CREATE LOGIN newDbAdmin WITH password='123isTheBestPasswordEver'CREATE USER new

1. CREATE LOGIN newDbAdmin WITH password='123isTheBestPasswordEver'
2. CREATE USER newDbAdmin
3.  
4. DROP USER oldAdmin
5. DROP LOGIN oldAdmin
6.  
7. -- in master
8. create login [XXXX] with password = 'YYYYY'
9. create user [XXXX] from login [XXXX];
10.  
11. -- if you want the user to be able to create databases and logins
12. exec sp_addRoleMember 'dbmanager', 'XXXX';
13. exec sp_addRoleMember 'loginmanager', 'XXXX'
14.  
15. -- in each individual database, to grant dbo
16. create user [XXXX] from login [XXXX];
17. exec sp_addRoleMember 'db_owner', 'XXXX';
18.  
19. $newSqlUser = 'YOUR_NEW_LOGIN_HERE';
20. $serverName = 'YOUR-SERVER-NAME.database.windows.net'
21. $sqlAdminLogin = 'YOUR-ADMIN-SQL-LOGIN'
22. $createAdminUser = $TRUE;
23.  
24. # generate a nice long random password
25. Add-Type -Assembly System.Web
26. $newSqlPassword = [Web.Security.Membership]::GeneratePassword(25,3) -Replace '[%&+=;:/]', "!";
27.  
28. # prompt for your server admin password.
29. # Don't need the username param here but can be nice to avoid retyping
30. $sqlCreds = get-Credential -Username $sqlAdminLogin -Message 'Enter admin sql credentials'
31.  
32. # Create login and user in master db
33. $sql = "create login [$newSqlUser] with password = '$newSqlPassword'; create user [$newSqlUser] from login [$newSqlUser];"
34. invoke-sqlcmd -Query $sql -ServerInstance $serverName -Database 'master' -Username $sqlCreds.UserName -Password ( $sqlCreds.GetNetworkCredential().Password )
35. "new login: $newSqlUser"
36. "password: $newSqlPassword"
37.  
38. # sql to create user in each db
39. if ( $createAdminUser ) { `
40. $createUserSql = "create user [$newSqlUser] from login [$newSqlUser]; exec sp_addRoleMember 'db_owner', '$newSqlUser'; "; `
41. } else { `
42. $createUserSql = "create user [$newSqlUser] from login [$newSqlUser]; exec sp_addRoleMember 'db_datareader', '$newSqlUser'; exec sp_addRoleMember 'db_denydatawriter', '$newSqlUser';"; `
43. }
44.  
45. # can't have multiple Invoke-SQLCmd in a pipeline so get the dbnames first, then iterate
46. $sql = "select name from sys.databases where name <> 'master';"
47. $dbNames = @()
48. invoke-sqlcmd -Query $sql -ServerInstance $serverName -Database 'master' -Username $sqlCreds.UserName -Password ( $sqlCreds.GetNetworkCredential().Password ) | `
49. foreach { $dbNames += $_.name }
50. # iterate over the dbs and add user to each one
51. foreach ($db in $dbNames ) { `
52. invoke-sqlcmd -Query $createUserSql -ServerInstance $serverName -Database $db -Username ($sqlCreds.UserName) -Password $( $sqlCreds.GetNetworkCredential().Password ); `
53. "created user in $db database"; `
54. }