Deploy Active Directory integrated SQL Managed Instance enabled by Azure Arc using Azure CLI
This article explains how to deploy SQL Managed Instance enabled by Azure Arc with Active Directory (AD) authentication using Azure CLI.
See these articles for specific instructions:
- Tutorial – Deploy AD connector in customer-managed keytab mode
- Tutorial – Deploy AD connector in system-managed keytab mode
Prerequisites
Before you proceed, install the following tools:
To know more further details about how to set up OU and AD account, go to Deploy Azure Arc-enabled data services in Active Directory authentication - prerequisites
Deploy and update Active Directory integrated SQL Managed Instance
Create an instance
To view available options for create command for SQL Managed Instance enabled by Azure Arc, use the following command:
az sql mi-arc create --help
To create a SQL Managed Instance, use az sql mi-arc create
. See the following examples for different connectivity modes:
Create - indirectly connected mode
az sql mi-arc create
--name < SQL MI name >
--k8s-namespace < namespace >
--ad-connector-name < your AD connector name >
--keytab-secret < SQL MI keytab secret name >
--ad-account-name < SQL MI AD user account >
--primary-dns-name < SQL MI primary endpoint DNS name >
--primary-port-number < SQL MI primary endpoint port number >
--secondary-dns-name < SQL MI secondary endpoint DNS name >
--secondary-port-number < SQL MI secondary endpoint port number >
--use-k8s
Example:
az sql mi-arc create
--name contososqlmi
--k8s-namespace arc
--ad-connector-name adarc
--keytab-secret arcuser-keytab-secret
--ad-account-name arcuser
--primary-dns-name arcsqlmi.contoso.local
--primary-port-number 31433
--secondary-dns-name arcsqlmi-2.contoso.local
--secondary-port-number 31434
--use-k8s
Create - directly connected mode
az sql mi-arc create
--name < SQL MI name >
--ad-connector-name < your AD connector name >
--keytab-secret < SQL MI keytab secret name >
--ad-account-name < SQL MI AD user account >
--primary-dns-name < SQL MI primary endpoint DNS name >
--primary-port-number < SQL MI primary endpoint port number >
--secondary-dns-name < SQL MI secondary endpoint DNS name >
--secondary-port-number < SQL MI secondary endpoint port number >
--custom-location < your custom location >
--resource-group < resource-group >
Example:
az sql mi-arc create
--name contososqlmi
--ad-connector-name adarc
--keytab-secret arcuser-keytab-secret
--ad-account-name arcuser
--primary-dns-name arcsqlmi.contoso.local
--primary-port-number 31433
--secondary-dns-name arcsqlmi-2.contoso.local
--secondary-port-number 31434
--custom-location private-location
--resource-group arc-rg
Update an instance
To update a SQL Managed Instance, use az sql mi-arc update
. See the following examples for different connectivity modes:
Update - indirectly connected mode
az sql mi-arc update
--name < SQL MI name >
--k8s-namespace < namespace >
--keytab-secret < SQL MI keytab secret name >
--use-k8s
Example:
az sql mi-arc update
--name contososqlmi
--k8s-namespace arc
--keytab-secret arcuser-keytab-secret
--use-k8s
Update - directly connected mode
Note
Note that the resource group is a mandatory parameter but this is not changeable.
az sql mi-arc update
--name < SQL MI name >
--keytab-secret < SQL MI keytab secret name >
--resource-group < resource-group >
Example:
az sql mi-arc update
--name contososqlmi
--keytab-secret arcuser-keytab-secret
--resource-group arc-rg
Delete an instance in directly connected mode
To delete a SQL Managed Instance, use az sql mi-arc delete
. See the following examples for both connectivity modes:
az sql mi-arc delete --name < SQL MI name > --k8s-namespace < namespace > --use-k8s
Example:
az sql mi-arc delete --name contososqlmi --k8s-namespace arc --use-k8s
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for