget to set the trigger for the master build as well following the same steps as the development build above

Publish to the PowerShell Gallery

Next we create a release to trigger when there is an artifact ready and publish to the PowerShell Gallery.

Click the Releases tab and New Definition

Choose an empty process and name the release definition appropriately

Now click on the artifact and choose the master build definition. If you have not run a build you will get an error like below but dont worry click add.

Click on the lightning bolt next to the artifact to open the continuous deployment trigger

and turn on Continuous Deployment so that when an artifact has been created with an updated module version and signed code it is published to the gallery

Next, click on the environment and name it appropriately and then click on the + sign next to Agent Phase and choose a PowerShell step

You may wonder why I dont choose the PowerShell Gallery Packager task. There are two reasons. First I need to install the required modules for dbachecks (dbatools, PSFramework, Pester) prior to publishing and second it appears that the API Key is stored in plain text

I save my API key for the PowerShell Gallery as a variable again making sure to tick the padlock to make it a secret

and then use the following code to install the required modules and publish the module to the gallery

Install-Module dbatools -Scope CurrentUser -Force
Install-Module Pester -Scope CurrentUser -SkipPublisherCheck -Force
Install-Module PSFramework -Scope CurrentUser -Force

Publish-Module -Path "$(System.DefaultWorkingDirectory)/Master - Version Update, Signing and Publish Artifact/dbachecks" -NuGetApiKey "$(GalleryApiKey)"

Thats it 🙂

Now we have a process that will automatically run our Pester tests when we commit or merge to the development branch and then update our module version number and sign our code and publish to the PowerShell Gallery when we commit or merge to the master branch

Added Extra – Dashboard

I like to create dashboards in VSTS to show the progress of the various definitions. You can do this under the dashboard tab. Click edit and choose or search for widgets and add them to the dashboard

Added Extra – Badges

You can also enable badges for displaying on your readme in GitHub (or VSTS). For the build defintions this is under the options tab.

for the release definitions, click the environment and then options and integrations

You can then copy the URL and use it in your readme like this on dbachecks

The SQL Collaborative has joined the preview of enabling public access to VSTS projects as detailed in this blog post So you can see the dbachecks build and release without the need to log in and soon the dbatools process as well

I hope you found this useful and if you have any questions or comments please feel free to contact me

Happy Automating!

Professional and Proficient PowerShell: From Writing Scripts to Developing Solutions at PASS Summit

Posted on April 11, 2018 by RobSewell

PASS Summit is the largest conference for technical professionals who leverage the Microsoft Data Platform. PASS Summit 2018 is happening November 5th – 9th 2018 in Seattle. It is an amazing conference. I attended last year and thoroughly enjoyed every minute. It is a whole week of opportunities to learn from and network with people from all over the world involved in Data Platform.

The pre-cons have just been announced so go and take a look at the Pre-Con Page to see the wonderful full day learning opportunities you can get this year.

I am immensely honoured to say that on Tuesday 6th November you can join me for a whole day of PowerShell learning

I will pass on as much of the skills and knowledge I have learnt using PowerShell with SQL Server (and other technologies) that I can fit in one day. I want you to leave feeling more confident in using PowerShell to automate away all of the mundane. In particular I want to enable you to have the skills to write professional PowerShell solutions.

You can read more and sign up here

If you have any questions about this session please feel free to contact me. You can use any of the various social media sites, or via the contact page or in person if you see me.

Checking Availability Groups with dbachecks

Posted on April 8, 2018 by RobSewell

It’s been 45 days since we released dbachecks

Announcing dbachecks – Configurable PowerShell Validation For Your SQL Instances https://t.co/2dmUdKtgTQ pic.twitter.com/N8W01KaKo9

— Rob He/Him robsewell@tech.lgbt & @counter.soci (@sqldbawithbeard) February 22, 2018

Since then there have been 25 releases to the PowerShell Gallery!! Today release 1.1.119 was released 🙂 There have been over 2000 downloads of the module already.

In the beginning we had 80 checks and 108 configuration items, today we have 84 checks and 125 configuration items!

If you have already installed dbachecks it is important to make sure that you update regularly. You can do this by running

Update-Module dbachecks

If you want to try dbachecks, you can install it from the PowerShell Gallery by running

Install-Module dbachecks # -Scope CurrentUser # if not running as admin

You can read more about installation and read a number of blog posts about using different parts of dbachecks at this link https://dbatools.io/installing-dbachecks/

HADR Tests

Today we updated the HADR tests to add the capability to test multiple availability groups and fix a couple of bugs

Once you have installed dbachecks you will need to set some configuration so that you can perform the tests. You can see all of the configuration items and their values using

Get-DbcConfig | Out-GridView

You can set the values with the Set-DbcConfig command. It has intellisense to make things easier 🙂 To set the values for the HADR tests

Set-DbcConfig -Name app.cluster -Value sql1
Set-DbcConfig -Name app.computername -Value sql0,sql1
Set-DbcConfig -Name app.sqlinstance -Value sql0,sql1
Set-DbcConfig -Name domain.name -Value TheBeard.Local
Set-DbcConfig -Name skip.hadr.listener.pingcheck -Value $true

app.cluster requires one of the nodes of the cluster.
app.computername requires the windows computer names of the machines to run operating system checks against
app.sqlinstance requires the instance names of the SQL instances that you want to run SQL checks against (These are default instances but it will accept SERVER\INSTANCE)
domain.name requires the domain name the machines are part of
skip.hadr.listener.pingcheck is a boolean value which defines whether to skip the listener ping check or not. As this is in Azure I am skipping the check by setting the value to $true
policy.hadr.tcpport is set to default to 1433 but you can also set this configuration if your SQL is using a different port

NOTE – You can find all the configuration items that can skip tests by running

Get-DbcConfig -Name skip*

Now we have set the configuration (For the HADR checks – There are many more configurations for other checks that you can set) you can run the checks with

Invoke-DbcCheck -Check HADR

This runs the following checks

Each node on the cluster should be up
Each resource on the cluster should be online
Each SQL instance should be enabled for Always On
Connection check for the listener and each node
- Should be pingable (unless skip.hadr.listener.pingcheck is set to true)
- Should be able to run SQL commands
- Should be the correct domain name
- Should be using the correct tcpport
Each replica should not be in unknown state
Each synchronous replica should be synchronised
Each asynchronous replica should be synchonising
Each database should be synchronised (or synchronising) on each replica
Each database should be failover ready on each replica
Each database should be joined to the availability group on each replica
Each database should not be suspended on each replica
Each node should have the AlwaysOn_Health extended event
Each node should have the AlwaysOn_Health extended event running
Each node should have the AlwaysOn_Health extended event set to auto start

(Apologies folk over the pond, I use the Queens English 😉 )

This is good for us to be able to run this check at the command line but we can do more.

We can export the results and display them with PowerBi. Note we need to add -PassThru so that the results go through the pipeline and that I used -Show Fails so that only the titles of the Describe and Context blocks and any failing tests are displayed to the screen

Invoke-DbcCheck -Check HADR -Show Fails -PassThru | Update-DbcPowerBiDataSource -Environment HADR-Test
Start-DbcPowerBi

This will create a file at C:\Windows\Temp\dbachecks and open the PowerBi report. You will need to refresh the data in the report and then you will see

Excellent, everything passed 🙂

Saving Configuration for reuse

We can save our configuration using Export-DbcConfig which will export the configuration to a json file

Export-DbcConfig -Path Git:\PesterTests\MyHADRTestsForProd.json

so that we can run this particular set of tests with this comfiguration by importing the configuration using Import-DbcConfig

Import-DbcConfig -Path -Path Git:\PesterTests\MyHADRTestsForProd.json
Invoke-DbcCheck -Check HADR

In this way you can set up different check configurations for different use cases. This also enables you to make use of the checks in your CI/CD process. For example, I have a GitHub repository for creating a domain, a cluster and a SQL 2017 availability group using VSTS. I have saved a dbachecks configuration to my repository and as part of my build I can import that configuration, run the checks and output them to XML for consumption by the publish test results task of VSTS

After copying the configuration to the machine, I run

Import-Dbcconfig -Path C:\Windows\Temp\FirstBuild.json
Invoke-DbcCheck-AllChecks -OutputFile PesterTestResultsdbachecks.xml -OutputFormat NUnitXml

in my build step and then use the publish test results task and VSTS does the rest 🙂

Easily Splatting PowerShell with VS Code

Posted on March 11, 2018 by RobSewell

So I always like to show splatting PowerShell commands when I am presenting sessions or workshops and realised that I had not really blogged about it. (This blog is for @dbafromthecold who asked me to 🙂 )

What is Splatting?

Well you will know that when you call a PowerShell function you can use intellisense to get the parameters and sometimes the parameter values as well. This can leave you with a command that looks like this on the screen

Start-DbaMigration -Source $Source -Destination $Destination -BackupRestore -NetworkShare $Share -WithReplace -ReuseSourceFolderStructure -IncludeSupportDbs -NoAgentServer -NoAudits -NoResourceGovernor -NoSaRename -NoBackupDevices

It goes on and on and on and while it is easy to type once, it is not so easy to see which values have been chosen. It is also not so easy to change the values.

