Is it possible to assign an Active Directory Administrator to an Azure SQL Instance within an ARM resource template? I'm trying to automate the deployment of a database server, but I only seem to be able to specify the local server administration credentials.
"properties": {
"administratorLogin": "[parameters('databaseAdministratorLogin')]",
"administratorLoginPassword": "[parameters('databaseAdministratorPassword')]",
"version": "12.0"
},
There doesn't seem to be anywhere that I can specify a particular Azure AD Administrator beyond that.
Create a contained Azure Active Directory user for a database(s). Create a SQL authentication login, add a user mapped to it in master and add the user to a server level admin role. Create a user mapped to an Azure Active Directory user and add the user to a server level admin role.
Now you can choose your Azure AD admin for your SQL Managed Instance. For that, on the Active Directory admin page, select Set admin command. On the Azure AD admin page, search for a user, select the user or group to be an administrator, and then select Select.
Azure AD authentication is supported for SQL Database, SQL Managed Instance, and Azure Synapse with using the CLI. For more information, see Configure and manage Azure AD authentication with SQL Database or Azure Synapse and SQL Server - az sql server.
Microsoft reached out to me and provided a sample resource template to accomplish this:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"SQL Administrator Login": {
"type": "String"
},
"SQL Administrator Password": {
"type": "SecureString"
},
"AAD Admin Login": {
"type": "String"
},
"AAD Admin ObjectID": {
"type": "String"
},
"AAD TenantId": {
"type": "String"
},
"Location (Region)": {
"type": "String"
},
"Server Name": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Sql/servers",
"name": "[parameters('Server Name')]",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorLogin": "[parameters('SQL Administrator Login')]",
"administratorLoginPassword": "[parameters('SQL Administrator Password')]",
"version": "12.0"
},
"resources": [
{
"type": "firewallrules",
"name": "AllowAllWindowsAzureIps",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
},
{
"type": "administrators",
"name": "activeDirectory",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('AAD Admin Login')]",
"sid": "[parameters('AAD Admin ObjectID')]",
"tenantId": "[parameters('AAD TenantID')]"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
}
]
}
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With