Deploy Active Directory integrated SQL Managed Instance enabled by Azure Arc using Azure CLI

This article explains how to deploy SQL Managed Instance enabled by Azure Arc with Active Directory (AD) authentication using Azure CLI.

See these articles for specific instructions:

Prerequisites

Before you proceed, install the following tools:

To know more further details about how to set up OU and AD account, go to Deploy Azure Arc-enabled data services in Active Directory authentication - prerequisites

Deploy and update Active Directory integrated SQL Managed Instance

Create an instance

To view available options for create command for SQL Managed Instance enabled by Azure Arc, use the following command:

az sql mi-arc create --help

To create a SQL Managed Instance, use az sql mi-arc create. See the following examples for different connectivity modes:

Create - indirectly connected mode

az sql mi-arc create 
--name < SQL MI name >  
--k8s-namespace < namespace > 
--ad-connector-name < your AD connector name > 
--keytab-secret < SQL MI keytab secret name >  
--ad-account-name < SQL MI AD user account >  
--primary-dns-name < SQL MI primary endpoint DNS name > 
--primary-port-number < SQL MI primary endpoint port number > 
--secondary-dns-name < SQL MI secondary endpoint DNS name > 
--secondary-port-number < SQL MI secondary endpoint port number > 
--use-k8s

Example:

az sql mi-arc create 
--name contososqlmi 
--k8s-namespace arc 
--ad-connector-name adarc 
--keytab-secret arcuser-keytab-secret
--ad-account-name arcuser 
--primary-dns-name arcsqlmi.contoso.local
--primary-port-number 31433 
--secondary-dns-name arcsqlmi-2.contoso.local
--secondary-port-number 31434
--use-k8s

Create - directly connected mode

az sql mi-arc create 
--name < SQL MI name >  
--ad-connector-name < your AD connector name > 
--keytab-secret < SQL MI keytab secret name >  
--ad-account-name < SQL MI AD user account > 
--primary-dns-name < SQL MI primary endpoint DNS name > 
--primary-port-number < SQL MI primary endpoint port number > 
--secondary-dns-name < SQL MI secondary endpoint DNS name > 
--secondary-port-number < SQL MI secondary endpoint port number >
--custom-location < your custom location > 
--resource-group < resource-group >

Example:

az sql mi-arc create 
--name contososqlmi 
--ad-connector-name adarc 
--keytab-secret arcuser-keytab-secret
--ad-account-name arcuser 
--primary-dns-name arcsqlmi.contoso.local
--primary-port-number 31433 
--secondary-dns-name arcsqlmi-2.contoso.local
--secondary-port-number 31434
--custom-location private-location
--resource-group arc-rg

Update an instance

To update a SQL Managed Instance, use az sql mi-arc update. See the following examples for different connectivity modes:

Update - indirectly connected mode

az sql mi-arc update 
--name < SQL MI name >  
--k8s-namespace < namespace > 
--keytab-secret < SQL MI keytab secret name >  
--use-k8s

Example:

az sql mi-arc update 
--name contososqlmi 
--k8s-namespace arc 
--keytab-secret arcuser-keytab-secret
--use-k8s

Update - directly connected mode

Note

Note that the resource group is a mandatory parameter but this is not changeable.

az sql mi-arc update 
--name < SQL MI name >  
--keytab-secret < SQL MI keytab secret name >  
--resource-group < resource-group >

Example:

az sql mi-arc update 
--name contososqlmi 
--keytab-secret arcuser-keytab-secret
--resource-group arc-rg

Delete an instance in directly connected mode

To delete a SQL Managed Instance, use az sql mi-arc delete. See the following examples for both connectivity modes:

az sql mi-arc delete --name < SQL MI name >  --k8s-namespace < namespace > --use-k8s

Example:

az sql mi-arc delete --name contososqlmi --k8s-namespace arc --use-k8s