By Splatting the parameters it makes it much easier to read and also to alter. So instead of the above you can have

$startDbaMigrationSplat = @{
Source = $Source
NetworkShare = $Share
NoAgentServer = $true
NoResourceGovernor = $true
WithReplace = $true
ReuseSourceFolderStructure = $true
Destination = $Destination
NoAudits = $true
BackupRestore = $true
NoSaRename = $true
IncludeSupportDbs = $true
NoBackupDevices = $true
}
Start-DbaMigration @startDbaMigrationSplat

This is much easier on the eye, but if you dont know what the parameters are (and are too lazy to use Get-Help – Hint You should always use Get-Help ) or like the convenience and efficiency of using the intellisense, this might feel like a backward step that slows your productivity in the cause of easy on the eye code.

Enter EditorServicesCommandSuite by SeeminglyScience for VS Code. Amongst the things it makes available to you is easy splatting and people are always impressed when I show it

Best thing i learned at #SqlSatIceland... #PowerShell "splatting"
Byebye lines of code i no longer need!
Thanks @sqldbawithbeard @cl @dbachecks pic.twitter.com/a3PCkAeaV5
— Jan Mulkens (@JanMulkens) March 10, 2018

You can install it from the PowerShell Gallery like all good modules using

Install-Module EditorServicesCommandSuite -Scope CurrentUser

and then add it to your VSCode PowerShell profile usually found at C:\Users\USERNAME\Documents\WindowsPowerShell\Microsoft.VSCode_profile.ps1

# Place this in your VSCode profile
Import-Module EditorServicesCommandSuite
Import-EditorCommand -Module EditorServicesCommandSuite

and now creating a splat is as easy as this.

Write the command, leave the cursor on a parameter, hit F1 – Choose PowerShell : Show Additional Commands (or use a keyboard shortcut) type splat press enter. Done 🙂

So very easy 🙂

Happy Splatting 🙂

dbachecks – Configuration Deep Dive

Posted on February 22, 2018 by RobSewell

Today is the day that we have announced dbachecks a PowerShell module enabling you to validate your SQL Instances. You can read more about it here where you can learn how to install it and see some simple use cases

108 Configurations

One of the things I have been talking about in my presentation “Green is Good Red is Bad” is configuring Pester checks so that you do not have to keep writing new tests for the same thing but with different values.

For example, a different user for a database owner. The code to write the test for the database owner is the same but the value might be different for different applications, environments, clients, teams, domains etc. I gave a couple of different methods for achieving this.

With dbachecks we have made this much simpler enabling you to set configuration items at run-time or for your session and enabling you to export and import them so you can create different configs for different use cases

There are 108 configuration items at present. You can see the current configuration by running

Get-DbcConfig

which will show you the name of the config, the value it is currently set and the description

You can see all of the configs and their descriptions here

Name	Description
agent.databasemailprofile	Name of the Database Mail Profile in SQL Agent
agent.dbaoperatoremail	Email address of the DBA Operator in SQL Agent
agent.dbaoperatorname	Name of the DBA Operator in SQL Agent
agent.failsafeoperator	Email address of the DBA Operator in SQL Agent
app.checkrepos	Where Pester tests/checks are stored
app.computername	List of Windows Servers that Windows-based tests will run against
app.localapp	Persisted files live here
app.maildirectory	Files for mail are stored here
app.sqlcredential	The universal SQL credential if Trusted/Windows Authentication is not used
app.sqlinstance	List of SQL Server instances that SQL-based tests will run against
app.wincredential	The universal Windows if default Windows Authentication is not used
command.invokedbccheck.excludecheck	Invoke-DbcCheck: The checks that should be skipped by default.
domain.domaincontroller	The domain controller to process your requests
domain.name	The Active Directory domain that your server is a part of
domain.organizationalunit	The OU that your server should be a part of
mail.failurethreshhold	Number of errors that must be present to generate an email report
mail.from	Email address the email reports should come from
mail.smtpserver	Store the name of the smtp server to send email reports
mail.subject	Subject line of the email report
mail.to	Email address to send the report to
policy.backup.datadir	Destination server data directory
policy.backup.defaultbackupcompreesion	Default Backup Compression check should be enabled $true or disabled $false
policy.backup.diffmaxhours	Maxmimum number of hours before Diff Backups are considered outdated
policy.backup.fullmaxdays	Maxmimum number of days before Full Backups are considered outdated
policy.backup.logdir	Destination server log directory
policy.backup.logmaxminutes	Maxmimum number of minutes before Log Backups are considered outdated
policy.backup.newdbgraceperiod	The number of hours a newly created database is allowed to not have backups
policy.backup.testserver	Destination server for backuptests
policy.build.warningwindow	The number of months prior to a build being unsupported that you want warning about
policy.connection.authscheme	Auth requirement (Kerberos, NTLM, etc)
policy.connection.pingcount	Number of times to ping a server to establish average response time
policy.connection.pingmaxms	Maximum response time in ms
policy.dacallowed	DAC should be allowed $true or disallowed $false
policy.database.autoclose	Auto Close should be allowed $true or dissalowed $false
policy.database.autocreatestatistics	Auto Create Statistics should be enabled $true or disabled $false
policy.database.autoshrink	Auto Shrink should be allowed $true or dissalowed $false
policy.database.autoupdatestatistics	Auto Update Statistics should be enabled $true or disabled $false
policy.database.autoupdatestatisticsasynchronously	Auto Update Statistics Asynchronously should be enabled $true or disabled $false
policy.database.filebalancetolerance	Percentage for Tolerance for checking for balanced files in a filegroups
policy.database.filegrowthexcludedb	Databases to exclude from the file growth check
policy.database.filegrowthtype	Growth Type should be 'kb' or 'percent'
policy.database.filegrowthvalue	The auto growth value (in kb) should be equal or higher than this value. Example: A value of 65535 means at least 64MB.
policy.database.logfilecount	The number of Log files expected on a database
policy.database.logfilesizecomparison	How to compare data and log file size, options are maximum or average
policy.database.logfilesizepercentage	Maximum percentage of Data file Size that logfile is allowed to be.
policy.database.maxvlf	Max virtual log files
policy.dbcc.maxdays	Maxmimum number of days before DBCC CHECKDB is considered outdated
policy.diskspace.percentfree	Percent disk free
policy.dump.maxcount	Maximum number of expected dumps
policy.hadr.tcpport	The TCPPort for the HADR check
policy.identity.usagepercent	Maxmimum percentage of max of identity column
policy.invaliddbowner.excludedb	Databases to exclude from invalid dbowner checks
policy.invaliddbowner.name	The database owner account should not be this user
policy.network.latencymaxms	Max network latency average
policy.ola.commandlogenabled	Ola's CommandLog Cleanup should be enabled $true or disabled $false
policy.ola.commandlogscheduled	Ola's CommandLog Cleanup should be scheduled $true or disabled $false
policy.ola.database	The database where Ola's maintenance solution is installed
policy.ola.deletebackuphistoryenabled	Ola's Delete Backup History should be enabled $true or disabled $false
policy.ola.deletebackuphistoryscheduled	Ola's Delete Backup History should be scheduled $true or disabled $false
policy.ola.installed	Checks to see if Ola Hallengren solution is installed
policy.ola.outputfilecleanupenabled	Ola's Output File Cleanup should be enabled $true or disabled $false
policy.ola.outputfilecleanupscheduled	Ola's Output File Cleanup should be scheduled $true or disabled $false
policy.ola.purgejobhistoryenabled	Ola's Purge Job History should be enabled $true or disabled $false
policy.ola.purgejobhistoryscheduled	Ola's Purge Job History should be scheduled $true or disabled $false
policy.ola.systemfullenabled	Ola's Full System Database Backup should be enabled $true or disabled $false
policy.ola.systemfullretention	Ola's Full System Database Backup retention number of hours
policy.ola.systemfullscheduled	Ola's Full System Database Backup should be scheduled $true or disabled $false
policy.ola.systemintegritycheckenabled	Ola's System Database Integrity should be enabled $true or disabled $false
policy.ola.systemintegritycheckscheduled	Ola's System Database Integrity should be scheduled $true or disabled $false
policy.ola.userdiffenabled	Ola's Diff User Database Backup should be enabled $true or disabled $false
policy.ola.userdiffretention	Ola's Diff User Database Backup retention number of hours
policy.ola.userdiffscheduled	Ola's Diff User Database Backup should be scheduled $true or disabled $false
policy.ola.userfullenabled	Ola's Full User Database Backup should be enabled $true or disabled $false
policy.ola.userfullretention	Ola's Full User Database Backup retention number of hours
policy.ola.userfullscheduled	Ola's Full User Database Backup should be scheduled $true or disabled $false
policy.ola.userindexoptimizeenabled	Ola's User Index Optimization should be enabled $true or disabled $false
policy.ola.userindexoptimizescheduled	Ola's User Index Optimization should be scheduled $true or disabled $false
policy.ola.userintegritycheckenabled	Ola's User Database Integrity should be enabled $true or disabled $false
policy.ola.userintegritycheckscheduled	Ola's User Database Integrity should be scheduled $true or disabled $false
policy.ola.userlogenabled	Ola's Log User Database Backup should be enabled $true or disabled $false
policy.ola.userlogretention	Ola's Log User Database Backup retention number of hours
policy.ola.userlogscheduled	Ola's Log User Database Backup should be scheduled $true or disabled $false
policy.oleautomation	OLE Automation should be enabled $true or disabled $false
policy.pageverify	Page verify option should be set to this value
policy.recoverymodel.excludedb	Databases to exclude from standard recovery model check
policy.recoverymodel.type	Standard recovery model
policy.storage.backuppath	Enables tests to check if servers have access to centralized backup location
policy.validdbowner.excludedb	Databases to exclude from valid dbowner checks
policy.validdbowner.name	The database owner account should be this user
policy.whoisactive.database	Which database should contain the sp_WhoIsActive stored procedure
policy.xevent.requiredrunningsession	List of XE Sessions that should be running.
policy.xevent.requiredstoppedsession	List of XE Sessions that should not be running.
policy.xevent.validrunningsession	List of XE Sessions that can be be running.
skip.backup.testing	Don't run Test-DbaLastBackup by default (it's not read-only)
skip.connection.ping	Skip the ping check for connectivity
skip.connection.remoting	Skip PowerShell remoting check for connectivity
skip.database.filegrowthdisabled	Skip validation of datafiles which have growth value equal to zero.
skip.database.logfilecounttest	Skip the logfilecount test
skip.datafilegrowthdisabled	Skip validation of datafiles which have growth value equal to zero.
skip.dbcc.datapuritycheck	Skip data purity check in last good dbcc command
skip.diffbackuptest	Skip the Differential backup test
skip.logfilecounttest	Skip the logfilecount test
skip.logshiptesting	Skip the logshipping test
skip.tempdb1118	Don't run test for Trace Flag 1118
skip.tempdbfilecount	Don't run test for Temp Database File Count
skip.tempdbfilegrowthpercent	Don't run test for Temp Database File Growth in Percent
skip.tempdbfilesizemax	Don't run test for Temp Database Files Max Size
skip.tempdbfilesonc	Don't run test for Temp Database Files on C

