diff --git a/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1 b/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1 index 29882f9e..691a651c 100644 --- a/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1 +++ b/ReportingServicesTools/Functions/Admin/Set-RsDatabase.ps1 @@ -7,52 +7,69 @@ function Set-RsDatabase <# .SYNOPSIS This script configures the database settings used by SQL Server Reporting Services. - + .DESCRIPTION This script configures SQL Server Reporting Services to either create and use a new RS database or use an existing RS database. You must be an admin in RS and SQL Server in order to perform this operation successfully. - + There are three phases to setup: + 1. Create the PBIRS database on the database server + 2. Grant the run-time user access to the PBIRS database - this user must exist before running this + 3. Configure the PowerBI Report Server to use the database and run-time credentials + Your admin role on SQL Server can be one of: + * The account under which you run this powershell (default) + * A specific set of credentials for the SQL Server which has admin rights, specified via -AdminDatabaseCredential + .PARAMETER ReportServerInstance Specify the name of the SQL Server Reporting Services Instance. Use the "Connect-RsReportServer" function to set/update a default value. - + .PARAMETER ReportServerVersion Specify the version of the SQL Server Reporting Services Instance. Use the "Connect-RsReportServer" function to set/update a default value. - + .PARAMETER ComputerName The Report Server to target. Use the "Connect-RsReportServer" function to set/update a default value. - + .PARAMETER Credential Specify the credentials to use when connecting to the Report Server. Use the "Connect-RsReportServer" function to set/update a default value. - + .PARAMETER DatabaseServerName Specify the database server name. (e.g. localhost, MyMachine\Sql2016, etc.) - + .PARAMETER IsRemoteDatabaseServer Specify this switch if the database server is on a different machine than the machine Reporting Services is running on. - + .PARAMETER Name Specify the name of the RS Database. - + .PARAMETER IsExistingDatabase - Specify this switch if the database to use already exists. - + Specify this switch if the database to use already exists, and prevent creation of the database. + .PARAMETER DatabaseCredentialType - Indicate what type of credentials to use when connecting to the database: Windows, SQL, or Service Account. - + Indicate what type of runtime credentials to use when connecting to the database: Windows, SQL, or Service Account. + .PARAMETER DatabaseCredential - Specify the credentials to use when connecting to the SQL Server. + Specify the runtime credentials to use when connecting to the SQL Server. + This credential is used for *run-time* only. It is not used for initial database setup. Note: This parameter will be ignored whenever DatabaseCredentialType is set to Service Account! - + + .PARAMETER AdminDatabaseCredentialType + Indicate what type of admin setup credentials to use when connecting to the database: Windows (current user running this powershell) or SQL. + Defaults to Windows. + + .PARAMETER AdminDatabaseCredential + Specify the admin setup credentials to use when connecting to the SQL Server. + This credential is used for *setup* only; it is not used for PowerBI Report Server during runtime. + Note: This parameter will be ignored whenever AdminDatabaseCredentialType is set to Service Account! + .EXAMPLE Set-RsDatabase -DatabaseServerName localhost -Name ReportServer -DatabaseCredentialType ServiceAccount Description ----------- This command will create a new RS database (ReportServer) and configure Reporting Services to connect to it using Service Account credentials. - + .EXAMPLE Set-RsDatabase -DatabaseServerName localhost -Name ExistingReportServer -IsExistingDatabase -DatabaseCredentialType Windows -DatabaseCredential $myCredentials Description @@ -68,7 +85,7 @@ function Set-RsDatabase [switch] $IsRemoteDatabaseServer, - + [Parameter(Mandatory = $True)] [Alias('DatabaseName')] [string] @@ -76,34 +93,41 @@ function Set-RsDatabase [switch] $IsExistingDatabase, - + [Parameter(Mandatory = $true)] [Alias('Authentication')] [Microsoft.ReportingServicesTools.SqlServerAuthenticationType] $DatabaseCredentialType, - + [System.Management.Automation.PSCredential] $DatabaseCredential, - + + [Parameter] + [Microsoft.ReportingServicesTools.SqlServerAuthenticationType] + $AdminDatabaseCredentialType, + + [System.Management.Automation.PSCredential] + $AdminDatabaseCredential, + [Alias('SqlServerInstance')] [string] $ReportServerInstance, - + [Alias('SqlServerVersion')] [Microsoft.ReportingServicesTools.SqlServerVersion] $ReportServerVersion, - + [string] $ComputerName, - + [System.Management.Automation.PSCredential] $Credential ) - - if ($PSCmdlet.ShouldProcess((Get-ShouldProcessTargetWmi -BoundParameters $PSBoundParameters), "Configure to use $DatabaseServerName as database, using $DatabaseCredentialType authentication")) + + if ($PSCmdlet.ShouldProcess((Get-ShouldProcessTargetWmi -BoundParameters $PSBoundParameters), "Configure to use $DatabaseServerName as database, using $DatabaseCredentialType runtime authentication and $AdminDatabaseCredentialType setup authentication")) { $rsWmiObject = New-RsConfigurationSettingObjectHelper -BoundParameters $PSBoundParameters - + #region Validating authentication and normalizing credentials $username = '' $password = $null @@ -112,7 +136,7 @@ function Set-RsDatabase $username = $rsWmiObject.WindowsServiceIdentityActual $password = '' } - + else { if ($DatabaseCredential -eq $null) @@ -123,11 +147,37 @@ function Set-RsDatabase $password = $DatabaseCredential.GetNetworkCredential().Password } #endregion Validating authentication and normalizing credentials - + + #region Validating admin authentication and normalizing credentials + $adminUsername = '' + $adminPassword = $null + + # default is Windows + $isSQLAdminAccount = ($AdminDatabaseCredentialType -like "SQL") + + # we do not allow service account - only Windows and SQL + if ($AdminDatabaseCredentialType -like 'serviceaccount') + { + throw "Can only use Admin Database Credentials Type of 'Windows' or 'SQL'" + } + + # must have credentials passed + if ($isSQLAdminAccount) + { + if ($AdminDatabaseCredential -eq $null) + { + throw "No Admin Database Credential specified! Admin Database credential must be specified when configuring $AdminDatabaseCredentialType authentication." + } + $adminUsername = $AdminDatabaseCredential.UserName + $adminPassword = $AdminDatabaseCredential.GetNetworkCredential().Password + } + #endregion Validating admin authentication and normalizing credentials + + #region Create Database if necessary if (-not $IsExistingDatabase) { - # Step 1 - Generate Database Script + # Step 1 - Generate Database Script Write-Verbose "Generating database creation script..." $EnglishLocaleId = 1033 $IsSharePointMode = $false @@ -142,12 +192,19 @@ function Set-RsDatabase $SQLScript = $result.Script Write-Verbose "Generating database creation script... Complete!" } - + # Step 2 - Run Database creation script Write-Verbose "Executing database creation script..." try { - Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop + if ($isSQLAdminAccount) + { + Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop -Username $adminUsername -Password $adminPassword + } + else + { + Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop + } } catch { @@ -157,7 +214,7 @@ function Set-RsDatabase Write-Verbose "Executing database creation script... Complete!" } #endregion Create Database if necessary - + #region Configuring Database rights # Step 3 - Generate database rights script Write-Verbose "Generating database rights script..." @@ -173,12 +230,19 @@ function Set-RsDatabase $SQLscript = $result.Script Write-Verbose "Generating database rights script... Complete!" } - + # Step 4 - Run Database rights script Write-Verbose "Executing database rights script..." try { - Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLscript -ErrorAction Stop + if ($isSQLAdminAccount) + { + Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop -Username $adminUsername -Password $adminPassword + } + else + { + Invoke-Sqlcmd -ServerInstance $DatabaseServerName -Query $SQLScript -ErrorAction Stop + } } catch { @@ -187,7 +251,7 @@ function Set-RsDatabase } Write-Verbose "Executing database rights script... Complete!" #endregion Configuring Database rights - + #region Update Reporting Services database configuration # Step 5 - Update Reporting Services to connect to new database now Write-Verbose "Updating Reporting Services to connect to new database..."