This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 3%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
In our release pipeline in Azure DevOps we provision a SQL server and a SQL database.
After the database has been created a contained user is created in that database manually, before the application can be started.
I'm trying to create the contained user after the SQL database has been created.
Because of security guidelines, I need create the connection with an Azure AD account and create a contained user that is a Azure AD user.
I'm trying to do this with the following script:
$dbConnectionString = "Server=tcp:mysqlserver.database.windows.net,1433;Initial Catalog=mydatabase;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Authentication='Active Directory Password';User ID='mysqladmin@mytentant.onmicrosoft.com';Password=mypassword"
$createUser = "CREATE USER [mycontaineduser@mytentant.onmicrosoft.com] FROM EXTERNAL PROVIDER"
$alterRole = "ALTER ROLE db_datawriter ADD MEMBER [mycontaineduser@tenant.onmicrosoft.com]"
Invoke-Sqlcmd -Query $createUser -ConnectionString $dbConnectionString -Verbose
Invoke-Sqlcmd -Query $alterRole -ConnectionString $dbConnectionString -Verbose
This gives an error 'Invoke-Sqlcmd : One or more errors occurred.'.
Any one have a clue or best practice on how to create the contained used in Powershell?
Hi @MrEco - I want to follow up to see if you have any additional questions or need further assistance, and also point out that the sqlcmd utility does have support for Azure AD and can be leveraged via a script format. Please see: SQLCMD Utility.
The new version of SQLCMD supports Azure AD authentication, including Multi-Factor Authentication (MFA) support for SQL Database, SQL Data Warehouse, and Always Encrypted features. The new BCP supports Azure AD authentication, including Multi-Factor Authentication (MFA) support for SQL Database and SQL Data Warehouse.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 10%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@MrEco-9773 Currently Invoke-Sqlcmd does not work with AAD authentication.
There is already a User Voice item in the product team's backlog to implement the same. Please upvote for the same so that it can be prioritized.
Invoke-sqlcmd does suport AAD authentication, but with an updated version of adalsql.dll.