From f0f9c5f5feea300102026944dbc2f3c7bab54d2b Mon Sep 17 00:00:00 2001
From: Thierry Schork <thierry.schork@galenica.com>
Date: Thu, 4 Sep 2025 17:05:29 +0200
Subject: [PATCH] sync

---
 HCI - drop logins and users.sql | 181 ++++++++++++++++++++++++++++++++
 1 file changed, 181 insertions(+)
 create mode 100644 HCI - drop logins and users.sql

diff --git a/HCI - drop logins and users.sql b/HCI - drop logins and users.sql
new file mode 100644
index 0000000..a21929e
--- /dev/null
+++ b/HCI - drop logins and users.sql	
@@ -0,0 +1,181 @@
+/*
+cleaning up identified logins ofthe sql server instances
+
+18.08.2025, TSC
+*/
+DECLARE @DebugOnly BIT = 0; --switch to 0 to actually drop the login and user(s); 1 displays the generated script.
+DECLARE @cmd NVARCHAR(MAX);
+DECLARE @DatabasePrincipalName sysname;
+
+DECLARE @to_clean TABLE(
+    id INT IDENTITY NOT NULL PRIMARY KEY 
+    ,name VARCHAR(255) NOT NULL 
+);
+
+ALTER LOGIN sa ENABLE
+
+INSERT INTO @to_clean ([name])
+SELECT [x].[name]
+FROM (
+    VALUES
+    --dev
+     ('CENTRALINFRA\ua170710')          --Cosarca Ciprian-Andrei (Galenica - ADM)
+    ,('CENTRALINFRA\ucibecrauc_adm')    --nothing found
+    ,('CENTRALINFRA\ucibestutt_adm')    --nothing found
+    ,('CENTRALINFRA\up273720')          --Suter Stefan (HCI - External)
+    ,('CENTRALINFRA\up273730')          --Schefer Kilian (HCI - External)
+    ,('E-MEDIAT\uafka')                 --nothing found
+    ,('E-MEDIAT\uapvi')                 --nothing found (Pascal Vigier ?)
+    ,('E-MEDIAT\uatst')                 --nothing found
+    ,('E-MEDIAT\uhcbebeyem')            --nothing found
+    ,('HCISOLUTIONS\svc-sql_content')   --old sql server service account
+    --int
+    ,('CENTRALINFRA\uacrc')             --Crausaz Christophe (HCI)
+    ,('CENTRALINFRA\ucibestutt_adm')    --nothing found
+    ,('CENTRALINFRA\up218930')          --Sánchez González Ainel (Galenica)
+    ,('CENTRALINFRA\up271210')          --Vijayasingam Vithursiya 2 (Galenica - External)
+    ,('CENTRALINFRA\up273720')          --Suter Stefan (HCI - External)
+    ,('CENTRALINFRA\up273730')          --Schefer Kilian (HCI - External)
+    ,('E-MEDIAT\uaano')                 --Notter Andreas (HCI)
+    ,('E-MEDIAT\uapvi')                 --nothing found (Pascal Vigier ?)
+    ,('E-MEDIAT\uauhe')                 --Hebel Ursula (HCI)
+    ,('E-MEDIAT\UHCBELOPEJ')            --nothing found
+    --prod
+    ,('CENTRALINFRA\ua170710')          --Cosarca Ciprian-Andrei (Galenica - ADM)
+    ,('CENTRALINFRA\uacrc')             --Crausaz Christophe (HCI)
+    ,('CENTRALINFRA\up271210')          --Vijayasingam Vithursiya 2 (Galenica - External)
+    ,('SYMMETRIC')                      --symmetricDS login from BAG migration
+    ,('E-MEDIAT\uamro')                 --Rosenthal Martin (Galenica)
+    ,('E-MEDIAT\uapvi')                 --nothing found
+    --log
+    ,('CENTRALINFRA\up271210')          --Vijayasingam Vithursiya 2 (Galenica - External)
+    ,('E-MEDIAT\uapeh')                 --Ehrhardt Paul (Galenica - External)
+    ,('E-MEDIAT\uasne')                 --Sali Neslihan (HCI)
+)x(name)
+
+BEGIN TRANSACTION 
+SET XACT_ABORT ON;
+SET NOCOUNT ON;
+
+/* declare variables */
+DECLARE [csr_user] CURSOR FAST_FORWARD READ_ONLY FOR 
+    SELECT name 
+    FROM @to_clean;
+
+IF OBJECT_ID('tempdb..#dbs')IS NOT NULL BEGIN;
+    DROP TABLE #dbs;
+END;
+
+SELECT name, [d].[user_access], [d].[user_access_desc], [d].[is_read_only], [d].[state], state_desc, [d].[source_database_id]
+INTO #dbs
+FROM sys.databases d
+
+OPEN [csr_user]
+
+FETCH NEXT FROM [csr_user] INTO @DatabasePrincipalName
+
+WHILE @@FETCH_STATUS = 0
+BEGIN
+    --#region drop user
+    SET @cmd =  '
+use ?
