導出/備份SQL登錄信息

我有一定的困境，使用SQL Server 2005和2008。導出/備份SQL登錄信息

有一個需要執行的緊急情況，唯一的方法（SLA限制）是使用某個SQL登錄名。問題是，有密碼的人無法聯繫到，我們很快需要執行更新（通過應用程序以及使用腳本和ssis）。

當前的討論是更改密碼，然後恢復原來的。

那麼，這可能嗎？導出或備份SQL登錄？（堂妹如果是這樣，那麼我們的確很容易修改密碼，進行更新，然後恢復原來的）

For this scenario, kindly assume that we need to backup the 
SQL login's info (including the password)

來源

2013-03-02 Yasker Yasker

好問題。如果你在這裏沒有得到答案，你可以嘗試http://dba.stackexchange.com/ – 2013-03-02 03:00:13

您可以編寫腳本使用密碼哈希登錄。然後做你需要做的事情，最後放棄登錄並使用腳本重新創建它。有幾篇文章介紹瞭如何執行腳本步驟，例如：http://weblogs.sqlteam.com/billg/archive/2010/07/08/Scripting-out-SQL-Server-Logins.aspx

但是，刪除登錄會刪除授予該登錄名的所有權限。此外，還有一些防止登錄被丟棄的事情，例如它擁有一個數據庫。

因此，您還需要腳本化權限並臨時重新分配這些登錄名的所有權。

您可以使用密碼哈希來直接重置密碼，但我從來沒有嘗試過。如果這樣做，你不必做所有的丟棄和重新創建。備份所有的登錄

腳本：

USE [master] 
GO 

/****** Object: UserDefinedFunction [dbo].[fn_hexadecimal] ****/ 
SET ANSI_NULLS ON 
GO 

SET QUOTED_IDENTIFIER ON 
GO 

CREATE FUNCTION [dbo].[fn_hexadecimal] 
(
    -- Add the parameters for the function here 
    @binvalue varbinary(256) 
) 
RETURNS VARCHAR(256) 
AS 
BEGIN 

    DECLARE @charvalue varchar(256) 
    DECLARE @i int 
    DECLARE @length int 
    DECLARE @hexstring char(16) 
    SELECT @charvalue = '0x' 
    SELECT @i = 1 
    SELECT @length = DATALENGTH (@binvalue) 
    SELECT @hexstring = 'ABCDEF' 
    WHILE (@i <= @length) 
    BEGIN 
     DECLARE @tempint int 
     DECLARE @firstint int 
     DECLARE @secondint int 
     SELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1)) 
     SELECT @firstint = FLOOR(@tempint/16) 
     SELECT @secondint = @tempint - (@firstint*16) 
     SELECT @charvalue = @charvalue + 
     SUBSTRING(@hexstring, @firstint+1, 1) + 
     SUBSTRING(@hexstring, @secondint+1, 1) 
     SELECT @i = @i + 1 
    END 
    return @charvalue 

END 
GO 


SET NOCOUNT ON 
GO 
--use MASTER 
GO 
PRINT '-----------------------------------------------------------------------------' 
PRINT '-- Script created on ' + CAST(GETDATE() AS VARCHAR(100)) 
PRINT '-----------------------------------------------------------------------------' 
PRINT '' 
PRINT '-----------------------------------------------------------------------------' 
PRINT '-- Create the windows logins' 
PRINT '-----------------------------------------------------------------------------' 
SELECT 'IF NOT EXISTS (SELECT * FROM master.sys.server_principals WHERE [name] = ''' + [name] + ''') 
    CREATE LOGIN [' + [name] + '] FROM WINDOWS WITH DEFAULT_DATABASE=[' + 
     default_database_name + '], DEFAULT_LANGUAGE=[us_english] 
GO 

' 
FROM master.sys.server_principals 
where type_desc In ('WINDOWS_GROUP', 'WINDOWS_LOGIN') 
AND [name] not like 'BUILTIN%' 
and [NAME] not like 'NT AUTHORITY%' 
and [name] not like '%\SQLServer%' 
GO 

