functions/Copy-DbaLogin.ps1
function Copy-DbaLogin { <# .SYNOPSIS Migrates logins from source to destination SQL Servers. Supports SQL Server versions 2000 and newer. .DESCRIPTION SQL Server 2000: Migrates logins with SIDs, passwords, server roles and database roles. SQL Server 2005 & newer: Migrates logins with SIDs, passwords, defaultdb, server roles & securables, database permissions & securables, login attributes (enforce password policy, expiration, etc.) The login hash algorithm changed in SQL Server 2012, and is not backwards compatible with previous SQL Server versions. This means that while SQL Server 2000 logins can be migrated to SQL Server 2012, logins created in SQL Server 2012 can only be migrated to SQL Server 2012 and above. .PARAMETER Source Source SQL Server. You must have sysadmin access and server version must be SQL Server version 2000 or higher. .PARAMETER SourceSqlCredential Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance. .PARAMETER Destination Destination SQL Server. You must have sysadmin access and the server must be SQL Server 2000 or higher. .PARAMETER DestinationSqlCredential Login to the target instance using alternative credentials. Accepts PowerShell credentials (Get-Credential). Windows Authentication, SQL Server Authentication, Active Directory - Password, and Active Directory - Integrated are all supported. For MFA support, please use Connect-DbaInstance. .PARAMETER Login The login(s) to process. Options for this list are auto-populated from the server. If unspecified, all logins will be processed. .PARAMETER ExcludeLogin The login(s) to exclude. Options for this list are auto-populated from the server. .PARAMETER ExcludeSystemLogins If this switch is enabled, NT SERVICE accounts will be skipped. .PARAMETER ExcludePermissionSync Skips permission syncs .PARAMETER SyncSaName If this switch is enabled, the name of the sa account will be synced between Source and Destination .PARAMETER OutFile Calls Export-DbaLogin and exports all logins to a T-SQL formatted file. This does not perform a copy, so no destination is required. .PARAMETER InputObject Takes the parameters required from a Login object that has been piped into the command .PARAMETER NewSid Ignore sids from the source login objects to generate new sids on the destination server. Useful when copying login onto the same server .PARAMETER LoginRenameHashtable Pass a hash table into this parameter to create logins under different names based on hashtable mapping. .PARAMETER ObjectLevel Include object-level permissions for each user associated with copied login. .PARAMETER KillActiveConnection A login cannot be dropped when it has active connections on the instance. If this switch is enabled, all active connections and sessions on Destination will be killed. .PARAMETER WhatIf If this switch is enabled, no actions are performed but informational messages will be displayed that explain what would happen if the command were to run. .PARAMETER Confirm If this switch is enabled, you will be prompted for confirmation before executing any operations that change state. .PARAMETER Force If this switch is enabled, the Login(s) will be dropped and recreated on Destination. Logins that own Agent jobs cannot be dropped at this time. .PARAMETER EnableException By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting. Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch. .NOTES Tags: Migration, Login Author: Chrissy LeMaire (@cl), netnerds.net Website: https://dbatools.io Copyright: (c) 2018 by dbatools, licensed under MIT License: MIT https://opensource.org/licenses/MIT Requires: sysadmin access on SQL Servers .LINK https://dbatools.io/Copy-DbaLogin .EXAMPLE PS C:\> Copy-DbaLogin -Source sqlserver2014a -Destination sqlcluster -Force Copies all logins from Source Destination. If a SQL Login on Source exists on the Destination, the Login on Destination will be dropped and recreated. If active connections are found