+if exists(
+    --the user is found in the db
+    select 1
+    from sys.[database_principals]
+    WHERE type IN (''S'',''U'')
+    and name = '''+@DatabasePrincipalName+'''
+)
+and exists(
+    --the db is not read only
+    select 1
+    from #dbs d
+    where d.name=''?''
+    and [is_read_only] = 0
+    and [user_access] = 0 --multi_user
+    and [state] = 0 --online
+    and [source_database_id] is null --not a snapshot
+)
+begin
+    print ''Dropping user ' + QUOTENAME(@DatabasePrincipalName) +' IN db: >?<'';
+    declare @c nvarchar(max)='''';
+
+    select @c=@c+''ALTER AUTHORIZATION ON SCHEMA::[''+s.name+''] TO dbo;
+''
+    from sys.schemas s
+    WHERE principal_id = USER_ID('''+@DatabasePrincipalName+''');
+    
+    if nullif(@c,'''') is not null
+    begin
+        print ''Assigning ownership of schema to DBO rather than ' + QUOTENAME(@DatabasePrincipalName) + N' '';
+        print @c
+        exec(@c);
+    end 
+
+    DROP USER ' + QUOTENAME(@DatabasePrincipalName) + N';
+end
+
+'
+
+    IF @DebugOnly = 1
+    BEGIN
+        RAISERROR(@cmd, 0, 1);
+    END;
+    ELSE
+    BEGIN
+        EXEC sys.[sp_MSforeachdb] @cmd;
+    END 
+    --#endregion drop user
+    FETCH NEXT FROM [csr_user] INTO @DatabasePrincipalName
+END 
+CLOSE [csr_user]
+DEALLOCATE [csr_user]
+
+DECLARE [csr_login] CURSOR FAST_FORWARD READ_ONLY FOR 
+    SELECT name 
+    FROM @to_clean;
+
+OPEN [csr_login]
+
+FETCH NEXT FROM csr_login INTO @DatabasePrincipalName
+WHILE @@FETCH_STATUS = 0
+BEGIN
+    --#region Drop login
+    SET @cmd ='
+use ?
+if exists(
+    select 1
+    from sys.[server_principals]
+    WHERE type IN (''S'',''U'')
+    and name = '''+@DatabasePrincipalName+'''
+)
+begin
+    print ''Dropping login ' + QUOTENAME(@DatabasePrincipalName) +''';
+    DROP LOGIN ' + QUOTENAME(@DatabasePrincipalName) + N';
+end
+
+'
+
+    IF @DebugOnly = 1
+    BEGIN
+        RAISERROR(@cmd, 0, 1);
+    END;
+    ELSE
+    BEGIN
+        EXEC sys.[sp_MSforeachdb] @cmd;
+    END 
+    --#endregion Drop login
+
+
+    FETCH NEXT FROM [csr_login] INTO @DatabasePrincipalName
+END
+
+CLOSE [csr_login]
+DEALLOCATE [csr_login]
+
+
+ALTER LOGIN sa DISABLE
+
+ROLLBACK TRANSACTION 
+--COMMIT TRANSACTION 
+