So there are a lot of configurations that you can use. A lot are already set by default but all of them you can configure for the values that you need for your own estate.

The configurations are stored in the registry at HKCU:\Software\Microsoft\WindowsPowerShell\PSFramework\

First Configurations

First I would run this so that you can see all of the configs in a seperate window (note this does not work on PowerShell v6)

Get-DbcConfig | Out-GridView

Lets start with the first configurations that you will want to set. This should be the Instances and the Hosts that you want to check

You can get the value of the configuration item using

Get-DbcConfigValue -Name app.sqlinstance

as you can see in the image, nothing is returned so we have no instances configured at present. We have added tab completion to the name parameter so that you can easily find the right one

If you want to look at more information about the configuration item you can use

Get-DbcConfig -Name app.sqlinstance

which shows you the name, current value and the description

So lets set our first configuration for our SQL instance to localhost. I have included a video so you can see the auto-complete in action as well

Set-DbcConfig -Name app.sqlinstance localhost

This configuration will be used for any SQL based checks but not for any windows based ones like Services, PowerPlan, SPN, DiskSpace, Cluster so lets set the app.computername configuration as well

This means that when we run invoke-DbcCheck with AllChecks or by specifying a check, it will run against the local machine and default instance unless we specify a sqlinstance when calling Invoke-DbcCheck. So the code below will not use the configuration for app.sqlinstance.

Invoke-DbcCheck -SqlInstance TheBeard

Exclude a Check

You can exclude a check using the -ExcludeCheck parameter of Invoke-DbcConfig. In the example below I am running all of the Server checks but excluding the SPN as we are not on a domain

Invoke-DbcCheck -Check Server -ExcludeCheck SPN

There is a configuration setting to exclude checks as well. (Be careful this will exclude them even if you specifically specify a check using Invoke-DbcCheck but we do give you a warning!)

So now I can run

Set-DbcConfig -Name command.invokedbccheck.excludecheck -Value SPN
Invoke-DbcCheck -Check Server

and all of the server checks except the SPN check will run against the local machine and the default instance that I have set in the config

Creating an environment config and exporting it to use any time we like

So lets make this a lot more useful. Lets create a configuration for our production environment and save it to disk (or even source control it!) so that we can use it again and again. We can also then pass it to other members of our team or even embed it in an automated process or our CI/CD system

Lets build up a configuration for a number of tests for my “production” environment. I will not explain them all here but let you read through the code and the comments to see what has been set. You will see that some of them are due to me running the test on a single machine with one drive.

# The computername we will be testing
Set-DbcConfig -Name app.computername -Value localhost                                                                                                                                                                                                          
# The Instances we want to test
Set-DbcConfig -Name app.sqlinstance -Value 'localhost' ,'localhost\PROD1','localhost\PROD2', 'localhost\PROD3'                                                                                                                                            
# The database owner we expect
Set-DbcConfig -Name policy.validdbowner.name -Value 'dbachecksdemo\dbachecks'  
# the database owner we do NOT expect
Set-DbcConfig -Name policy.invaliddbowner.name -Value 'sa'      
# Should backups be compressed by default?
Set-DbcConfig -Name policy.backup.defaultbackupcompreesion -Value $true     
# Do we allow DAC connections?
Set-DbcConfig -Name policy.dacallowed -Value $true    
# What recovery model should we have?
Set-DbcConfig -Name policy.recoverymodel.type -value FULL     
# What should our database growth type be?
Set-DbcConfig -Name policy.database.filegrowthtype -Value kb   
# What authentication scheme are we expecting?                                                                                                            
Set-DbcConfig -Name policy.connection.authscheme -Value 'NTLM'
# Which Agent Operator should be defined?
Set-DbcConfig -Name agent.dbaoperatorname -Value 'DBA Team'
# Which Agent Operator email should be defined?
Set-DbcConfig -Name agent.dbaoperatoremail -Value 'DBATeam@TheBeard.Local'
# Which failsafe operator shoudl be defined?
Set-DbcConfig -Name agent.failsafeoperator -Value 'DBA Team'
# Where is the whoisactive stored procedure?
Set-DbcConfig -Name policy.whoisactive.database -Value DBAAdmin 
# What is the maximum time since I took a Full backup?
Set-DbcConfig -Name policy.backup.fullmaxdays -Value 7
# What is the maximum time since I took a DIFF backup (in hours) ?
Set-DbcConfig -Name policy.backup.diffmaxhours -Value 26
# What is the maximum time since I took a log backup (in minutes)?
Set-DbcConfig -Name policy.backup.logmaxminutes -Value 30 
# What is my domain name?
Set-DbcConfig -Name domain.name -Value 'WORKGROUP'
# Where is my Ola database?
Set-DbcConfig -Name policy.ola.database -Value DBAAdmin
# Which database should not be checked for recovery model
Set-DbcConfig -Name policy.recoverymodel.excludedb -Value 'master','msdb','tempdb'
# What is my SQL Credential
Set-DbcConfig -Name app.sqlcredential -Value $null
# Should I skip the check for temp files on c?
Set-DbcConfig -Name skip.tempdbfilesonc -Value $true
# Should I skip the check for temp files count?
Set-DbcConfig -Name skip.tempdbfilecount -Value $true
# Which Checks should be excluded?
Set-DbcConfig -Name command.invokedbccheck.excludecheck -Value LogShipping,ExtendedEvent, HADR, PseudoSimple,spn
# How many months before a build is unsupported do I want to fail the test?
Set-DbcConfig -Name policy.build.warningwindow -Value 6
Get-Dbcconfig | ogv

When I run this I get

I can then export this to disk (to store in source control) using

Export-DbcConfig -Path C:\Users\dbachecks\Desktop\production_config.json

and I have a configuration file

which I can use any time to set the configuration for dbachecks using the Import-DbcConfig command (But this doesn’t work in VS Codes integrated terminal – which occasionally does odd things, this appears to be one of them)

Import-DbcConfig -Path C:\Users\dbachecks\Desktop\production_config.json

So I can import this configuration and run my checks with it any time I like. This means that I can create many different test configurations for my many different environment or estate configurations.

Yes, I know “good/best practice” says we should use the same configuration for all of our instances but we know that isn’t true. We have instances that were set up 15 years ago that are still in production. We have instances from the companies our organisation has bought over the years that were set up by system administrators. We have instances that were set up by shadow IT and now we have to support but cant change.

As well as those though, we also have different environments. Our development or test environment will have different requirements to our production environments.

In this hypothetical situation the four instances for four different applications have 4 development containers which are connected to using SQL Authentication. We will need a different configuration.

