Deploy Active Directory integrated Azure Arc-enabled SQL Managed Instance using Azure CLI

This article explains how to deploy Azure Arc-enabled SQL Managed Instance with Active Directory (AD) authentication using Azure CLI.

See these articles for specific instructions:

Prerequisites

Before you proceed, install the following tools:

To know more further details about how to set up OU and AD account, go to Deploy Azure Arc-enabled data services in Active Directory authentication - prerequisites

Deploy and update Active Directory integrated Azure Arc-enabled SQL Managed Instance

Create an Azure Arc-enabled SQL Managed Instance

To view available options for create command for Azure Arc-enabled SQL Managed Instance, use the following command:

az sql mi-arc create --help

To create a SQL Managed Instance, use az sql mi-arc create. See the following examples for different connectivity modes:

Create - indirectly connected mode

az sql mi-arc create 
--name < SQL MI name >  
--k8s-namespace < namespace > 
--ad-connector-name < your AD connector name > 
--keytab-secret < SQL MI keytab secret name >  
--ad-account-name < SQL MI AD user account >  
--primary-dns-name < SQL MI primary endpoint DNS name > 
--primary-port-number < SQL MI primary endpoint port number > 
--secondary-dns-name < SQL MI secondary endpoint DNS name > 
--secondary-port-number < SQL MI secondary endpoint port number > 
--use-k8s

Example:

az sql mi-arc create 
--name contososqlmi 
--k8s-namespace arc 
--ad-connector-name adarc 
--keytab-secret arcuser-keytab-secret
--ad-account-name arcuser 
--primary-dns-name arcsqlmi.contoso.local
--primary-port-number 31433 
--secondary-dns-name arcsqlmi-2.contoso.local
--secondary-port-number 31434
--use-k8s

Create - directly connected mode

az sql mi-arc create 
--name < SQL MI name >  
--ad-connector-name < your AD connector name > 
--keytab-secret < SQL MI keytab secret name >  
--ad-account-name < SQL MI AD user account > 
--primary-dns-name < SQL MI primary endpoint DNS name > 
--primary-port-number < SQL MI primary endpoint port number > 
--secondary-dns-name < SQL MI secondary endpoint DNS name > 
--secondary-port-number < SQL MI secondary endpoint port number >
--custom-location < your custom location > 
--resource-group < resource-group >

Example:

az sql mi-arc create 
--name contososqlmi 
--ad-connector-name adarc 
--keytab-secret arcuser-keytab-secret
--ad-account-name arcuser 
--primary-dns-name arcsqlmi.contoso.local
--primary-port-number 31433 
--secondary-dns-name arcsqlmi-2.contoso.local
--secondary-port-number 31434
--custom-location private-location
--resource-group arc-rg

Update an Azure Arc-enabled SQL Managed Instance

To update a SQL Managed Instance, use az sql mi-arc update. See the following examples for different connectivity modes:

Update - indirectly connected mode

az sql mi-arc update 
--name < SQL MI name >  
--k8s-namespace < namespace > 
--keytab-secret < SQL MI keytab secret name >  
--use-k8s

Example:

az sql mi-arc update 
--name contososqlmi 
--k8s-namespace arc 
--keytab-secret arcuser-keytab-secret
--use-k8s

Update - directly connected mode

Note

Note that the resource group is a mandatory parameter but this is not changeable.

az sql mi-arc update 
--name < SQL MI name >  
--keytab-secret < SQL MI keytab secret name >  
--resource-group < resource-group >

Example:

az sql mi-arc update 
--name contososqlmi 
--keytab-secret arcuser-keytab-secret
--resource-group arc-rg

Delete an Azure Arc-enabled SQL Managed Instance in directly connected mode

To delete a SQL Managed Instance, use az sql mi-arc delete. See the following examples for both connectivity modes:

az sql mi-arc delete --name < SQL MI name >  --k8s-namespace < namespace > --use-k8s

Example:

az sql mi-arc delete --name contososqlmi --k8s-namespace arc --use-k8s