for a login, the copy of that Login will fail as it cannot be dropped. .EXAMPLE PS C:\> Copy-DbaLogin -Source sqlserver2014a -Destination sqlcluster -Force -KillActiveConnection Copies all logins from Source Destination. If a SQL Login on Source exists on the Destination, the Login on Destination will be dropped and recreated. If any active connections are found they will be killed. .EXAMPLE PS C:\> Copy-DbaLogin -Source sqlserver2014a -Destination sqlcluster -ExcludeLogin realcajun -SourceSqlCredential $scred -DestinationSqlCredential $dcred Copies all Logins from Source to Destination except for realcajun using SQL Authentication to connect to both instances. If a Login already exists on the destination, it will not be migrated. .EXAMPLE PS C:\> Copy-DbaLogin -Source sqlserver2014a -Destination sqlcluster -Login realcajun, netnerds -force Copies ONLY Logins netnerds and realcajun. If Login realcajun or netnerds exists on Destination, the existing Login(s) will be dropped and recreated. .EXAMPLE PS C:\> Copy-DbaLogin -LoginRenameHashtable @{ "PreviousUser" = "newlogin" } -Source $Sql01 -Destination Localhost -SourceSqlCredential $sqlcred -Login PreviousUser Copies PreviousUser as newlogin. .EXAMPLE PS C:\> Copy-DbaLogin -LoginRenameHashtable @{ OldLogin = "NewLogin" } -Source Sql01 -Destination Sql01 -Login ORG\OldLogin -ObjectLevel -NewSid Clones OldLogin as NewLogin onto the same server, generating a new SID for the login. Also clones object-level permissions. .EXAMPLE PS C:\> Get-DbaLogin -SqlInstance sql2016 | Out-GridView -Passthru | Copy-DbaLogin -Destination sql2017 Displays all available logins on sql2016 in a grid view, then copies all selected logins to sql2017. .EXAMPLE PS C:\> $loginSplat = @{ >> Source = $Sql01 >> Destination = "Localhost" >> SourceSqlCredential = $sqlcred >> Login = 'ReadUserP', 'ReadWriteUserP', 'AdminP' >> LoginRenameHashtable = @{ >> "ReadUserP" = "ReadUserT" >> "ReadWriteUserP" = "ReadWriteUserT" >> "AdminP" = "AdminT" >> } >> } PS C:\> Copy-DbaLogin @loginSplat Copies the three specified logins to 'localhost' and renames them according to the LoginRenameHashTable. #> [CmdletBinding(DefaultParameterSetName = "Default", SupportsShouldProcess, ConfirmImpact = "Medium")] param ( [parameter(ParameterSetName = "File", Mandatory)] [parameter(ParameterSetName = "SqlInstance", Mandatory)] [DbaInstanceParameter]$Source, [PSCredential]$SourceSqlCredential, [parameter(ParameterSetName = "SqlInstance", Mandatory)] [parameter(ParameterSetName = "InputObject", Mandatory)] [DbaInstanceParameter[]]$Destination, [PSCredential]$DestinationSqlCredential, [object[]]$Login, [object[]]$ExcludeLogin, [switch]$ExcludeSystemLogins, [parameter(ParameterSetName = "Live")] [parameter(ParameterSetName = "SqlInstance")] [switch]$SyncSaName, [parameter(ParameterSetName = "File", Mandatory)] [string]$OutFile, [parameter(ParameterSetName = "InputObject", ValueFromPipeline)] [object[]]$InputObject, [hashtable]$LoginRenameHashtable, [switch]$KillActiveConnection, [switch]$NewSid, [switch]$Force, [switch]$ObjectLevel, [switch]$ExcludePermissionSync, [switch]$EnableException ) begin { if ($Force) { $ConfirmPreference = 'none' } function Copy-Login { [CmdletBinding(SupportsShouldProcess, ConfirmImpact = "Medium")] Param ( $SourceServer, $DestServer, $Login, $Exclude ) if ($LoginRenameHashtable.Keys -contains $Login.name) { $newUserName = $LoginRenameHashtable[$Login.name] } else { $newUserName = $Login.name } $copyLoginStatus = [pscustomobject]@{ SourceServer = $sourceServer.Name DestinationServer = $destServer.Name Type = "Login - $($Login.LoginType)" Name = $newUserName DestinationLogin = $newUserName SourceLogin = $Login.name Status = $null Notes = $null DateTime = [DbaDateTime](Get-Date) } if ($ExcludeLogin -contains $Login.name) { continue } if ($Login.id -eq 1) { continue } if ($newUserName.StartsWith("##") -or $newUserName -eq 'sa') { Write-Message -Level Verbose -Message "Skipping $newUserName." continue } if ($Login.LoginType -like 'Window*' -and $destServer.DatabaseEngineEdition -eq 'SqlManagedInstance' ) { Write-Message -Level Verbose -Message "$Login is a Windows login, not supported on a SQL Managed Instance" $copyLoginStatus.Status = "Skipped" $copyLoginStatus.Notes = "$($Login.name) is a Windows login, not supported on a SQL Managed Instance" $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject continue } # Here we don't need the FullComputerName, but only the machine name to compare to the host part of the login name. So ComputerName should be fine. $serverName = $sourceServer.ComputerName $currentLogin = $DestServer.ConnectionContext.truelogin if ($currentLogin -eq $newUserName -and $force) { if ($Pscmdlet.ShouldProcess("console", "Stating $newUserName is skipped because it is performing the migration.")) { Write-Message -Level Verbose -Message "Cannot drop login performing the migration. Skipping." $copyLoginStatus.Status = "Skipped" $copyLoginStatus.Notes = "Current login" $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject } continue } if (($destServer.LoginMode -ne [Microsoft.SqlServer.Management.Smo.ServerLoginMode]::Mixed) -and ($Login.LoginType -eq [Microsoft.SqlServer.Management.Smo.LoginType]::SqlLogin)) { Write-Message -Level Verbose -Message "$Destination does not have Mixed Mode enabled. [$($Login.Name)] is an SQL Login. Enable mixed mode authentication after the migration completes to use this type of login." } $userBase = ($Login.Name.Split("\")[0]).ToLowerInvariant() if ($serverName -eq $userBase -or $Login.Name.StartsWith("NT ")) { if ($sourceServer.ComputerName -ne $destServer.ComputerName) { if ($Pscmdlet.ShouldProcess("console", "Stating $($Login.Name) was skipped because it is a local machine name.")) { Write-Message -Level Verbose -Message "$($Login.Name) was skipped because it is a local machine name." $copyLoginStatus.Status = "Skipped" $copyLoginStatus.Notes = "Local machine name" $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject } continue } else { if ($ExcludeSystemLogins) { if ($Pscmdlet.ShouldProcess("console", "$($Login.Name) was skipped because ExcludeSystemLogins was specified.")) { Write-Message -Level Verbose -Message "$($Login.Name) was skipped because ExcludeSystemLogins was specified." $copyLoginStatus.Status = "Skipped" $copyLoginStatus.Notes = "System login" $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject } continue } if ($Pscmdlet.ShouldProcess("console", "Stating local login $($Login.Name) since the source and destination server reside on the same machine.")) { Write-Message -Level Verbose -Message "Copying local login $($Login.Name) since the source and destination server reside on the same machine." } } } if ($null -ne $destServer.Logins.Item($newUserName) -and !$force) { if ($Pscmdlet.ShouldProcess("console", "Stating $newUserName is skipped because it exists at destination.")) { Write-Message -Level Verbose -Message "$newUserName already exists in destination. Use -Force to drop and recreate." $copyLoginStatus.Status = "Skipped" $copyLoginStatus.Notes = "Already exists on destination" $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject } continue } if ($null -ne $destServer.Logins.Item($newUserName) -and $force) { if ($newUserName -eq $destServer.ServiceAccount) { if ($Pscmdlet.ShouldProcess("console", "$newUserName is the destination service account. Skipping drop.")) { Write-Message -Level Verbose -Message "$newUserName is the destination service account. Skipping drop." $copyLoginStatus.Status = "Skipped" $copyLoginStatus.Notes = "Destination service account" $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject } continue } if ($Pscmdlet.ShouldProcess($destinstance, "Dropping $newUserName")) { # Kill connections, delete user Write-Message -Level Verbose -Message "Attempting to migrate $newUserName" Write-Message -Level Verbose -Message "Force was specified. Attempting to drop $newUserName