PRINT '-----------------------------------------------------------------------------' 
PRINT '-- Create the SQL Logins' 
PRINT '-----------------------------------------------------------------------------' 
select 'IF NOT EXISTS (SELECT * FROM master.sys.sql_logins WHERE [name] = ''' + [name] + ''') 
    CREATE LOGIN [' + [name] + '] 
     WITH PASSWORD=' + [master].[dbo].[fn_hexadecimal](password_hash) + ' HASHED, 
     SID = ' + [master].[dbo].[fn_hexadecimal]([sid]) + ', 
     DEFAULT_DATABASE=[' + default_database_name + '], DEFAULT_LANGUAGE=[us_english], 
     CHECK_EXPIRATION=' + CASE WHEN is_expiration_checked = 1 THEN 'ON' ELSE 'OFF' END + ', CHECK_POLICY=OFF 
GO 
IF EXISTS (SELECT * FROM master.sys.sql_logins WHERE [name] = ''' + [name] + ''') 
    ALTER LOGIN [' + [name] + '] 
     WITH CHECK_EXPIRATION=' + 
      CASE WHEN is_expiration_checked = 1 THEN 'ON' ELSE 'OFF' END + ', CHECK_POLICY=' + 
      CASE WHEN is_policy_checked = 1 THEN 'ON' ELSE 'OFF' END + ' 
GO 


' 
--[name], [sid] , password_hash 
from master.sys.sql_logins 
where type_desc = 'SQL_LOGIN' 
and [name] not in ('sa', 'guest') 

PRINT '-----------------------------------------------------------------------------' 
PRINT '-- Disable any logins' 
PRINT '-----------------------------------------------------------------------------' 
SELECT 'ALTER LOGIN [' + [name] + '] DISABLE 
GO 
' 
from master.sys.server_principals 
where is_disabled = 1 

PRINT '-----------------------------------------------------------------------------' 
PRINT '-- Assign groups' 
PRINT '-----------------------------------------------------------------------------' 
select 
'EXEC master..sp_addsrvrolemember @loginame = N''' + l.name + ''', @rolename = N''' + r.name + ''' 
GO 

' 
from master.sys.server_role_members rm 
join master.sys.server_principals r on r.principal_id = rm.role_principal_id 
join master.sys.server_principals l on l.principal_id = rm.member_principal_id 
where l.[name] not in ('sa') 
AND l.[name] not like 'BUILTIN%' 
and l.[NAME] not like 'NT AUTHORITY%' 
and l.[name] not like '%\SQLServer%'

來源

2013-03-02 03:07:16

您可以使用腳本備份/使用Microsoft SQL Server恢復登錄

第1步：創建執行sp_help_revlogin過程

IF OBJECT_ID ('sp_hexadecimal') IS NOT NULL 
    DROP PROCEDURE sp_hexadecimal 
GO 
CREATE PROCEDURE sp_hexadecimal 
    @binvalue varbinary(256), 
    @hexvalue varchar (514) OUTPUT 
AS 
DECLARE @charvalue varchar (514) 
DECLARE @i int 
DECLARE @length int 
DECLARE @hexstring char(16) 
SELECT @charvalue = '0x' 
SELECT @i = 1 
SELECT @length = DATALENGTH (@binvalue) 
SELECT @hexstring = 'ABCDEF' 
WHILE (@i <= @length) 
BEGIN 
    DECLARE @tempint int 
    DECLARE @firstint int 
    DECLARE @secondint int 
    SELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1)) 
    SELECT @firstint = FLOOR(@tempint/16) 
    SELECT @secondint = @tempint - (@firstint*16) 
    SELECT @charvalue = @charvalue + 
    SUBSTRING(@hexstring, @firstint+1, 1) + 
    SUBSTRING(@hexstring, @secondint+1, 1) 
    SELECT @i = @i + 1 
END 

SELECT @hexvalue = @charvalue 
GO 

IF OBJECT_ID ('sp_help_revlogin') IS NOT NULL 
    DROP PROCEDURE sp_help_revlogin 
GO 
CREATE PROCEDURE sp_help_revlogin @login_name sysname = NULL AS 
DECLARE @name sysname 
DECLARE @type varchar (1) 
DECLARE @hasaccess int 
DECLARE @denylogin int 
DECLARE @is_disabled int 
DECLARE @PWD_varbinary varbinary (256) 
DECLARE @PWD_string varchar (514) 
DECLARE @SID_varbinary varbinary (85) 
DECLARE @SID_string varchar (514) 
DECLARE @tmpstr varchar (1024) 
DECLARE @is_policy_checked varchar (3) 
DECLARE @is_expiration_checked varchar (3) 

