$source = "sqlserver"$destination = "sqlcluster"$smo = [Reflection.Assembly]:

1. $source = "sqlserver"
2. $destination = "sqlcluster"
3.  
4. $smo = [Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SMO")
5. $smoext = [Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SMOExtended")
6.  
7. $sourceserver = New-Object Microsoft.SqlServer.Management.Smo.Server $source
8. $destserver = New-Object Microsoft.SqlServer.Management.Smo.Server $destination
9.  
10. foreach ($sourcelogin in $sourceserver.logins) {
11. $destserver.refresh()
12. $destserver.logins.refresh()
13. $username = $sourcelogin.name
14. if ($destserver.logins[$username] -eq $null -and $sourcelogin.IsSystemObject -ne $true) {
15.  
16. $destlogin = New-Object Microsoft.SqlServer.Management.Smo.Login($destserver, $username)
17. $destlogin.set_Sid($sourcelogin.get_Sid())
18. if ($sourcelogin.PasswordPolicyEnforced) { $destlogin.PasswordPolicyEnforced = $true }
19. if ($sourcelogin.PasswordExpirationEnabled) { $destlogin.PasswordExpirationEnabled = $true }
20.  
21. $defaultdb = $sourcelogin.DefaultDatabase
22. if ($destserver.databases[$defaultdb] -eq $null) { $defaultdb = "master" }
23. $destlogin.DefaultDatabase = $defaultdb
24.  
25. if ($sourcelogin.LoginType -eq "SqlLogin") {
26. $sql = "SELECT CAST(CONVERT(varchar(256), CAST(LOGINPROPERTY(name,'PasswordHash')
27. AS varbinary (256)), 1) AS nvarchar(max)) as hashedpass FROM sys.server_principals
28. WHERE principal_id = $($sourcelogin.id)"
29.  
30. $destlogin.LoginType = "SqlLogin"
31. $hashedpass = ($sourceserver.databases['master'].ExecuteWithResults($sql)).Tables.hashedpass
32. $destlogin.Create($hashedpass, [Microsoft.SqlServer.Management.Smo.LoginCreateOptions]::IsHashed)
33. }
34. elseif ($sourcelogin.LoginType -eq "WindowsUser") {
35. $destlogin.LoginType = "WindowsUser"
36. $destlogin.Create()
37. }
38. else { Write-Warning "$($sourcelogin.LoginType) logins not supported. $($sourcelogin.name) skipped."; continue}
39.  
40.  
41. $destlogin.refresh()
42. if ($sourcelogin.DenyWindowsLogin) { $destlogin.DenyWindowsLogin = $true }
43. if ($sourcelogin.IsDisabled) { $destlogin.Disable() }
44. $destlogin.alter()
45.  
46. # Server Roles: sysadmin, bulkadmin, etc
47. foreach ($role in $sourceserver.roles) {
48. if ($role.EnumMemberNames() -contains $sourcelogin.name) {
49. if ($destserver.roles[$role.name] -ne $null) { $destlogin.AddToRole($role.name)}}
50. }
51.  
52. # Securables: Connect SQL, View any database, Administer Bulk Operations, etc.
53. $perms = $sourceserver.EnumServerPermissions($username)
54. foreach ($perm in $perms) {
55. $permstate = $perm.permissionstate
56. if ($permstate -eq "GrantWithGrant") { $grantwithgrant = $true; $permstate = "grant" } else { $grantwithgrant = $false }
57. $permset = New-Object Microsoft.SqlServer.Management.Smo.ServerPermissionSet($perm.permissiontype)
58. $destserver.$permstate($permset,$username,$grantwithgrant)
59. }
60.  
61. # Credential mapping
62. $logincredentials = $sourceserver.credentials | Where-Object {$_.Identity -eq $sourcelogin.name}
63. foreach ($credential in $logincredentials) {
64. if ($destserver.Credentials[$credential.name] -eq $null) {
65. $newcred = New-Object Microsoft.SqlServer.Management.Smo.Credential($destserver, $credential.name)
66. $newcred.identity = $sourcelogin.name
67. $newcred.Create()
68. } else {
69. $destlogin.AddCredential($credential.name)
70. }
71. }
72. # Database mappings are unnecessary because they're handled by the db migration.
73. }
74. }