I am trying to add active directory user group to azure sql databases through PowerShell, but unable to do so. I am using SQL administrator login to achieve it. When i execute my code it gives me below error.
Principal 'abc' could not be created. Only connections established with Active Directory accounts can create other Active Directory users.
When I use my active directory account to create users it then gives me below error.
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : Cannot open server "domain name" requested by the login. The login failed..
Azure SQL does not support AD integration, Only supports Azure Active Directory and SQL authentication. If there is need for AD integration then choose one of the following option:
SQL Server on VM - Unmanaged SQL server with full access to SQL instance.
Federated authentication with ADFS infrastructure, refer to the documentation https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-overview
Related
We have an Azure SQL server running which we use for our Azure Web App. The Web App can connect without a problem. We're trying to remotely update the database with the latest EF migrations via a C# console application.
However we get the following exception.
A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 26 - Error Locating Server/Instance Specified)
We tried connecting from the same PC with SSMS and we got in without any problems. And yes, before anyone asks we whitelisted the IP in Azure, else we wouldn't even had access via SSMS. We also tried with and without "tcp:" in the connectionstring.
This is the connectionstring we use in the Web and Console Application:
Server=tcp:{servername}.database.windows.net;Database={dbname};user id = {userid};password = {password};MultipleActiveResultSets=True;
In SSMS we just use {servername}.database.windows.net and use the credentials.
Thanks in advance.
We haven't been able to solve this issue. We instead chose to go with ReadyRoll, which suits us fine.
Azure SQL requires secured connection. You have to add the following to your connection string:
Trusted_Connection=False;Encrypt=True;
I have virtual server in a LAN that has Active Directory and some of the users are members of this domain. I have installed SQL Server 2008 R2 on this server. Then in the "Security > Logins", I created a new user that is AD user. But when that user wants to log in to SQL Sserver, an error occurs. What should I do?
Log shipping fails with the below error. Sql agent on secondary server has access to the folder and files in security. It is not a firewall issue. I created the jobs using the LS scripts as it fails through GUI.
I have done it before on a different server where there were several LS databases. This is a new primary and secondary server and not sure what I am missing. Thanks for the help
* Error: Access to the path '\sqlp\R$\MSSQL10_50.MSSQLSERVER\MSSQL\Backup\Database' is denied.(mscorlib) *
----- END OF TRANSACTION LOG COPY
I'd to set the agent account and sql account of primary server as admin on the secondary server and it worked fine
I create the Entity DB (if file not exists) in C:\Temp\MyDB.mdf using : MyEFContext.CreateDatabase().
I can open the DB with VS Express 2010 and navigate through it but when attempting to adding (Joining) the DB in SSMS i get the following error : Unable to open the physical file "C:\Temp\MyDB.mdf". Operating system error 5: "5(Access is denied.)". (Microsoft SQL Server, Error: 5120)
How can I fix this?
Thanks
This is a rights issue.
In the case where it works you are in the user context of the user account that you logged in with.
In the case where it does not work, it is the user account that the SQL server is running under that is trying to access the file.
Check which account SQL server is using, then give that account access to the files on the temp directory.
I wrote an application to use SQL SMO to find all SQL Servers, databases, jobs and job outcomes. This application is executed through a scheduled task using a local service account. This service account is local to the application server only and is not present in any SQL Server to be inspected.
I am having problems getting information on job and job outcomes when connecting to the servers using a user with dbReader rights on system tables. If we set the user to be sysadmin on the server it all works fine.
My question to you is: What are the minimum privileges a local SQL Server user needs to have in order to connect to the server and inspect jobs/job outcomes using the SQL SMO API?
I connect to each SQL Server by doing the following:
var conn = new ServerConnection
{
LoginSecure = false,
ApplicationName = "SQL Inspector",
ServerInstance = serverInstanceName,
ConnectAsUser = false,
Login = user,
Password = password
};
var smoServer = new Server (conn);
I read the jobs by reading smoServer.JobServer.Jobs and read the JobSteps property on each of these jobs.
The variable server is of type Microsoft.SqlServer.Management.Smo.Server.
user/password are of the user found in each SQL Server to be inspected.
If "user" is SysAdmin on the SQL Server to be inspected all works ok, as well as if we set ConnectAsUser to true and execute the scheduled task using my own credentials, which grants me SysAdmin privileges on SQL Server per my Active Directory membership.
Thanks!
Just been through this myself.
From SQL Books Online, here's what I found out...
To get or set Job object properties,
users must be a member of the
SQLAgentUserRole database role on the
MSDB database, or be the owner of the
job, or be a member of the sysadmin
fixed server role.
To create a job, users must be a
member of the SQLAgentUserRole,
SQLAgentReaderRole, and
SQLAgentOperatorRole database roles on
the MSDB database, or be a member of
the sysadmin fixed server role.
To drop a job, users must be a member
of the SQLAgentUserRole database role
on the MSDB database, or be the owner
of the job, or be a member of the
sysadmin fixed server role.