DECLARE @defaultdb sysname 

IF (@login_name IS NULL) 
    DECLARE login_curs CURSOR FOR 

     SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROM 
sys.server_principals p LEFT JOIN sys.syslogins l 
     ON (l.name = p.name) WHERE p.type IN ('S', 'G', 'U') AND p.name <> 'sa' 
ELSE 
    DECLARE login_curs CURSOR FOR 


     SELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROM 
sys.server_principals p LEFT JOIN sys.syslogins l 
     ON (l.name = p.name) WHERE p.type IN ('S', 'G', 'U') AND p.name = @login_name 
OPEN login_curs 

FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denylogin 
IF (@@fetch_status = -1) 
BEGIN 
    PRINT 'No login(s) found.' 
    CLOSE login_curs 
    DEALLOCATE login_curs 
    RETURN -1 
END 
SET @tmpstr = '/* sp_help_revlogin script ' 
PRINT @tmpstr 
SET @tmpstr = '** Generated ' + CONVERT (varchar, GETDATE()) + ' on ' + @@SERVERNAME + ' */' 
PRINT @tmpstr 
PRINT '' 
WHILE (@@fetch_status <> -1) 
BEGIN 
    IF (@@fetch_status <> -2) 
    BEGIN 
    PRINT '' 
    SET @tmpstr = '-- Login: ' + @name 
    PRINT @tmpstr 
    IF (@type IN ('G', 'U')) 
    BEGIN -- NT authenticated account/group 

     SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME(@name) + ' FROM WINDOWS WITH DEFAULT_DATABASE = [' + @defaultdb + ']' 
    END 
    ELSE BEGIN -- SQL Server authentication 
     -- obtain password and sid 
      SET @PWD_varbinary = CAST(LOGINPROPERTY(@name, 'PasswordHash') AS varbinary (256)) 
     EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUT 
     EXEC sp_hexadecimal @SID_varbinary,@SID_string OUT 

     -- obtain password policy state 
     SELECT @is_policy_checked = CASE is_policy_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name 
     SELECT @is_expiration_checked = CASE is_expiration_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @name 

      SET @tmpstr = 'CREATE LOGIN ' + QUOTENAME(@name) + ' WITH PASSWORD = ' + @PWD_string + ' HASHED, SID = ' + @SID_string + ', DEFAULT_DATABASE = [' + @defaultdb + ']' 

     IF (@is_policy_checked IS NOT NULL) 
     BEGIN 
      SET @tmpstr = @tmpstr + ', CHECK_POLICY = ' + @is_policy_checked 
     END 
     IF (@is_expiration_checked IS NOT NULL) 
     BEGIN 
      SET @tmpstr = @tmpstr + ', CHECK_EXPIRATION = ' + @is_expiration_checked 
     END 
    END 
    IF (@denylogin = 1) 
    BEGIN -- login is denied access 
     SET @tmpstr = @tmpstr + '; DENY CONNECT SQL TO ' + QUOTENAME(@name) 
    END 
    ELSE IF (@hasaccess = 0) 
    BEGIN -- login exists but does not have access 
     SET @tmpstr = @tmpstr + '; REVOKE CONNECT SQL TO ' + QUOTENAME(@name) 
    END 
    IF (@is_disabled = 1) 
    BEGIN -- login is disabled 
     SET @tmpstr = @tmpstr + '; ALTER LOGIN ' + QUOTENAME(@name) + ' DISABLE' 
    END 
    PRINT @tmpstr 
    END 

    FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denylogin 
    END 
CLOSE login_curs 
DEALLOCATE login_curs 
RETURN 0 
GO

步驟2：執行sp_help_revlogin並複製結果以恢復logi n

參考http://giasutinhoc.vn

來源

2016-01-11 10:25:13

導出/備份SQL登錄信息

回答

相關問題