SQL Authentication

We can set up SQL Authentication for connecting to our SQL Instances using the app.sqlcredential configuration. this is going to hold a PSCredential object for SQL Authenticated connection to your instance. If this is set the checks will always try to use it. Yes this means that the same username and password is being used for each connection. No there is currently no way to choose which instances use it and which don’t. This may be a limitation but as you will see further down you can still do this with different configurations

To set the SQL Authentication run

Set-DbcConfig -Name app.sqlcredential -Value (Get-Credential)

This will give a prompt for you to enter the credential

Development Environment Configuration

So now we know how to set a SQL Authentication configuration we can create our development environment configuration like so. As you can see below the values are different for the checks and more checks have been skipped. I wont explain it all, if it doesn’t make sense ask a question in the comments or in the dbachecks in SQL Server Community Slack

#region Dev Config
# The Instances we want to test
Set-DbcConfig -Name app.sqlinstance -Value 'localhost,1401' ,'localhost,1402','localhost,1403', 'localhost,1404' 
# What is my SQL Credential
Set-DbcConfig -Name app.sqlcredential -Value (Get-Credential)
# The database owner we expect
Set-DbcConfig -Name policy.validdbowner.name -Value 'sa'   
# What authentication scheme are we expecting?  
Set-DbcConfig -Name policy.connection.authscheme -Value 'SQL'
# the database owner we do NOT expect
Set-DbcConfig -Name policy.invaliddbowner.name -Value 'dbachecksdemo\dbachecks'
# Should backups be compressed by default?
Set-DbcConfig -Name policy.backup.defaultbackupcompreesion -Value $false
# What should our database growth type be?
Set-DbcConfig -Name policy.database.filegrowthtype -Value kb
# What should our database growth value be higher than (Mb)?
Set-DbcConfig -Name policy.database.filegrowthvalue -Value 64
# Do we allow DAC connections?
Set-DbcConfig -Name policy.dacallowed -Value $false 
# What is the maximum latency (ms)?
Set-DbcConfig -Name policy.network.latencymaxms -Value 100
# What recovery model should we have?
Set-DbcConfig -Name policy.recoverymodel.type -value Simple
# Where is the whoisactive stored procedure?
Set-DbcConfig -Name policy.whoisactive.database -Value DBAAdmin 
# What is my domain name?
Set-DbcConfig -Name domain.name -Value 'WORKGROUP'
# Which database should not be checked for recovery model
Set-DbcConfig -Name policy.recoverymodel.excludedb -Value 'master','msdb','tempdb'
# Should I skip the check for temp files on c?
Set-DbcConfig -Name skip.tempdbfilesonc -Value $true
# Should I skip the check for temp files count?
Set-DbcConfig -Name skip.tempdbfilecount -Value $true
# How many months before a build is unsupported do I want to fail the test?
Set-DbcConfig -Name policy.build.warningwindow -Value 6
# Which Checks should be excluded?
Set-DbcConfig -Name command.invokedbccheck.excludecheck -Value LogShipping,ExtendedEvent, HADR, SaReNamed, PseudoSimple,spn, DiskSpace, DatabaseCollation,Agent,Backup,UnusedIndex,LogfileCount,FileGroupBalanced,LogfileSize,MaintenanceSolution,ServerNameMatch

Export-DbcConfig -Path C:\Users\dbachecks\Desktop\development_config.json

Using The Different Configurations

Now I have two configurations, one for my Production Environment and one for my development environment. I can run my checks whenever I like (perhaps you will automate this in some way)

Import the production configuration
Run my tests with that configuration and create a json file for my Power Bi labelled production
Import the development configuration (and enter the SQL authentication credential)
Run my tests with that configuration and create a json file for my Power Bi labelled development
Start Power Bi to show those results

# Import the production config
Import-DbcConfig C:\Users\dbachecks\Desktop\production_config.json
# Run the tests with the production config and create/update the production json
Invoke-DbcCheck -AllChecks -Show Fails -PassThru |Update-DbcPowerBiDataSource -Environment Production
# Import the development config
Import-DbcConfig C:\Users\dbachecks\Desktop\development_config.json
# Run the tests with the production config and create/update the development json
Invoke-DbcCheck -AllChecks -Show Fails -PassThru |Update-DbcPowerBiDataSource -Environment Development
# Open the PowerBi
Start-DbcPowerBi

I have published the Power Bi so that you can see what it would like and have a click around (maybe you can see improvements you would like to contribute)

now we can see how each environment is performing according to our settings for each environment

Combining Configurations Into One Result Set

As you saw above, by using the Environment parameter of Update-DbcPowerBiDataSource you can add different environments to one report. But if I wanted to have a report for my application APP1 showing both production and development environments but they have different configurations how can I do this?

Here’s how.

Create a configuration for the production environment (I have used the production configuration one from above but only localhost for the instance)
Export it using to C:\Users\dbachecks\Desktop\APP1-Prod_config.json
Create a configuration for the development environment (I have used the development configuration one from above but only localhost,1401 for the instance)
Export it using to C:\Users\dbachecks\Desktop\APP1-Dev_config.json

Then run

# Import the production config
Import-DbcConfig C:\Users\dbachecks\Desktop\APP1-Prod_config.json
# Run the tests with the production config and create/update the production json
Invoke-DbcCheck -AllChecks -Show Fails -PassThru |Update-DbcPowerBiDataSource -Environment APP1
# Import the development config
Import-DbcConfig C:\Users\dbachecks\Desktop\APP1-Dev_config.json
# Run the tests with the production config and create/update the development json
Invoke-DbcCheck -AllChecks -Show Fails -PassThru |Update-DbcPowerBiDataSource -Environment APP1 -Append
Start-DbcPowerBi

Notice that this time there is an Append on the last Invoke-DbcCheck this creates a single json file for the PowerBi and the results look like this. Now we have the results for our application and both the production environment localhost and the development container localhost,1401

It’s Open Source – We Want Your Ideas, Issues, New Code

dbachecks is open-source available on GitHub for anyone to contribute

We would love you to contribute. Please open issues for new tests, enhancements, bugs. Please fork the repository and add code to improve the module. please give feedback to make this module even more useful

You can also come in the SQL Server Community Slack and join the dbachecks channel and get advice, make comments or just join in the conversation

Thank You

I want to say thank you to all of the people who have enabled dbachecks to get this far. These wonderful people have used their own time to ensure that you have a useful tool available to you for free

Chrissy Lemaire @cl

Fred Weinmann @FredWeinmann

Cláudio Silva @ClaudioESSilva

Stuart Moore @napalmgram

Shawn Melton @wsmelton

Garry Bargsley @gbargsley

Stephen Bennett @staggerlee011

Sander Stad @SQLStad

Jess Pomfret @jpomfret

Jason Squires @js0505

Shane O’Neill @SOZDBA

and all of the other people who have contributed in the dbachecks Slack channel

Announcing dbachecks – Configurable PowerShell Validation For Your SQL Instances

Posted on February 22, 2018 by RobSewell

For the last couple of months members of the dbatools team have been working on a new PowerShell module called dbachecks. This open source PowerShell module will enable you to validate your SQL Instances. Today it is released for you all to start to use 🙂

Validate Your SQL Instances?

What do I mean by validate your SQL Instances? You want to know if your SQL Instances are (still) set up in the way that you want them to be or that you have not missed any configurations when setting them up. With dbachecks you can use any or all of the 80 checks to ensure one or many SQL Instances are as you want them to be. Using Pester, dbachecks will validate your SQL Instance(s) against default settings or ones that you configure yourself.

Installation

Installation is via the PowerShell Gallery. You will need to open PowerShell on a machine connected to the internet and run

Install-Module dbachecks

If you are not running your process as admin or you only want (or are able) to install for your own user account you will need to

Install-Module -Scope CurrentUser

This will also install the PSFramework module used for configuration (and other things beneath the hood) and the latest version (4.2.0 – released on Sunday!) of Pester

Once you have installed the module you can see the commands available by running

Get-Command -Module dbachecks

To be able to use these (and any PowerShell) commands, your first step should always be Get-Help

Get-Help Send-DbcMailMessage

80 Checks

At the time of release, dbachecks has 80 checks. You can see all of the checks by running

