DSCResources/xSQLServer/2.0.0.0/Examples/xSQLServerPermission.ps1
$ConfigData = @{ AllNodes = @( @{ NodeName= "*" CertificateFile = "C:\Certificates\dsc-public.cer" Thumbprint = "D6F57B6BE46A7162138687FB74DBAA1D4EB1A59B" SqlInstanceName = "MSSQLSERVER" PSDscAllowDomainUser = $true }, @{ NodeName = 'SQLNODE01.company.local' Role = "PrimaryReplica" }, @{ NodeName = 'SQLNODE02.company.local' Role = "SecondaryReplica" } ) } Configuration SQLAlwaysOnNodeConfig { param ( [Parameter(Mandatory=$false)] [ValidateNotNullorEmpty()] [PsCredential] $SqlAdministratorCredential ) Import-DscResource -ModuleName PSDesiredStateConfiguration Import-DscResource -ModuleName xSqlServer Node $AllNodes.Where{$_.Role -eq "PrimaryReplica" }.NodeName { # Add permission xSQLServerPermission SQLConfigureAlwaysOnPermissionHealthDetectionAccount { Ensure = "Present" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Principal = "NT AUTHORITY\SYSTEM" Permission = "AlterAnyAvailabilityGroup","ViewServerState" PsDscRunAsCredential = $SqlAdministratorCredential } # Remove permission xSQLServerPermission RemoveAlwaysOnPermissionHealthDetectionAccount { Ensure = "Absent" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Principal = "NT AUTHORITY\SYSTEM" Permission = "AlterAnyAvailabilityGroup","ViewServerState" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerPermission]SQLConfigureAlwaysOnPermissionHealthDetectionAccount" } } Node $AllNodes.Where{ $_.Role -eq "SecondaryReplica" }.NodeName { # Add permission xSQLServerPermission SQLConfigureAlwaysOnPermissionHealthDetectionAccount { Ensure = "Present" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Principal = "NT AUTHORITY\SYSTEM" Permission = "AlterAnyAvailabilityGroup","ViewServerState" PsDscRunAsCredential = $SqlAdministratorCredential } # Remove permission xSQLServerPermission RemoveAlwaysOnPermissionHealthDetectionAccount { Ensure = "Absent" NodeName = $Node.NodeName InstanceName = $Node.SqlInstanceName Principal = "NT AUTHORITY\SYSTEM" Permission = "AlterAnyAvailabilityGroup","ViewServerState" PsDscRunAsCredential = $SqlAdministratorCredential DependsOn = "[xSQLServerPermission]SQLConfigureAlwaysOnPermissionHealthDetectionAccount" } } } $SqlAdministratorCredential = Get-Credential -Message "Enter credentials for SQL Server administrator account" SQLAlwaysOnNodeConfig ` -SqlAdministratorCredential $SqlAdministratorCredential ` -ConfigurationData $ConfigData ` -OutputPath 'C:\Configuration' |