-
[MSSQL] MSSQL2012 사용자계정 추출SQL Server/스크립트 2022. 4. 9. 16:20
전편 [MSSQL] MSSQL2000 로그인정보추출에서는 MSSQL2000용 사용자계정 추출 스크립트를 기재
이번에는 Microsoft도큐먼트에도 올라와있지만 찾기 귀찮아서 기록해두려고 기재.
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135USE masterGOIF OBJECT_ID ('sp_hexadecimal') IS NOT NULLDROP PROCEDURE sp_hexadecimalGOCREATE PROCEDURE sp_hexadecimal@binvalue varbinary(256),@hexvalue varchar (514) OUTPUTASDECLARE @charvalue varchar (514)DECLARE @i intDECLARE @length intDECLARE @hexstring char(16)SELECT @charvalue = '0x'SELECT @i = 1SELECT @length = DATALENGTH (@binvalue)SELECT @hexstring = '0123456789ABCDEF'WHILE (@i <= @length)BEGINDECLARE @tempint intDECLARE @firstint intDECLARE @secondint intSELECT @tempint = CONVERT(int, SUBSTRING(@binvalue,@i,1))SELECT @firstint = FLOOR(@tempint/16)SELECT @secondint = @tempint - (@firstint*16)SELECT @charvalue = @charvalue +SUBSTRING(@hexstring, @firstint+1, 1) +SUBSTRING(@hexstring, @secondint+1, 1)SELECT @i = @i + 1ENDSELECT @hexvalue = @charvalueGOIF OBJECT_ID ('sp_help_revlogin') IS NOT NULLDROP PROCEDURE sp_help_revloginGOCREATE PROCEDURE sp_help_revlogin @login_name sysname = NULL ASDECLARE @name sysnameDECLARE @type varchar (1)DECLARE @hasaccess intDECLARE @denylogin intDECLARE @is_disabled intDECLARE @PWD_varbinary varbinary (256)DECLARE @PWD_string varchar (514)DECLARE @SID_varbinary varbinary (85)DECLARE @SID_string varchar (514)DECLARE @tmpstr varchar (1024)DECLARE @is_policy_checked varchar (3)DECLARE @is_expiration_checked varchar (3)DECLARE @defaultdb sysnameIF (@login_name IS NULL)DECLARE login_curs CURSOR FORSELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROMsys.server_principals p LEFT JOIN sys.syslogins lON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name <> 'sa'ELSEDECLARE login_curs CURSOR FORSELECT p.sid, p.name, p.type, p.is_disabled, p.default_database_name, l.hasaccess, l.denylogin FROMsys.server_principals p LEFT JOIN sys.syslogins lON ( l.name = p.name ) WHERE p.type IN ( 'S', 'G', 'U' ) AND p.name = @login_nameOPEN login_cursFETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denyloginIF (@@fetch_status = -1)BEGINPRINT 'No login(s) found.'CLOSE login_cursDEALLOCATE login_cursRETURN -1ENDSET @tmpstr = '/* sp_help_revlogin script 'PRINT @tmpstrSET @tmpstr = '** Generated ' + CONVERT (varchar, GETDATE()) + ' on ' + @@SERVERNAME + ' */'PRINT @tmpstrPRINT ''WHILE (@@fetch_status <> -1)BEGINIF (@@fetch_status <> -2)BEGINPRINT ''SET @tmpstr = '-- Login: ' + @namePRINT @tmpstrIF (@type IN ( 'G', 'U'))BEGIN -- NT authenticated account/groupSET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name ) + ' FROM WINDOWS WITH DEFAULT_DATABASE = [' + @defaultdb + ']'ENDELSE BEGIN -- SQL Server authentication-- obtain password and sidSET @PWD_varbinary = CAST( LOGINPROPERTY( @name, 'PasswordHash' ) AS varbinary (256) )EXEC sp_hexadecimal @PWD_varbinary, @PWD_string OUTEXEC sp_hexadecimal @SID_varbinary,@SID_string OUT-- obtain password policy stateSELECT @is_policy_checked = CASE is_policy_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @nameSELECT @is_expiration_checked = CASE is_expiration_checked WHEN 1 THEN 'ON' WHEN 0 THEN 'OFF' ELSE NULL END FROM sys.sql_logins WHERE name = @nameSET @tmpstr = 'CREATE LOGIN ' + QUOTENAME( @name ) + ' WITH PASSWORD = ' + @PWD_string + ' HASHED, SID = ' + @SID_string + ', DEFAULT_DATABASE = [' + @defaultdb + ']'IF ( @is_policy_checked IS NOT NULL )BEGINSET @tmpstr = @tmpstr + ', CHECK_POLICY = ' + @is_policy_checkedENDIF ( @is_expiration_checked IS NOT NULL )BEGINSET @tmpstr = @tmpstr + ', CHECK_EXPIRATION = ' + @is_expiration_checkedENDENDIF (@denylogin = 1)BEGIN -- login is denied accessSET @tmpstr = @tmpstr + '; DENY CONNECT SQL TO ' + QUOTENAME( @name )ENDELSE IF (@hasaccess = 0)BEGIN -- login exists but does not have accessSET @tmpstr = @tmpstr + '; REVOKE CONNECT SQL TO ' + QUOTENAME( @name )ENDIF (@is_disabled = 1)BEGIN -- login is disabledSET @tmpstr = @tmpstr + '; ALTER LOGIN ' + QUOTENAME( @name ) + ' DISABLE'ENDPRINT @tmpstrENDFETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @type, @is_disabled, @defaultdb, @hasaccess, @denyloginENDCLOSE login_cursDEALLOCATE login_cursRETURN 0GOcs ※사용방법
상기 쿼리를 1회 실행해서 StoredProcedure를 생성한 후,
EXEC sp_help_revlogin 실행.
실행 후 나오는 메시지 탭의 내용을
이전할 SQL 서버에 실행하면 사용자 매핑 및 계정정보가 일치하게 생성이 된다.아래는 Microsoft제공 도큐먼트
출처 : https://support.microsoft.com/en-us/kb/918992'SQL Server > 스크립트' 카테고리의 다른 글
[MSSQL] 에이전트잡(AgentJob) 스크립트 추출 (0) 2023.09.18 [MSSQL] 연결된서버(LinkedServer) 스크립트 추출 (0) 2023.09.18 [MSSQL] 테이블 건수 확인(Row) (0) 2022.04.09 [MSSQL] MSSQL2000 사용자계정 추출 (0) 2022.04.09 [MSSQL] 트리거(Trigger) 스크립트 추출 (0) 2022.04.09