Get-DbcCheck

(Note this has nothing to do with DBCC CheckDb!) Here is the output of

Get-DbcCheck | Select Group, UniqueTag

so you can see the current checks

Group	UniqueTag
Agent	AgentServiceAccount
Agent	DbaOperator
Agent	FailsafeOperator
Agent	DatabaseMailProfile
Agent	FailedJob
Database	DatabaseCollation
Database	SuspectPage
Database	TestLastBackup
Database	TestLastBackupVerifyOnly
Database	ValidDatabaseOwner
Database	InvalidDatabaseOwner
Database	LastGoodCheckDb
Database	IdentityUsage
Database	RecoveryModel
Database	DuplicateIndex
Database	UnusedIndex
Database	DisabledIndex
Database	DatabaseGrowthEvent
Database	PageVerify
Database	AutoClose
Database	AutoShrink
Database	LastFullBackup
Database	LastDiffBackup
Database	LastLogBackup
Database	VirtualLogFile
Database	LogfileCount
Database	LogfileSize
Database	FileGroupBalanced
Database	AutoCreateStatistics
Database	AutoUpdateStatistics
Database	AutoUpdateStatisticsAsynchronously
Database	DatafileAutoGrowthType
Database	Trustworthy
Database	OrphanedUser
Database	PseudoSimple
Database	AdHocWorkloads
Domain	DomainName
Domain	OrganizationalUnit
HADR	ClusterHealth
HADR	ClusterServerHealth
HADR
HADR	System.Object[]
Instance	SqlEngineServiceAccount
Instance	SqlBrowserServiceAccount
Instance	TempDbConfiguration
Instance	AdHocWorkload
Instance	BackupPathAccess
Instance	DAC
Instance	NetworkLatency
Instance	LinkedServerConnection
Instance	MaxMemory
Instance	OrphanedFile
Instance	ServerNameMatch
Instance	MemoryDump
Instance	SupportedBuild
Instance	SaRenamed
Instance	DefaultBackupCompression
Instance	XESessionStopped
Instance	XESessionRunning
Instance	XESessionRunningAllowed
Instance	OLEAutomation
Instance	WhoIsActiveInstalled
LogShipping	LogShippingPrimary
LogShipping	LogShippingSecondary
Server	PowerPlan
Server	InstanceConnection
Server	SPN
Server	DiskCapacity
Server	PingComputer
MaintenancePlan	SystemFull
MaintenancePlan	UserFull
MaintenancePlan	UserDiff
MaintenancePlan	UserLog
MaintenancePlan	CommandLog
MaintenancePlan	SystemIntegrityCheck
MaintenancePlan	UserIntegrityCheck
MaintenancePlan	UserIndexOptimize
MaintenancePlan	OutputFileCleanup
MaintenancePlan	DeleteBackupHistory
MaintenancePlan	PurgeJobHistory

108 Configurations

There are 108 configuration items at present. You can see the current configuration by running

Get-DbcConfig

which will show you the name of the config, the value it is currently set and the description

You can see all of the configs and their descriptions here

Name	Description
agent.databasemailprofile	Name of the Database Mail Profile in SQL Agent
agent.dbaoperatoremail	Email address of the DBA Operator in SQL Agent
agent.dbaoperatorname	Name of the DBA Operator in SQL Agent
agent.failsafeoperator	Email address of the DBA Operator in SQL Agent
app.checkrepos	Where Pester tests/checks are stored
app.computername	List of Windows Servers that Windows-based tests will run against
app.localapp	Persisted files live here
app.maildirectory	Files for mail are stored here
app.sqlcredential	The universal SQL credential if Trusted/Windows Authentication is not used
app.sqlinstance	List of SQL Server instances that SQL-based tests will run against
app.wincredential	The universal Windows if default Windows Authentication is not used
command.invokedbccheck.excludecheck	Invoke-DbcCheck: The checks that should be skipped by default.
domain.domaincontroller	The domain controller to process your requests
domain.name	The Active Directory domain that your server is a part of
domain.organizationalunit	The OU that your server should be a part of
mail.failurethreshhold	Number of errors that must be present to generate an email report
mail.from	Email address the email reports should come from
mail.smtpserver	Store the name of the smtp server to send email reports
mail.subject	Subject line of the email report
mail.to	Email address to send the report to
policy.backup.datadir	Destination server data directory
policy.backup.defaultbackupcompreesion	Default Backup Compression check should be enabled $true or disabled $false
policy.backup.diffmaxhours	Maxmimum number of hours before Diff Backups are considered outdated
policy.backup.fullmaxdays	Maxmimum number of days before Full Backups are considered outdated
policy.backup.logdir	Destination server log directory
policy.backup.logmaxminutes	Maxmimum number of minutes before Log Backups are considered outdated
policy.backup.newdbgraceperiod	The number of hours a newly created database is allowed to not have backups
policy.backup.testserver	Destination server for backuptests
policy.build.warningwindow	The number of months prior to a build being unsupported that you want warning about
policy.connection.authscheme	Auth requirement (Kerberos, NTLM, etc)
policy.connection.pingcount	Number of times to ping a server to establish average response time
policy.connection.pingmaxms	Maximum response time in ms
policy.dacallowed	DAC should be allowed $true or disallowed $false
policy.database.autoclose	Auto Close should be allowed $true or dissalowed $false
policy.database.autocreatestatistics	Auto Create Statistics should be enabled $true or disabled $false
policy.database.autoshrink	Auto Shrink should be allowed $true or dissalowed $false
policy.database.autoupdatestatistics	Auto Update Statistics should be enabled $true or disabled $false
policy.database.autoupdatestatisticsasynchronously	Auto Update Statistics Asynchronously should be enabled $true or disabled $false
policy.database.filebalancetolerance	Percentage for Tolerance for checking for balanced files in a filegroups
policy.database.filegrowthexcludedb	Databases to exclude from the file growth check
policy.database.filegrowthtype	Growth Type should be 'kb' or 'percent'
policy.database.filegrowthvalue	The auto growth value (in kb) should be equal or higher than this value. Example: A value of 65535 means at least 64MB.
policy.database.logfilecount	The number of Log files expected on a database
policy.database.logfilesizecomparison	How to compare data and log file size, options are maximum or average
policy.database.logfilesizepercentage	Maximum percentage of Data file Size that logfile is allowed to be.
policy.database.maxvlf	Max virtual log files
policy.dbcc.maxdays	Maxmimum number of days before DBCC CHECKDB is considered outdated
policy.diskspace.percentfree	Percent disk free
policy.dump.maxcount	Maximum number of expected dumps
policy.hadr.tcpport	The TCPPort for the HADR check
policy.identity.usagepercent	Maxmimum percentage of max of identity column
policy.invaliddbowner.excludedb	Databases to exclude from invalid dbowner checks
policy.invaliddbowner.name	The database owner account should not be this user
policy.network.latencymaxms	Max network latency average
policy.ola.commandlogenabled	Ola's CommandLog Cleanup should be enabled $true or disabled $false
policy.ola.commandlogscheduled	Ola's CommandLog Cleanup should be scheduled $true or disabled $false
policy.ola.database	The database where Ola's maintenance solution is installed
policy.ola.deletebackuphistoryenabled	Ola's Delete Backup History should be enabled $true or disabled $false
policy.ola.deletebackuphistoryscheduled	Ola's Delete Backup History should be scheduled $true or disabled $false
policy.ola.installed	Checks to see if Ola Hallengren solution is installed
policy.ola.outputfilecleanupenabled	Ola's Output File Cleanup should be enabled $true or disabled $false
policy.ola.outputfilecleanupscheduled	Ola's Output File Cleanup should be scheduled $true or disabled $false
policy.ola.purgejobhistoryenabled	Ola's Purge Job History should be enabled $true or disabled $false
policy.ola.purgejobhistoryscheduled	Ola's Purge Job History should be scheduled $true or disabled $false
policy.ola.systemfullenabled	Ola's Full System Database Backup should be enabled $true or disabled $false
policy.ola.systemfullretention	Ola's Full System Database Backup retention number of hours
policy.ola.systemfullscheduled	Ola's Full System Database Backup should be scheduled $true or disabled $false
policy.ola.systemintegritycheckenabled	Ola's System Database Integrity should be enabled $true or disabled $false
policy.ola.systemintegritycheckscheduled	Ola's System Database Integrity should be scheduled $true or disabled $false
policy.ola.userdiffenabled	Ola's Diff User Database Backup should be enabled $true or disabled $false
policy.ola.userdiffretention	Ola's Diff User Database Backup retention number of hours
policy.ola.userdiffscheduled	Ola's Diff User Database Backup should be scheduled $true or disabled $false
policy.ola.userfullenabled	Ola's Full User Database Backup should be enabled $true or disabled $false
policy.ola.userfullretention	Ola's Full User Database Backup retention number of hours
policy.ola.userfullscheduled	Ola's Full User Database Backup should be scheduled $true or disabled $false
policy.ola.userindexoptimizeenabled	Ola's User Index Optimization should be enabled $true or disabled $false
policy.ola.userindexoptimizescheduled	Ola's User Index Optimization should be scheduled $true or disabled $false
policy.ola.userintegritycheckenabled	Ola's User Database Integrity should be enabled $true or disabled $false
policy.ola.userintegritycheckscheduled	Ola's User Database Integrity should be scheduled $true or disabled $false
policy.ola.userlogenabled	Ola's Log User Database Backup should be enabled $true or disabled $false
policy.ola.userlogretention	Ola's Log User Database Backup retention number of hours
policy.ola.userlogscheduled	Ola's Log User Database Backup should be scheduled $true or disabled $false
policy.oleautomation	OLE Automation should be enabled $true or disabled $false
policy.pageverify	Page verify option should be set to this value
policy.recoverymodel.excludedb	Databases to exclude from standard recovery model check
policy.recoverymodel.type	Standard recovery model
policy.storage.backuppath	Enables tests to check if servers have access to centralized backup location
policy.validdbowner.excludedb	Databases to exclude from valid dbowner checks
policy.validdbowner.name	The database owner account should be this user
policy.whoisactive.database	Which database should contain the sp_WhoIsActive stored procedure
policy.xevent.requiredrunningsession	List of XE Sessions that should be running.
policy.xevent.requiredstoppedsession	List of XE Sessions that should not be running.
policy.xevent.validrunningsession	List of XE Sessions that can be be running.
skip.backup.testing	Don't run Test-DbaLastBackup by default (it's not read-only)
skip.connection.ping	Skip the ping check for connectivity
skip.connection.remoting	Skip PowerShell remoting check for connectivity
skip.database.filegrowthdisabled	Skip validation of datafiles which have growth value equal to zero.
skip.database.logfilecounttest	Skip the logfilecount test
skip.datafilegrowthdisabled	Skip validation of datafiles which have growth value equal to zero.
skip.dbcc.datapuritycheck	Skip data purity check in last good dbcc command
skip.diffbackuptest	Skip the Differential backup test
skip.logfilecounttest	Skip the logfilecount test
skip.logshiptesting	Skip the logshipping test
skip.tempdb1118	Don't run test for Trace Flag 1118
skip.tempdbfilecount	Don't run test for Temp Database File Count
skip.tempdbfilegrowthpercent	Don't run test for Temp Database File Growth in Percent
skip.tempdbfilesizemax	Don't run test for Temp Database Files Max Size
skip.tempdbfilesonc	Don't run test for Temp Database Files on C

Running A Check

You can quickly run a single check by calling Invoke-DbcCheck.