on $destinstance." try { $ownedDbs = $destServer.Databases | Where-Object Owner -eq $newUserName foreach ($ownedDb in $ownedDbs) { Write-Message -Level Verbose -Message "Changing database owner for $($ownedDb.name) from $newUserName to sa." $ownedDb.SetOwner('sa') $ownedDb.Alter() } $ownedJobs = $destServer.JobServer.Jobs | Where-Object OwnerLoginName -eq $newUserName foreach ($ownedJob in $ownedJobs) { Write-Message -Level Verbose -Message "Changing job owner for $($ownedJob.name) from $newUserName to sa." $ownedJob.Set_OwnerLoginName('sa') $ownedJob.Alter() } $activeConnections = $destServer.EnumProcesses() | Where-Object Login -eq $newUserName if ($activeConnections -and $KillActiveConnection) { if (!$destServer.Logins.Item($newUserName).IsDisabled) { $disabled = $true $destServer.Logins.Item($newUserName).Disable() } $activeConnections | ForEach-Object { $destServer.KillProcess($_.Spid) } Write-Message -Level Verbose -Message "-KillActiveConnection was provided. There are $($activeConnections.Count) active connections killed." } elseif ($activeConnections) { Write-Message -Level Verbose -Message "There are $($activeConnections.Count) active connections found for the login $newUserName. Utilize -KillActiveConnection to kill the connections." } try { $destServer.Logins.Item($newUserName).Drop() } catch { # just in case the kill didn't work, it'll leave behind a disabled account if ($disabled) { $destServer.Logins.Item($newUserName).Enable() } throw $_ } Write-Message -Level Verbose -Message "Successfully dropped $newUserName on $destinstance." } catch { $copyLoginStatus.Status = "Failed" $copyLoginStatus.Notes = (Get-ErrorMessage -Record $_).Message $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject Stop-Function -Message "Could not drop $newUserName." -Category InvalidOperation -ErrorRecord $_ -Target $destServer -Continue 3>$null } } } if ($Pscmdlet.ShouldProcess($destinstance, "Adding SQL login $newUserName")) { Write-Message -Level Verbose -Message "Attempting to add $newUserName to $destinstance." try { $splatNewLogin = @{ SqlInstance = $destServer InputObject = $Login NewSid = $NewSid LoginRenameHashtable = $LoginRenameHashtable } if ($Login.DefaultDatabase -notin $destServer.Databases.Name) { $copyLoginStatus.Notes = "Database $($Login.DefaultDatabase) does not exist on $destServer, switching DefaultDatabase to 'master' for $($Login.Name)" Write-Message -Level Warning -Message $copyLoginStatus.Notes $splatNewLogin.DefaultDatabase = 'master' } $destLogin = New-DbaLogin @splatNewLogin -EnableException:$true $copyLoginStatus.Status = "Successful" } catch { $copyLoginStatus.Status = "Failed" $copyLoginStatus.Notes = (Get-ErrorMessage -Record $_).Message $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject Stop-Function -Message "Failed to add $newUserName to $destinstance." -Category InvalidOperation -ErrorRecord $_ -Target $destServer -Continue 3>$null } $copyLoginStatus | Select-DefaultView -Property DateTime, SourceServer, DestinationServer, Name, Type, Status, Notes -TypeName MigrationObject if (-not $ExcludePermissionSync) { if ($Pscmdlet.ShouldProcess($destinstance, "Updating SQL login $newUserName permissions")) { # In rare cases, when the instance has a case sensitive collation and there are two logins that differ only in case, New-DbaLogin will return them both into $destLogin # So we loop, just in case... foreach ($dl in $destLogin) { Update-SqlPermission -SourceServer $sourceServer -SourceLogin $Login -DestServer $destServer -DestLogin $dl -ObjectLevel:$ObjectLevel } } } } } } process { if (Test-FunctionInterrupt) { return } $loginsCollection = @() if ($InputObject) { $loginsCollection += $InputObject } else { $loginsCollection += Get-DbaLogin -SqlInstance $Source -SqlCredential $SourceSqlCredential -Login $Login -EnableException:$EnableException } if ($OutFile) { return (Export-DbaLogin -SqlInstance $Source -SqlCredential $SourceSqlCredential -FilePath $OutFile -Login $loginsCollection -ObjectLevel:$ObjectLevel -ExcludeLogin $ExcludeLogin -EnableException:$EnableException) } foreach ($loginObject in $loginsCollection) { $sourceServer = $loginObject.Parent $sourceVersionMajor = $sourceServer.VersionMajor foreach ($destinstance in $Destination) { try { $destServer = Connect-DbaInstance -SqlInstance $destinstance -SqlCredential $DestinationSqlCredential -AzureUnsupported } catch { Stop-Function -Message "Failure" -Category ConnectionError -ErrorRecord $_ -Target $destinstance -Continue } $destVersionMajor = $destServer.VersionMajor if ($sourceVersionMajor -gt 10 -and $destVersionMajor -lt 11) { Stop-Function -Message "Login migration from version $sourceVersionMajor to $destVersionMajor is not supported." -Target $sourceServer } if ($sourceVersionMajor -lt 8 -or $destVersionMajor -lt 8) { Stop-Function -Message "SQL Server 7 and below are not supported." -Target $sourceServer } if ($destserver.ConnectionContext.TrueLogin -notin $destserver.Logins.Name -and $Force) { if ($Login -or $ExcludeLogin -or $InputObject) { Write-Message -Level Verbose -Message "Force was used and $($destserver.ConnectionContext.TrueLogin) not found in logins list but an explicit Login or ExcludeLogin was specified, so we trust you won't drop the group that allows $($destserver.ConnectionContext.TrueLogin) access. Proceeding." } else { Stop-Function -Message "Force was used, no explicit -Login or -ExcludeLogin was specified and $($destserver.ConnectionContext.TrueLogin) cannot be found in the logins list. It may be part of a group. This will likely result in you being locked out of the server. To use Force, $($destserver.ConnectionContext.TrueLogin) must be added directly to logins before proceeding." -Target $destserver continue } } Write-Message -Level Verbose -Message "Attempting Login Migration." Copy-Login -sourceserver $sourceServer -destserver $destServer -Login $loginObject -Exclude $ExcludeLogin if ($SyncSaName) { $sa = $sourceServer.Logins | Where-Object id -eq 1 $destSa = $destServer.Logins | Where-Object id -eq 1 $saName = $sa.Name if ($saName -ne $destSa.name) { Write-Message -Level Verbose -Message "Changing sa username to match source ($saName)." if ($Pscmdlet.ShouldProcess($destinstance, "Changing sa username to match source ($saName)")) { $destSa.Rename($saName) $destSa.Alter() } } } } } } } # SIG # Begin signature block # MIIZewYJKoZIhvcNAQcCoIIZbDCCGWgCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQU+iYiczmxTqNBuPXPXT80bdtI # CU+gghSJMIIE/jCCA+agAwIBAgIQDUJK4L46iP9gQCHOFADw3TANBgkqhkiG9w0B # AQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD # VQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFz # c3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIxMDEwMTAwMDAwMFoXDTMxMDEw # NjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMu # MSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAgMjAyMTCCASIwDQYJKoZIhvcN # AQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQikRcpja1HXOhFCvQp1dU2UtAxQ # tSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cLnGP9NmqB+in43Stwhd4CGPN4 # bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHTWjaPxqPhLxs6t2HWc+xObTOK # fF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WHIOsOjizVI9r0TXhG4wODMSlK # XAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6BqrW7EdMMKbaYK02/xWVLwfoYer # vnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+DUmEvQECAwEAAaOCAbgwggG0 # MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsG # AQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcBMCkwJwYIKwYBBQUHAgEWG2h0 # dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNVHSMEGDAWgBT0tuEgHf4prtLk # YaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+vCgtHUQ23eNqerwwcQYDVR0f # BGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItYXNzdXJl # ZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEyLWFz # c3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcwJAYIKwYBBQUHMAGGGGh0dHA6 # Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZDaHR0cDovL2NhY2VydHMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJRFRpbWVzdGFtcGluZ0NB # LmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctemaI7znGucgDo5nRv1CclF0CiNH # o6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+RAJmTe1ppA/2uHDPYuj1UUp4 # eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+t2R3Y18jUmmDgvoaU+2QzI2h # F3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8gQ74wOFcz8QRcucbZEnYIpp1 # FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1HavWPWH1ub9y4bTxMd90oNcX6X # t/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2mOHLKNpbh6aKLzCCBRowggQC # oAMCAQICEAMFu4YhsKFjX7/erhIE520wDQYJKoZIhvcNAQELBQAwcjELMAkGA1UE # BhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj # ZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENvZGUg # U2lnbmluZyBDQTAeFw0yMDA1MTIwMDAwMDBaFw0yMzA2MDgxMjAwMDBaMFcxCzAJ # BgNVBAYTAlVTMREwDwYDVQQIEwhWaXJnaW5pYTEPMA0GA1UEBxMGVmllbm5hMREw # DwYDVQQKEwhkYmF0b29sczERMA8GA1UEAxMIZGJhdG9vbHMwggEiMA0GCSqGSIb3 # DQEBAQUAA4IBDwAwggEKAoIBAQC8v2N7q+O/vggBtpjmteofFo140k73JXQ5sOD6 # QLzjgija+scoYPxTmFSImnqtjfZFWmucAWsDiMVVro/6yGjsXmJJUA7oD5BlMdAK # fuiq4558YBOjjc0Bp3NbY5ZGujdCmsw9lqHRAVil6P1ZpAv3D/TyVVq6AjDsJY+x # rRL9iMc8YpD5tiAj+SsRSuT5qwPuW83ByRHqkaJ5YDJ/R82ZKh69AFNXoJ3xCJR+ # P7+pa8tbdSgRf25w4ZfYPy9InEvsnIRVZMeDjjuGvqr0/Mar73UI79z0NYW80yN/ # 7VzlrvV8RnniHWY2ib9ehZligp5aEqdV2/XFVPV4SKaJs8R9AgMBAAGjggHFMIIB # wTAfBgNVHSMEGDAWgBRaxLl7KgqjpepxA8Bg+S32ZXUOWDAdBgNVHQ4EFgQU8MCg # +7YDgENO+wnX3d96scvjniIwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG # AQUFBwMDMHcGA1UdHwRwMG4wNaAzoDGGL2h0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNv # bS9zaGEyLWFzc3VyZWQtY3MtZzEuY3JsMDWgM6Axhi9odHRwOi8vY3JsNC5kaWdp # Y2VydC5jb20vc2hhMi1hc3N1cmVkLWNzLWcxLmNybDBMBgNVHSAERTBDMDcGCWCG # SAGG/WwDATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20v # Q1BTMAgGBmeBDAEEATCBhAYIKwYBBQUHAQEEeDB2MCQGCCsGAQUFBzABhhhodHRw # Oi8vb2NzcC5kaWdpY2VydC5jb20wTgYIKwYBBQUHMAKGQmh0dHA6Ly9jYWNlcnRz # LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJBc3N1cmVkSURDb2RlU2lnbmluZ0NB # LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCPzflwlQwf1jak # EqymPOc0nBxiY7F4FwcmL7IrTLhub6Pjg4ZYfiC79Akz5aNlqO+TJ0kqglkfnOsc # jfKQzzDwcZthLVZl83igzCLnWMo8Zk/D2d4ZLY9esFwqPNvuuVDrHvgh7H6DJ/zP # Vm5EOK0sljT0UQ6HQEwtouH5S8nrqCGZ8jKM/+DeJlm+rCAGGf7TV85uqsAn5JqD # En/bXE1AlyG1Q5YiXFGS5Sf0qS4Nisw7vRrZ6Qc4NwBty4cAYjzDPDixorWI8+FV # OUWKMdL7tV8i393/XykwsccCstBCp7VnSZN+4vgzjEJQql5uQfysjcW9rrb/qixp # csPTKYRHMIIFMDCCBBigAwIBAgIQBAkYG1/Vu2Z1U0O1b5VQCDANBgkqhkiG9w0B # AQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD # VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVk # IElEIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgxMDIyMTIwMDAwWjByMQsw # CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu # ZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQg # Q29kZSBTaWduaW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA # +NOzHH8OEa9ndwfTCzFJGc/Q+0WZsTrbRPV/5aid2zLXcep2nQUut4/6kkPApfmJ # 1DcZ17aq8JyGpdglrA55KDp+6dFn08b7KSfH03sjlOSRI5aQd4L5oYQjZhJUM1B0 # sSgmuyRpwsJS8hRniolF1C2ho+mILCCVrhxKhwjfDPXiTWAYvqrEsq5wMWYzcT6s # cKKrzn/pfMuSoeU7MRzP6vIK5Fe7SrXpdOYr/mzLfnQ5Ng2Q7+S1TqSp6moKq4Tz # rGdOtcT3jNEgJSPrCGQ+UpbB8g8S9MWOD8Gi6CxR93O8vYWxYoNzQYIH5DiLanMg # 0A9kczyen6Yzqf0Z3yWT0QIDAQABo4IBzTCCAckwEgYDVR0TAQH/BAgwBgEB/wIB # ADAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMweQYIKwYBBQUH # AQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYI # KwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFz # c3VyZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0 # LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaG # NGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RD # QS5jcmwwTwYDVR0gBEgwRjA4BgpghkgBhv1sAAIEMCowKAYIKwYBBQUHAgEWHGh0 # dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCgYIYIZIAYb9bAMwHQYDVR0OBBYE # FFrEuXsqCqOl6nEDwGD5LfZldQ5YMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6en # IZ3zbcgPMA0GCSqGSIb3DQEBCwUAA4IBAQA+7A1aJLPzItEVyCx8JSl2qB1dHC06 # GsTvMGHXfgtg/cM9D8Svi/3vKt8gVTew4fbRknUPUbRupY5a4l4kgU4QpO4/cY5j # DhNLrddfRHnzNhQGivecRk5c/5CxGwcOkRX7uq+1UcKNJK4kxscnKqEpKBo6cSgC # PC6Ro8AlEeKcFEehemhor5unXCBc2XGxDI+7qPjFEmifz0DLQESlE/DmZAwlCEIy # sjaKJAL+L3J+HNdJRZboWR3p+nRka7LrZkPas7CM1ekN3fYBIM6ZMWM9CBoYs4Gb # T8aTEAb8B4H6i9r5gkn3Ym6hU/oSlBiFLpKR6mhsRDKyZqHnGKSaZFHvMIIFMTCC # BBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG9w0BAQsFADBlMQswCQYD # VQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln # aWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew # HhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjByMQswCQYDVQQGEwJVUzEV # MBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29t # MTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5n # IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdAy7kvNj3/dqbqC # mcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/YyGQmL8TvFfTw+F+CNZq # FAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1oODeIj8O/36V+/OjuiI+ # GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3FyTgqt30A6XLdR4aF5FMZN # JCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC50ZQ/ZQqLKfkdT66mA+E # f58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMqT4UdxB08r8/arBD13ays # 6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd/imu0uRhpbKiJbLIFzVu # MB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMBIGA1UdEwEB/wQIMAYB # Af8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMIMHkGCCsG # AQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t # MEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl # cnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRwOi8v # Y3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMDqg # OKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURS # b290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAACBDAqMCgGCCsGAQUFBwIB # FhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsGCWCGSAGG/WwHATANBgkq # hkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4zwY3QITvS4S/ys8DAv3F # p8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33akOpMP+LLR2HwZYuhegiUe # xLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+JOGFNYkYkh2OMkVIsrymJ # 5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRYaQ18yAGxuSh1t5ljhSKM # Ycp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+u8QlK0cCCHxJrhO24XxC # QijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGCBFwwggRYAgEBMIGGMHIx # CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 # dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJ # RCBDb2RlIFNpZ25pbmcgQ0ECEAMFu4YhsKFjX7/erhIE520wCQYFKw4DAhoFAKB4 # MBgGCisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQB # gjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwIwYJKoZIhvcNAQkE # MRYEFLKWdTSt4TApPgVNRd3RKtZG5zruMA0GCSqGSIb3DQEBAQUABIIBAC/wXz1K # 6EA/G8bSC3qpJYLsbhK7OfQKeJK+QyHX4nnv4xb4SwnGDGGsMlBQ3YmAhyIKu2oC # 4of2QnD8qkNfjHXpTkk8F5KWHFFzgvj+4yM9Di01ruVEQvC2bI3BgTW7dhr/RLfo # 4W8tvR7Bwwrc/csnJ83ddFggQC76o7q7wQv7uWkpDEdldT8KcVzs8m0GktLBxKup # CzO3ZAc0SABq+oNdVg7zN7DsuZ73JUC9WtxmJt3D2SzJ1VzugLtBsjpyMpNxBZvV # meCTh9ktiSLsiLK6cns4k7YocPvTuvQfAhA8LBCaCdgdYLEpvXGWe2A4Q4N7PbXT # gC7iIKl3M9nRO/ehggIwMIICLAYJKoZIhvcNAQkGMYICHTCCAhkCAQEwgYYwcjEL # MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 # LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElE # IFRpbWVzdGFtcGluZyBDQQIQDUJK4L46iP9gQCHOFADw3TANBglghkgBZQMEAgEF # AKBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIy # MDEwMzE4NDY0NlowLwYJKoZIhvcNAQkEMSIEIJ+IRFkn8wgJH2BJx9RrbEK2whZ0 # YSC4uCq294eObFDZMA0GCSqGSIb3DQEBAQUABIIBAGpidJceWufFwSZWv+DLQHzG # Cxv63owVt2EL2h4Mn8awGem8PyWKqNh8IAQ197ssXtwL5VpPh25z/vXT0f+grNhM # OLAxX0vSIc8yGobnA6U6myN4MnBBPqSZHpkUN8yZ0g+svnS3Ncy7Zp96bqTfflDu # aRhtdkuWzPWhuOTYeguTVMcpChWbC1QjBK8ZNIBmW+jG6Uqi5fozUWCBDNune7tt # 3fEQt/buXJox+EDbneWeEGRsmS2q5hEaEefKT2Kj86I61CSUQR/gaeQFQz1KOrhI # PutyYxb/2dSNic7COLSXT9bfNPTPtjoIrC7XglDuIZYkMJab2II0qnW2uhuQ3Bs= # SIG # End signature block |