Set-AzSqlInstanceActiveDirectoryAdministrator

Provisions an Azure AD administrator for SQL Managed Instance.

Syntax

Set-AzSqlInstanceActiveDirectoryAdministrator
   [-DisplayName] <String>
   [-ObjectId] <Guid>
   [-ResourceGroupName] <String>
   [-InstanceName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzSqlInstanceActiveDirectoryAdministrator
   [-DisplayName] <String>
   [-ObjectId] <Guid>
   [-InputObject <AzureSqlManagedInstanceModel>]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzSqlInstanceActiveDirectoryAdministrator
   [-DisplayName] <String>
   [-ObjectId] <Guid>
   [-ResourceId] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzSqlInstanceActiveDirectoryAdministrator cmdlet provisions an Azure Active Directory (Azure AD) administrator for AzureSQL Managed Instance in the current subscription. You can provision only one administrator at a time. The following members of Azure AD can be provisioned as a SQL Managed Instance administrator:

  • Native members of Azure AD
  • Federated members of Azure AD
  • Azure AD groups created as security groups Imported members from other Azure ADs are not supported as administrators. Microsoft accounts, such as those in the Outlook.com, Hotmail.com, or Live.com domains, are not supported as administrators. Other guest accounts, such as those in the Gmail.com or Yahoo.com domains, are not supported as administrators. We recommend that you provision a dedicated Azure AD group as an administrator.

Examples

Example 1: Provision an administrator group for a managed instance associated with resource group

PS C:\>Set-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName "ResourceGroup01" -InstanceName "ManagedInstance01" -DisplayName "DBAs" -ObjectId "40b79501-b343-44ed-9ce7-da4c8cc7353b"
ResourceGroupName InstanceName      DisplayName ObjectId 
----------------- ----------------- ----------- -------- 
ResourceGroup01   ManagedInstance01 DBAs        40b79501-b343-44ed-9ce7-da4c8cc7353b

This command provisions an Azure AD administrator group named DBAs for the managed instance named ManagedInstance01. This server is associated with resource group ResourceGroup01.

Example 2: Provision an administrator user using managed instance object

PS C:\>Get-AzSqlInstance -ResourceGroupName "ResourceGroup01" -InstanceName "ManagedInstance01" | Set-AzSqlInstanceActiveDirectoryAdmin -DisplayName "David Chew" -ObjectId "11E95548-B179-4FE1-9AF4-ACA49D13ABB9"
ResourceGroupName InstanceName      DisplayName ObjectId 
----------------- ----------------- ----------- -------- 
resourcegroup01   ManagedInstance01 David Chew  11E95548-B179-4FE1-9AF4-ACA49D13ABB9

This command provisions an Azure AD user as an administrator from the managed instance object.

Example 3: Provision an administrator using managed instance resource identifier

PS C:\>Get-AzSqlInstance -ResourceGroupName "ResourceGroup01" -InstanceName "ManagedInstance01" | Set-AzSqlInstanceActiveDirectoryAdmin -DisplayName "David Chew" -ObjectId "11E95548-B179-4FE1-9AF4-ACA49D13ABB9"
ResourceGroupName InstanceName      DisplayName ObjectId 
----------------- ----------------- ----------- -------- 
resourcegroup01   ManagedInstance01 David Chew  11E95548-B179-4FE1-9AF4-ACA49D13ABB9

This command provisions an Azure AD user as an administrator using managed instance resource identifier.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DisplayName

Specifies the display name of the user or group for whom to grant permissions. This display name must exist in the active directory associated with the current subscription.

Type:String
Position:2
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-InputObject

The managed instance object to use.

Type:Microsoft.Azure.Commands.Sql.ManagedInstance.Model.AzureSqlManagedInstanceModel
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-InstanceName

SQL Managed Instance name.

Type:String
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ObjectId

Specifies the object ID of the user or group in Azure Active Directory for which to grant permissions.

Type:Guid
Position:3
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ResourceGroupName

The name of the resource group.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ResourceId

The resource id of instance to use

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Guid

Outputs

Microsoft.Azure.Commands.Sql.InstanceActiveDirectoryAdministrator.Model.AzureSqlInstanceActiveDirectoryAdministratorModel