Invoke-DbcCheck -SqlInstance localhost -Check FailedJob

Excellent, my agent jobs have not failed 🙂

Invoke-DbcCheck -SqlInstance localhost -Check LastGoodCheckDb

Thats good, all of my databases have had a successful DBCC CHECKDB within the last 7 days.

Setting a Configuration

To save me from having to specify the instance I want to run my tests against I can set the app.sqlinstance config to the instances I want to check.

Set-DbcConfig -Name app.sqlinstance -Value localhost, 'localhost\PROD1'

Then whenever I call Invoke-DbcCheck it will run against those instances for the SQL checks

So now if I run

Invoke-DbcCheck -Check LastDiffBackup

I can see that I dont have a diff backup for the databases on both instances. Better stop writing this and deal with that !!

The configurations are stored in the registry but you can export them and then import them for re-use easily. I have written another blog post about that.

The Show Parameter

Getting the results of the tests on the screen is cool but if you are running a lot of tests against a lot of instances then you might find that you have 3 failed tests out of 15000! This will mean a lot of scrolling through green text looking for the red text and you may find that your PowerShell buffer doesnt hold all of your test results leaving you very frustrated.

dbachecks supports the Pester Show parameter enabling you to filter the output of the results to the screen. The available values are Summary, None, Fails, Inconclusive, Passed, Pending and Skipped

in my opinion by far the most useful one is Fails as this will show you only the failed tests with the context to enable you to see which tests have failed

Invoke-DbcCheck -Check Agent -Show Fails

If we check all of the checks tagged as Agent we can easily see that most passed but The Job That Fails (surprisingly) failed. All of the other tests that were run for the agent service, operators, failsafe operator, database mail and all other agent jobs all passed in the example below

Test Results are for other People as well

It is all very well and good being able to run tests and get the results on our screen. It will be very useful for people to be able to validate a new SQL instance for example or run a morning check or the first step of an incident response. But test results are also useful for other people so we need to be able to share them

We have created a Power Bi Dashboard that comes with the dbachecks module to enable easy sharing of the test results. You can also send the results via email using Send-DbcMailMessage. we have an open issue for putting them into a database that we would love you to help resolve.

To get the results into PowerBi you can run

Invoke-DbcCheck -AllChecks -Show Fails -PassThru |Update-DbcPowerBiDataSource -Environment Production

This will run all of the dbachecks using your configuration for your Production environment, output only the failed tests to the screen and save the results in your windows\temp\dbachecks folder with a suffix of Production

If you then used a different configuration for your development environment and ran

Invoke-DbcCheck -AllChecks -Show Fails -PassThru |Update-DbcPowerBiDataSource -Environment Development

it will run all of the dbachecks using your configuration for your Development environment, output only the failed tests to the screen and save the results in your windows\temp\dbachecks folder with a suffix of Development and you would end up with two files in the folder

You can then simply run

Start-DbcPowerBi

and as long as you have the (free) Powerbi Desktop then you will see this. You will need to refresh the data to get your test results

Of course it is Powerbi so you can publish this report. Here it is so that you can click around and see what it looks like

It’s Open Source – We Want Your Ideas, Issues, New Code

dbachecks is open-source available on GitHub for anyone to contribute

You can also come in the SQL Server Community Slack and join the dbachecks channel and get advice, make comments or just join in the conversation

Thank You

Chrissy Lemaire @cl

Fred Weinmann @FredWeinmann

Cláudio Silva @ClaudioESSilva

Stuart Moore @napalmgram

Shawn Melton @wsmelton

Garry Bargsley @gbargsley

Stephen Bennett @staggerlee011

Sander Stad @SQLStad

Jess Pomfret @jpomfret

Jason Squires @js0505

Shane O’Neill @SOZDBA

Tony Wilhelm @TonyWSQL

and all of the other people who have contributed in the dbachecks Slack channel

VS Code – Terminal crashes when formatting script

Posted on February 10, 2018 by RobSewell

I love VS Code. I love being able to press ALT + SHIFT + F and format my code.

The Problem

Yesterday all I got when I pressed ALT + SHIFT + F was this

format error.png

I could reproduce it will. This was very frustrating.

Turning on Verbose Logging

To turn on verbose logging for the PowerShell Editor Services go the Cog in the bottom left, click it and then click User Settings.

Search for powershell.developer.editorServicesLogLevel

powershell.developer.editorServicesLogLevel.png

If you hover over the left hand channel a pencil will appear, click it and then click replace in settings

edit settings.png

This will put the entry in the right hand side where you can change the value. Set it to Verbose and save

user settigns.png

a prompt will come up asking if you want to restart PowerShell

When you restart PowerShell, if you click on Output and choose PowerShell Extension Logs you will see the path to the log file

Reproduce the error

I then reproduced the error and opened the log file this is what I got

10/02/2018 09:11:19 [ERROR] – Method “OnListenTaskCompleted” at line 391 of C:\projects\powershelleditorservices\src\PowerShellEditorServices.Protocol\MessageProtocol\ProtocolEndpoint.cs

ProtocolEndpoint message loop terminated due to unhandled exception:

System.AggregateException: One or more errors occurred. —> System.Management.Automation.CommandNotFoundException: The term ‘Invoke-Formatter’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)
at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)
at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)
at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)
at Microsoft.PowerShell.EditorServices.AnalysisService.InvokePowerShell(String command, IDictionary`2 paramArgMap)
at System.Threading.Tasks.Task`1.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.PowerShell.EditorServices.AnalysisService.<InvokePowerShellAsync>d__31.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.PowerShell.EditorServices.AnalysisService.<Format>d__22.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

Open an issue on GitHub

I couldnt quickly see what was happening so I opened an issue on the vscode-powershell repo by going to issues and clicking new issue and following the instructions

new issue.png

The Resolution

Keith Hill b | t pointed me to the resolution. Thank you Keith.

Further up in the log file there is a line where the editor services is loading the PSScriptAnalyzer module and it should have the Invoke-Formatter command exported, but mine was not. It loaded the PsScriptAnalyzer module from my users module directory

10/02/2018 09:11:01 [NORMAL] – Method “FindPSScriptAnalyzerModule” at line 354 of C:\projects\powershelleditorservices\src\PowerShellEditorServices\Analysis\AnalysisService.cs

PSScriptAnalyzer found at C:\Users\XXXX\Documents\WindowsPowerShell\Modules\PSScriptAnalyzer\1.10.0\PSScriptAnalyzer.psd1

10/02/2018 09:11:01 [VERBOSE] – Method “EnumeratePSScriptAnalyzerCmdlets” at line 389 of C:\projects\powershelleditorservices\src\PowerShellEditorServices\Analysis\AnalysisService.cs

The following cmdlets are available in the imported PSScriptAnalyzer module:
Get-ScriptAnalyzerRule
Invoke-ScriptAnalyzer

I ran

$Env:PSModulePath.Split(';')

to see the module paths

module path.png

and looked in the .vscode-insiders\extensions\ms-vscode.powershell-1.5.1\modules directory. There was no PsScriptAnalyzer folder

no module.png

So I copied the PSScriptAnalyzer folder from the normal VS Code PowerShell Extension module folder into that folder and restarted PowerShell and I had my formatting back again 🙂

I then reset the logging mode in my user settings back to Normal

Thank you Keith

How I created PowerShell.cool using Flow, Azure SQL DB, Cognitive Services & PowerBi

Posted on February 3, 2018 by RobSewell

Last weekend I was thinking about how to save the tweets for PowerShell Conference Europe. This annual event occurs in Hanover and this year it is on April 17-20, 2018. The agenda has just been released and you can find it on the website http://www.psconf.eu/

I ended up creating an interactive PowerBi report to which my good friend and Data Platform MVP Paul Andrew b | t added a bit of magic and I published it. The magnificent Tobias Weltner b | t who organises PSConfEU pointed the domain name http://powershell.cool at the link. It looks like this.

