Set-AzSqlInstanceActiveDirectoryAdministrator
Provisions a Microsoft Entra administrator for SQL Managed Instance.
Set-AzSqlInstanceActiveDirectoryAdministrator
[-DisplayName] <String>
[-ObjectId] <Guid>
[-ResourceGroupName] <String>
[-InstanceName] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzSqlInstanceActiveDirectoryAdministrator
[-DisplayName] <String>
[-ObjectId] <Guid>
-InputObject <AzureSqlManagedInstanceModel>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzSqlInstanceActiveDirectoryAdministrator
[-DisplayName] <String>
[-ObjectId] <Guid>
[-ResourceId] <String>
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
The Set-AzSqlInstanceActiveDirectoryAdministrator cmdlet provisions a Microsoft Entra administrator for AzureSQL Managed Instance in the current subscription. You can provision only one administrator at a time. The following members of Microsoft Entra ID can be provisioned as a SQL Managed Instance administrator:
- Native members of Microsoft Entra ID
- Federated members of Microsoft Entra ID
- Microsoft Entra groups created as security groups Imported members from other Azure ADs are not supported as administrators. Microsoft accounts, such as those in the Outlook.com, Hotmail.com, or Live.com domains, are not supported as administrators. Other guest accounts, such as those in the Gmail.com or Yahoo.com domains, are not supported as administrators. We recommend that you provision a dedicated Microsoft Entra group as an administrator.
Set-AzSqlInstanceActiveDirectoryAdministrator -ResourceGroupName "ResourceGroup01" -InstanceName "ManagedInstance01" -DisplayName "DBAs" -ObjectId "40b79501-b343-44ed-9ce7-da4c8cc7353b"
ResourceGroupName InstanceName DisplayName ObjectId
----------------- ----------------- ----------- --------
ResourceGroup01 ManagedInstance01 DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b
This command provisions a Microsoft Entra administrator group named DBAs for the managed instance named ManagedInstance01. This server is associated with resource group ResourceGroup01.
Get-AzSqlInstance -ResourceGroupName "ResourceGroup01" -InstanceName "ManagedInstance01" | Set-AzSqlInstanceActiveDirectoryAdministrator -DisplayName "David Chew" -ObjectId "11E95548-B179-4FE1-9AF4-ACA49D13ABB9"
ResourceGroupName InstanceName DisplayName ObjectId
----------------- ----------------- ----------- --------
Resourcegroup01 ManagedInstance01 David Chew 11E95548-B179-4FE1-9AF4-ACA49D13ABB9
This command provisions a Microsoft Entra user as an administrator from the managed instance object.
Get-AzSqlInstance -ResourceId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/ResourceGroup01/providers/Microsoft.Sql/managedInstances/ManagedInstance01" | Set-AzSqlInstanceActiveDirectoryAdministrator -DisplayName "David Chew" -ObjectId "11E95548-B179-4FE1-9AF4-ACA49D13ABB9"
ResourceGroupName InstanceName DisplayName ObjectId
----------------- ----------------- ----------- --------
Resourcegroup01 ManagedInstance01 David Chew 11E95548-B179-4FE1-9AF4-ACA49D13ABB9
This command provisions a Microsoft Entra user as an administrator using managed instance resource identifier.
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
The credentials, account, tenant, and subscription used for communication with Azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the display name of the user or group for whom to grant permissions. This display name must exist in the active directory associated with the current subscription.
Type: | String |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The managed instance object to use.
Type: | AzureSqlManagedInstanceModel |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
SQL Managed Instance name.
Type: | String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Specifies the object ID of the user or group in Microsoft Entra ID for which to grant permissions.
Type: | Guid |
Position: | 3 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The name of the resource group.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
The resource id of instance to use
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |