Share via

changing Entra Admin in SQL server bicep template

Smriti 1 Reputation point
2024-08-22T07:35:04.04+00:00

I have deployed an Azure SQL server with some Entra Id admin through bicep template: but when i redeploy by changing the entra admin, It is not allowing me to do so it throws an error like the provided adminlogin is not valid. I gone through the documentation and found out that we have to use another Api outside of the sql server admin then we will be able to change the entra Admin but i am not able to understand the reason behind this rework.

  1. Please suggest why there is no feature to utilize the same bicep {attached code} for changing server entra admin
  2. And even if i add another authorization api for changing admin, that will not work for new server. I have to manually add a parameter for determining if the server already exists which is not a good practice.
  3. How can i ensure that my bicep template works for both new server and existing server without having to modify the template in both situations. My module should be idempotent.
  4. How can i dynamically determine the existence of the server every time i deploy and based on some Boolean output it should work.



@description('SQL server Name')
param pSqlServerName string

@description('Location for SQL server deployment')
param pLocation string

@description('Admin Login username for SQL Server')
param pSqlAzureAdLogin string            

@description('Tags')
param pResourceTags object

@description('Sid of Azure AD admin')
param pSid string
 
@description('tenant id')
param pTenantId string

// SQL Server
resource rSqlserver 'Microsoft.Sql/servers@2021-11-01' = {
  name: pSqlServerName
  location: pLocation
  tags:pResourceTags
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    administrators: {
      administratorType: 'ActiveDirectory'
      azureADOnlyAuthentication: true
      login: pSqlAzureAdLogin
      principalType: 'Group'
      sid: pSid
      tenantId: pTenantId
    }
    restrictOutboundNetworkAccess: 'Disabled'
    minimalTlsVersion: '1.2'
    publicNetworkAccess: 'Disabled'
    version: '12.0'
  }
}

//Outputs
output outSqlServerId string= rSqlserver.id
Azure SQL Database
Microsoft Security | Microsoft Entra | Microsoft Entra ID
SQL Server | Other

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SSingh-MSFT 16,461 Reputation points Moderator
    2024-08-30T04:42:40.77+00:00

    Hi @Smriti ,

    Thanks for your patience.

    We understand that the current behavior is less than desirable; the team is actively developing support for updates to the Microsoft Entra administrator via the Servers APIs to ensure that customer deployments can be idempotent.

    We appreciate your patience until the feature is available and follow Roadmap and "What's New" page to get latest updates to the product.

    Thank you!

  2. Sedat SALMAN 14,285 Reputation points MVP Volunteer Moderator
    2024-08-23T21:06:13.18+00:00

    here is a official issue tracking about bicep and admin problem

    you can check all the thread for a solution to your problem

    https://github.com/Azure/bicep/issues/4988

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.