SqlSpnManager

« All commands

Assert-SqlAccountStandard Validates an Active Directory account against a named compliance policy.

Read / Write SqlSpnManager v1.4.0

Description

Looks up the account in AD and asserts three policy invariants:

Throws on first failure with all violations joined into the exception message. Returns $true on full compliance. Designed to be called as a pre-flight check inside Start-SqlSpnConfiguration; can also be called standalone for ad-hoc validation.

Recipes

Recipe 1
EXAMPLE 1
Assert-SqlAccountStandard -SamAccountName svc_sql_prod -PolicyName Std_Engine
Recipe 2
EXAMPLE 2
Resolve-SqlPolicyFromContext -Scenario FCI -Role Engine | ForEach-Object {
    Assert-SqlAccountStandard -SamAccountName 'SQLFCI01
-PolicyName Assert-SqlAccountStandard - SqlSpnManager
SqlSpnManager

« All commands

{{BODY}}
}

Notes

The policy table lives in Get-SqlAccountPolicy. Adding a new role/scenario requires extending that table. Phase 0 ships with Std_Engine, Std_Engine_gMSA, Std_FCI_VNN, and Std_SSAS; other policies are Phase 1 work.

Parameters

-SamAccountName required String
SAM account name to validate (e.g., svc_sql_prod or SQLFCI01$).
-PolicyName required String
Policy key from Get-SqlAccountPolicy (e.g., Std_Engine, Std_FCI_VNN, Std_SSAS, Std_Engine_gMSA).

Was this page helpful? Report an issue or suggest an improvement →