You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/relational-databases/security/authentication-access/azure-ad-authentication-sql-server-setup-tutorial.md
+2-9Lines changed: 2 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Tutorial on how to set up Azure Active Directory Authentication for
4
4
author: GithubMirek
5
5
ms.author: mireks
6
6
ms.reviewer: vanto, randolphwest
7
-
ms.date: 10/25/2022
7
+
ms.date: 08/09/2023
8
8
ms.service: sql
9
9
ms.subservice: security
10
10
ms.topic: tutorial
@@ -155,21 +155,14 @@ Select the newly created application, and on the left side menu, select **API Pe
155
155
156
156
The Azure Arc server agent can only update once the previous action has completed. This means that saving a new Azure AD configuration before the last one has finalized can cause a failure. If you see the message **Extended call failed** when you select **Save**, wait 5 minutes and then try again.
157
157
158
-
The Azure AD admin login is listed in `sys.server_principals`, but is not part of the `sysadmin` role. To grant the Azure AD admin the `sysadmin` role, use the [sp_addsrvrolemember](../../system-stored-procedures/sp-addsrvrolemember-transact-sql.md) stored procedure.
159
-
160
-
```sql
161
-
ALTER SERVER ROLE sysadmin ADD MEMBER [aadadmin@contoso.com]
162
-
GO
163
-
```
164
-
165
158
> [!NOTE]
166
159
> Once the Azure AD admin login is granted the `sysadmin` role, changing the Azure AD admin in the Azure portal does not remove the previous login that remains as a `sysadmin`. To remove the login, it must be dropped manually.
167
160
>
168
161
> The Azure AD admin change for the SQL Server instance takes place without a server restart, once the process is completed with the SQL Server's Azure Arc agent. For the new admin to display in `sys.server_principals`, the SQL Server instance must be restarted, and until then, the old admin is displayed. The current Azure AD admin can be checked in the Azure portal.
169
162
170
163
## Create logins and users
171
164
172
-
After the Azure Arc agent on the SQL Server host has completed its operation, the admin account selected in the **Azure Active Directory**pane in the portal will be a `sysadmin` on the SQL Server instance. To sign in, use any SQL Server client like [SSMS](../../../ssms/download-sql-server-management-studio-ssms.md) or [Azure Data Studio](../../../azure-data-studio/download-azure-data-studio.md).
165
+
After the Azure Arc agent on the SQL Server host has completed its operation, the admin account selected in the **Azure Active Directory**menu in the portal will be a `sysadmin` on the SQL Server instance. Sign into SQL Server with the Azure AD admin account that has `sysadmin` permissions on the server using a client like [SSMS](../../../ssms/download-sql-server-management-studio-ssms.md) or [Azure Data Studio](../../../azure-data-studio/download-azure-data-studio.md).
173
166
174
167
> [!NOTE]
175
168
> All connections to SQL Server that are done with Azure AD authentication require an encrypted connection. If the Database Administrator (DBA) has not set up a trusted SSL/TLS certificate for the server, logins will likely fail with the message **The certificate chain was issued by an authority that is not trusted.** To fix this, either configure the SQL Server instance to use an SSL/TLS certificate which is trusted by the client or select **trust server certificate** in the advanced connection properties. For more information, see [Enable encrypted connections to the Database Engine](../../../database-engine/configure-windows/configure-sql-server-encryption.md).
0 commit comments