Edit

Share via

Set-AzSqlInstanceActiveDirectoryAdministrator

Module:
Az.Sql Module

Provisions a Microsoft Entra administrator for SQL Managed Instance.

Syntax

UseResourceGroupAndInstanceNameParameterSet (Default) 

Set-AzSqlInstanceActiveDirectoryAdministrator
    [-DisplayName] <String>
    [-ObjectId] <Guid>
    [-ResourceGroupName] <String>
    [-InstanceName] <String>
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UseInputObjectParameterSet 

Set-AzSqlInstanceActiveDirectoryAdministrator
    [-DisplayName] <String>
    [-ObjectId] <Guid>
    -InputObject <AzureSqlManagedInstanceModel>
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

UserResourceIdParameterSet 

Set-AzSqlInstanceActiveDirectoryAdministrator
    [-DisplayName] <String>
    [-ObjectId] <Guid>
    [-ResourceId] <String>
    [-DefaultProfile <IAzureContextContainer>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

The Set-AzSqlInstanceActiveDirectoryAdministrator cmdlet provisions a Microsoft Entra administrator for AzureSQL Managed Instance in the current subscription. You can provision only one administrator at a time. The following members of Microsoft Entra ID can be provisioned as a SQL Managed Instance administrator:

  • Native members of Microsoft Entra ID
  • Federated members of Microsoft Entra ID
  • Microsoft Entra groups created as security groups Imported members from other Azure ADs are not supported as administrators. Microsoft accounts, such as those in the Outlook.com, Hotmail.com, or Live.com domains, are not supported as administrators. Other guest accounts, such as those in the Gmail.com or Yahoo.com domains, are not supported as administrators. We recommend that you provision a dedicated Microsoft Entra group as an administrator.

Examples

Example 1: Provision an administrator group for a managed instance associated with resource group

Set-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName "ResourceGroup01" -InstanceName "ManagedInstance01" -DisplayName "DBAs" -ObjectId "40b79501-b343-44ed-9ce7-da4c8cc7353b"

ResourceGroupName InstanceName      DisplayName ObjectId
----------------- ----------------- ----------- --------
ResourceGroup01   ManagedInstance01 DBAs        40b79501-b343-44ed-9ce7-da4c8cc7353b

This command provisions a Microsoft Entra administrator group named DBAs for the managed instance named ManagedInstance01. This server is associated with resource group ResourceGroup01.

Example 2: Provision an administrator user using managed instance object

Get-AzSqlInstance -ResourceGroupName "ResourceGroup01" -InstanceName "ManagedInstance01" | Set-AzSqlInstanceActiveDirectoryAdministrator -DisplayName "David Chew" -ObjectId "11E95548-B179-4FE1-9AF4-ACA49D13ABB9"

ResourceGroupName InstanceName      DisplayName ObjectId
----------------- ----------------- ----------- --------
Resourcegroup01   ManagedInstance01 David Chew  11E95548-B179-4FE1-9AF4-ACA49D13ABB9

This command provisions a Microsoft Entra user as an administrator from the managed instance object.

Example 3: Provision an administrator using managed instance resource identifier

Get-AzSqlInstance -ResourceId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/ResourceGroup01/providers/Microsoft.Sql/managedInstances/ManagedInstance01" | Set-AzSqlInstanceActiveDirectoryAdministrator -DisplayName "David Chew" -ObjectId "11E95548-B179-4FE1-9AF4-ACA49D13ABB9"

ResourceGroupName InstanceName      DisplayName ObjectId
----------------- ----------------- ----------- --------
Resourcegroup01   ManagedInstance01 David Chew  11E95548-B179-4FE1-9AF4-ACA49D13ABB9

This command provisions a Microsoft Entra user as an administrator using managed instance resource identifier.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False
Aliases:cf

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with Azure.

Parameter properties

Type:IAzureContextContainer
Default value:None
Supports wildcards:False
DontShow:False
Aliases:AzContext, AzureRmContext, AzureCredential

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

-DisplayName

Specifies the display name of the user or group for whom to grant permissions. This display name must exist in the active directory associated with the current subscription.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:2
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-InputObject

The managed instance object to use.

Parameter properties

Type:AzureSqlManagedInstanceModel
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

UseInputObjectParameterSet
Position:Named
Mandatory:True
Value from pipeline:True
Value from pipeline by property name:False
Value from remaining arguments:False

-InstanceName

SQL Managed Instance name.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

UseResourceGroupAndInstanceNameParameterSet
Position:1
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-ObjectId

Specifies the object ID of the user or group in Microsoft Entra ID for which to grant permissions.

Parameter properties

Type:Guid
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

(All)
Position:3
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-ResourceGroupName

The name of the resource group.

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

UseResourceGroupAndInstanceNameParameterSet
Position:0
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-ResourceId

The resource id of instance to use

Parameter properties

Type:String
Default value:None
Supports wildcards:False
DontShow:False

Parameter sets

UserResourceIdParameterSet
Position:0
Mandatory:True
Value from pipeline:False
Value from pipeline by property name:True
Value from remaining arguments:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Type:SwitchParameter
Default value:None
Supports wildcards:False
DontShow:False
Aliases:wi

Parameter sets

(All)
Position:Named
Mandatory:False
Value from pipeline:False
Value from pipeline by property name:False
Value from remaining arguments:False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

Inputs

String

Guid

Outputs

AzureSqlInstanceActiveDirectoryAdministratorModel