我对t-sql还是很陌生,我编写了此查询来识别然后删除活动目录中不再存在的登录名。我不得不说它以某种方式起作用并且我得到了结果,但是我觉得有一种方法可以做得更好。有谁能帮助我朝正确的方向发展? 谢谢!
-- delete temp tables if exist
IF OBJECT_ID('tempdb..#TMP_SP_VALIDATELOGINS') IS NOT NULL BEGIN
DROP TABLE #TMP_SP_VALIDATELOGINS
END
IF OBJECT_ID('tempdb..#mytemp') IS NOT NULL BEGIN
DROP TABLE #mytemp
END
-- find invalid logins and put them into temp table
CREATE TABLE #TMP_SP_VALIDATELOGINS
(
COL_SID varbinary(85) NOT NULL
, COL_NT_Login SYSNAME NOT NULL
)
INSERT INTO #TMP_SP_VALIDATELOGINS
EXEC sp_validatelogins
-- add column for rowcount
set rowcount 0
select NULL mykey, * into #mytemp from #TMP_SP_VALIDATELOGINS
set rowcount 1
update #mytemp set mykey = 1
DECLARE @login NVARCHAR(MAX)
while @@rowcount > 0
begin
set rowcount 0
-- select name to drop
set @login = (select COL_NT_Login from #mytemp where mykey = 1)
declare @drop varchar(200)
set @drop = (select 'drop login [' + name + '];'
from sys.server_principals
WHERE name = @login )
exec (@drop)
delete #mytemp where mykey = 1
set rowcount 1
update #mytemp set mykey = 1
end
set rowcount 0
DROP TABLE #mytemp
DROP TABLE #TMP_SP_VALIDATELOGINS
GO
答案 0 :(得分:0)
CREATE TABLE #TMP_SP_VALIDATELOGINS
(
COL_SID varbinary(85) NOT NULL
, COL_NT_Login SYSNAME NOT NULL
)
INSERT INTO #TMP_SP_VALIDATELOGINS
EXEC sp_validatelogins
-- the trick is to concatenate the `DROP LOGIN` command into one long string and execute it
declare @sql nvarchar(max)
select @sql = isnull(@sql, '')
+ 'DROP LOGIN ' + quotename(p.name) + ';' + char(13)
from #TMP_SP_VALIDATELOGINS l
inner join sys.server_principals p on l.COL_NT_Login = p.name
-- Print out to verify
print @sql
-- unmask to execute
-- exec sp_executesql @sql