During the monthly #PSTweetChat

Reminder that we do this chat the first Friday of every month from 1-2PM Eastern which I think is 6:00PM UTC #pstweetchat

— Jeff Hicks (https://techhub.social/@JeffHicks) (@JeffHicks) February 2, 2018

I mentioned that I need to blog about how I created it and Jeff replied

Yes, please. I'd love to setup something similiar for the PowerShell+DevOps Summit. #pstweetchat

— Jeff Hicks (https://techhub.social/@JeffHicks) (@JeffHicks) February 2, 2018

so here it is! Looking forward to seeing the comparison between the PowerShell and Devops Summit and the PowerShell Conference Europe 🙂

This is an overview of how it works

A Microsoft Flow looks for tweets with the #PSConfEU hashtag and then gets the information about the tweet
Microsoft Cognitive Services Text Analysis API analyses the sentiment of the tweet and provides a score between 0 (negative) and 1 (positive)
Details about the tweet and the sentiment are saved in Azure SQL database
A PowerBi report uses that data and provides the report

You will find all of the resources and the scripts to do all of the below in the GitHub repo. So clone it and navigate to the filepath

Create Database

First lets create a database. Connect to your Azure subscription

## Log in to your Azure subscription using the Add-AzureRmAccount command and follow the on-screen directions.

 Add-AzureRmAccount

## Select the subscription

Set-AzureRmContext -SubscriptionId YourSubscriptionIDHere

Then set some variables

# The data center and resource name for your resources
$resourcegroupname = "twitterresource"
$location = "WestEurope"
# The logical server name: Use a random value or replace with your own value (do not capitalize)
$servername = "server-$(Get-Random)"
# Set an admin login and password for your database
# The login information for the server You need to set these and uncomment them - Dont use these values

# $adminlogin = "ServerAdmin"                
# $password = "ChangeYourAdminPassword1"

# The ip address range that you want to allow to access your server - change as appropriate
# $startip = "0.0.0.0"
# $endip = "0.0.0.0"

# To just add your own IP Address
$startip = $endip = (Invoke-WebRequest 'http://myexternalip.com/raw').Content -replace "`n"

# The database name
$databasename = "tweets"

$AzureSQLServer = "$servername.database.windows.net,1433"
$Table = "table.sql"
$Proc = "InsertTweets.sql"

They should all make sense, take note that you need to set and uncomment the login and password and choose which IPs to allow through the firewall

Create a Resource Group

## Create a resource group

New-AzureRmResourceGroup -Name $resourcegroupname -Location $location

Create a SQL Server

## Create a Server

$newAzureRmSqlServerSplat = @{
    SqlAdministratorCredentials = $SqlAdministratorCredentials
    ResourceGroupName = $resourcegroupname
    ServerName = $servername
    Location = $location
}
New-AzureRmSqlServer @newAzureRmSqlServerSplat

Create a firewall rule, I just use my own IP and add the allow azure IPs

$newAzureRmSqlServerFirewallRuleSplat = @{
    EndIpAddress = $endip
    StartIpAddress = $startip
    ServerName = $servername
    ResourceGroupName = $resourcegroupname
    FirewallRuleName = "AllowSome"
}
New-AzureRmSqlServerFirewallRule @newAzureRmSqlServerFirewallRuleSplat

# Allow Azure IPS

$newAzureRmSqlServerFirewallRuleSplat = @{
    AllowAllAzureIPs = $true
    ServerName = $servername
    ResourceGroupName = $resourcegroupname
}
New-AzureRmSqlServerFirewallRule @newAzureRmSqlServerFirewallRuleSplat

Create a database

# Create a database

$newAzureRmSqlDatabaseSplat = @{
    ServerName = $servername
    ResourceGroupName = $resourcegroupname
    Edition = 'Basic'
    DatabaseName = $databasename
}
New-AzureRmSqlDatabase  @newAzureRmSqlDatabaseSplat

I have used the dbatools module to run the scripts to create the database. You can get it using

Install-Module dbatools # -Scope CurrentUser # if not admin process

Run the scripts

# Create a credential

$newObjectSplat = @{
    ArgumentList = $adminlogin, $(ConvertTo-SecureString -String $password -AsPlainText -Force)
    TypeName = 'System.Management.Automation.PSCredential'
}
$SqlAdministratorCredentials = New-Object @newObjectSplat

## Using dbatools module

$invokeDbaSqlCmdSplat = @{
    SqlCredential = $SqlAdministratorCredentials
    Database = $databasename
    File = $Table,$Proc
    SqlInstance = $AzureSQLServer
}
Invoke-DbaSqlCmd @invokeDbaSqlCmdSplat

This will have created the following in Azure, you can see it in the portal

07 - portal.png

You can connect to the database in SSMS and you will see

Create Cognitive Services

Now you can create the Text Analysis Cognitive Services API

First login (if you need to) and set some variables

## This creates cognitive services for analysing the tweets

## Log in to your Azure subscription using the Add-AzureRmAccount command and follow the on-screen directions.

Add-AzureRmAccount

## Select the subscription

Set-AzureRmContext -SubscriptionId YOUR SUBSCRIPTION ID HERE

#region variables
# The data center and resource name for your resources
$resourcegroupname = "twitterresource"
$location = "WestEurope"
$APIName = 'TweetAnalysis'
#endregion

Then create the API and get the key

#Create the cognitive services

$newAzureRmCognitiveServicesAccountSplat = @{
    ResourceGroupName = $resourcegroupname
    Location = $location
    SkuName = 'F0'
    Name = $APIName
    Type = 'TextAnalytics'
}
New-AzureRmCognitiveServicesAccount @newAzureRmCognitiveServicesAccountSplat

# Get the Key

$getAzureRmCognitiveServicesAccountKeySplat = @{
    Name = $APIName
    ResourceGroupName = $resourcegroupname
}
Get-AzureRmCognitiveServicesAccountKey @getAzureRmCognitiveServicesAccountKeySplat

You will need to accept the prompt

Copy the Endpoint URL as you will need it.Then save one of the keys for the next step!

Create the Flow

I have exported the Flow to a zip file and also the json for a PowerApp (no details about that in this post). Both are available in the Github repo. I have submitted a template but it is not available yet.

Navigate to https://flow.microsoft.com/ and sign in

Creating Connections

You will need to set up your connections. Click New Connection and search for Text

Click Add and fill in the Account Key and the Site URL from the steps above

click new connection and search for SQL Server

Enter the SQL Server Name (value of $AzureSQLServer) , Database Name , User Name and Password from the steps above

Click new Connection and search for Twitter and create a connection (the authorisation pop-up may be hidden behind other windows!)

Import the Flow

If you have a premium account you can import the flow, click Import

and choose the import.zip from the Github Repo

Click on Create as new and choose a name

Click select during import next to Sentiment and choose the Sentiment connection

Select during import for the SQL Server Connection and choose the SQL Server Connection and do the same for the Twitter Connection

Then click import

Create the flow without import

If you do not have a premium account you can still create the flow using these steps. I have created a template but it is not available at the moment. Create the connections as above and then click Create from blank.

Choose the trigger When a New Tweet is posted and add a search term. You may need to choose the connection to twitter by clicking the three dots

Click Add an action

search for detect and choose the Text Analytics Detect Sentiment

Enter the name for the connection, the account key and the URL from the creation of the API above. If you forgot to copy them

#region Forgot the details

# Copy the URL if you forget to save it

$getAzureRmCognitiveServicesAccountSplat = @{
    Name = $APIName
    ResourceGroupName = $resourcegroupname
}
(Get-AzureRmCognitiveServicesAccount @getAzureRmCognitiveServicesAccountSplat).Endpoint | Clip

# Copy the Key if you forgot

$getAzureRmCognitiveServicesAccountKeySplat = @{
    Name = $APIName
    ResourceGroupName = $resourcegroupname
}
(Get-AzureRmCognitiveServicesAccountKey @getAzureRmCognitiveServicesAccountKeySplat).Key1 | Clip

#endregion

Click in the text box and choose Tweet Text

Click New Step and add an action. Search for SQL Server and choose SQL Server – Execute Stored Procedure

Choose the stored procedure [dbo].[InsertTweet]

Fill in as follows

__PowerAppsID__ 0
Date Created At
Sentiment Score
Tweet Tweet Text
UserLocation Location
UserName Tweeted By

as shown below

Give the flow a name at the top and click save flow

Connect PowerBi

Open the PSConfEU Twitter Analysis Direct.pbix from the GitHub repo in PowerBi Desktop. Click the arrow next to Edit Queries and then change data source settings

Click Change source and enter the server (value of $AzureSQLServer) and the database name. It will alert you to apply changes

It will then pop-up with a prompt for the credentials. Choose Database and enter your credentials and click connect

and your PowerBi will be populated from the Azure SQL Database 🙂 This will fail if there are no records in the table because your flow hasn’t run yet. If it does just wait until you see some tweets and then click apply changes again.

You will probably want to alter the pictures and links etc and then yo can publish the report

Happy Twitter Analysis

Dont forget to keep an eye on your flow runs to make sure they have succeeded.

How to write a PowerShell function to use Confirm, Verbose and WhatIf

Posted on January 25, 2018 by RobSewell

In my last blog post I showed how to run a script with the WhatIf parameter. This assumes that the commands within the script have been written to use the common parameters Confirm, Verbose and WhatIf.

Someone asked me how to make sure that any functions that they write will be able to do this.

it is very easy

When we define our function we are going to add [cmdletbinding(SupportsShouldProcess)] at the top

function Set-FileContent {
[cmdletbinding(SupportsShouldProcess)]
Param()

and every time we perform an action that will change something we put that code inside a code block like this

if ($PSCmdlet.ShouldProcess("The Item" , "The Change")) {
    # place code here
}

and alter The Item and The Change as appropriate.

I have created a snippet for VS Code to make this quicker for me. To add it to your VS Code. Click the settings button bottom right, Click User Snippets, choose the powershell json and add the code below between the last two }’s (Don’t forget the comma)

,
		"IfShouldProcess": {
		"prefix": "IfShouldProcess",
		"body": [
			"if ($$PSCmdlet.ShouldProcess(\"The Item\" , \"The Change\")) {",
			"   # Place Code here",
			"}"
				],
			"description": "Shows all the colour indexes for the Excel colours"
	}

and save the powershell.json file

Then when you are writing your code you can simply type “ifs” and tab and the code will be generated for you

As an example I shall create a function wrapped around Set-Content just so that you can see what happens.

function Set-FileContent {
    [cmdletbinding(SupportsShouldProcess)]
    Param(
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]$Content,
        [Parameter(Mandatory = $true)]
        [ValidateScript( {Test-Path $_ })]
        [string]$File
    )
    if ($PSCmdlet.ShouldProcess("$File" , "Adding $Content to ")) {
        Set-Content -Path $File -Value $Content
    }
}

I have done this before because if the file does not exist then Set-Content will create a new file for you, but with this function I can check if the file exists first with the ValidateScript before running the rest of the function.

As you can see I add variables from my PowerShell code into the “The Item” and “The Change”. If I need to add a property of an object I use $($Item.Property).

So now, if I want to see what my new function would do if I ran it without actually making any changes I have -WhatIf added to my function automagically.

Set-FileContent -File C:\temp\number1\TextFile.txt -Content "This is the New Content" -WhatIf

If I want to confirm any action I take before it happens I have -Confirm

Set-FileContent -File C:\temp\number1\TextFile.txt -Content "This is the New Content" -Confirm

As you can see it also give the confirm prompts for the Set-Content command

You can also see the verbose messages with

Set-FileContent -File C:\temp\number1\TextFile.txt -Content "This is the New Content" -Verbose

So to summarise, it is really very simple to add Confirm, WhatIf and Verbose to your functions by placing [cmdletbinding(SupportsShouldProcess)] at the top of the function and placing any code that makes a change inside

if ($PSCmdlet.ShouldProcess("The Item" , "The Change")) {

with some values that explain what the code is doing to the The Item and The Change.

Bonus Number 1 – This has added support for other common parameters as well – Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable.

Bonus Number 2 – This has automatically been added to your Help

Bonus Number 3 – This has reduced the amount of comments you need to write and improved other peoples understanding of what your code is supposed to do 🙂 People can read your code and read what you have entered for the IfShouldProcess and that will tell them what the code is supposed to do 🙂

Now you have seen how easy it is to write more professional PowerShell functions

How to run a PowerShell script file with Verbose, Confirm or WhatIf

Posted on January 23, 2018 by RobSewell

Before you run a PowerShell command that makes a change to something you should check that it is going to do what you expect. You can do this by using the WhatIf parameter for commands that support it. For example, if you wanted to create a New SQL Agent Job Category you would use the awesome dbatools module and write some code like this

New-DbaAgentJobCategory -SqlInstance ROB-XPS -Category 'Backup'

before you run it, you can check what it is going to do using

New-DbaAgentJobCategory -SqlInstance ROB-XPS -Category 'Backup' -WhatIf

which gives a result like this

This makes it easy to do at the command line but when we get confident with PowerShell we will want to write scripts to perform tasks using more than one command. So how can we ensure that we can check that those will do what we are expecting without actually running the script and see what happens? Of course, there are Unit and integration testing that should be performed using Pester when developing the script but there will still be occasions when we want to see what this script will do this time in this environment.

Lets take an example. We want to place our SQL Agent jobs into specific custom categories depending on their name. We might write a script like this

<#
.SYNOPSIS
Adds SQL Agent Jobs to categories and creates the categories if needed

.DESCRIPTION
Adds SQL Agent Jobs to categories and creates the categories if needed. Creates
Backup', 'Index', 'TroubleShooting','General Info Gathering' categories and adds
the agent jobs depending on name to the category

.PARAMETER Instance
The Instance to run the script against
#>

Param(
    [string]$Instance
)

$Categories = 'Backup', 'Index','DBCC', 'TroubleShooting', 'General Info Gathering'

$Categories.ForEach{
    ## Create Category if it doesnot exist
    If (-not  (Get-DbaAgentJobCategory -SqlInstance $instance -Category $PSItem)) {
        New-DbaAgentJobCategory -SqlInstance $instance -Category $PSItem -CategoryType LocalJob
    }
}

## Get the agent jobs and iterate through them
(Get-DbaAgentJob -SqlInstance $instance).ForEach{
    ## Depending on the name of the Job - Put it in a Job Category
    switch -Wildcard ($PSItem.Name) {
        '*DatabaseBackup*' { 
            Set-DbaAgentJob -SqlInstance $instance -Job $PSItem -Category 'Backup'
        }
        '*Index*' { 
            Set-DbaAgentJob -SqlInstance $instance -Job $PSItem -Category 'Index'
        }
        '*DatabaseIntegrity*' { 
            Set-DbaAgentJob -SqlInstance $instance -Job $PSItem -Category 'DBCC'
        }
        '*Log SP_*' { 
            Set-DbaAgentJob -SqlInstance $instance -Job $PSItem -Category 'TroubleShooting'
        }
        '*Collection*' { 
            Set-DbaAgentJob -SqlInstance $instance -Job $PSItem -Category 'General Info Gathering'
        }
        ## Otherwise put it in the uncategorised category
        Default {
            Set-DbaAgentJob -SqlInstance $instance -Job $PSItem -Category '[Uncategorized (Local)]'
        }
    }
}

You can run this script against any SQL instance by calling it and passing an instance parameter from the command line like this

 & C:\temp\ChangeJobCategories.ps1 -instance ROB-XPS

If you wanted to see what would happen, you could edit the script and add the WhatIf parameter to every changing command but that’s not really a viable solution. What you can do is

$PSDefaultParameterValues['*:WhatIf'] = $true

this will set all commands that accept WhatIf to use the WhatIf parameter. This means that if you are using functions that you have written internally you must ensure that you write your functions to use the common parameters

Once you have set the default value for WhatIf as above, you can simply call your script and see the WhatIf output

 & C:\temp\ChangeJobCategories.ps1 -instance ROB-XPS

which will show the WhatIf output for the script

Once you have checked that everything is as you expected then you can remove the default value for the WhatIf parameter and run the script

$PSDefaultParameterValues['*:WhatIf'] = $false
& C:\temp\ChangeJobCategories.ps1 -instance ROB-XPS

and get the expected output

If you wish to see the verbose output or ask for confirmation before any change you can set those default parameters like this

## To Set Verbose output
$PSDefaultParameterValues['*:Verbose'] = $true

## To Set Confirm
$PSDefaultParameterValues['*:Confirm'] = $true

and set them back by setting to false

Create Project and link to GitHub

Run Unit Tests with Pester

Trigger

Saving the Build Definition

Update the Module Version

Sign the code with a certificate

Publish your artifact

Publish to the PowerShell Gallery

Added Extra – Dashboard

Added Extra – Badges

Share this:

Like this:

Share this:

Like this:

HADR Tests

Saving Configuration for reuse

Share this:

Like this:

What is Splatting?

Share this:

Like this:

108 Configurations

First Configurations

Exclude a Check

Creating an environment config and exporting it to use any time we like

SQL Authentication

Development Environment Configuration

Using The Different Configurations

Combining Configurations Into One Result Set

It’s Open Source – We Want Your Ideas, Issues, New Code

Thank You

Share this:

Like this:

Validate Your SQL Instances?

Installation

80 Checks

108 Configurations

Running A Check

Setting a Configuration

The Show Parameter

Test Results are for other People as well

It’s Open Source – We Want Your Ideas, Issues, New Code

Further Reading

Thank You

Share this:

Like this:

The Problem

Turning on Verbose Logging

Reproduce the error

Open an issue on GitHub

The Resolution

Share this:

Like this:

Create Database

Create Cognitive Services

Create the Flow

Creating Connections

Import the Flow

Create the flow without import

Connect PowerBi

Share this:

Like this:

Share this:

Like this:

Share this:

Like this: