Active Directory Password Connection Azure SQL Fai

2020-04-14 03:02发布

问题:

I need to connect via Azure Automation to an Azure SQL Server using my Azure Active Directory Admin account that is set as the Azure SQL Server AZ AD Admin.

I am able to connect to Azure SQL:

  1. Using SSMS with the Azure AD Admin Account
  2. Using the PowerShell ISE with the Azure AD Admin Account in a SQL ConnectionString
  3. Using Azure Automation with the Azure SQL Admin account (the one created when a new Azure SQL Server is created) in a SQL ConnectionString

However, when attempting to connect to Azure SQL in Azure Automation using the Active Directory Admin account in Azure Automation in a SQL ConnectionString, I get the following error:

New-Object : Exception calling ".ctor" with "1" argument(s): "Keyword not supported: 'authentication'."

Here is my connection attempt:

$server = "tcp:myazuresql.database.windows.net,1433"
$database = "TestDB"
$adminName = "test@mytest.onmicrosoft.com"
$adminPassword = "test1234"

$connectionString = "Server=$server;Database=$database;User ID=$adminName;Password=$adminPassword;authentication=Active Directory Password;"
$connection = New-Object -TypeName System.Data.SqlClient.SqlConnection($connectionString)

Any ideas on why I can connect via PowerShell ISE and SSMS but not Azure Automation with the Azure Active Directory Admin? I can also connect via Azure Automation and the Azure SQL Admin account (the default admin account you create with Azure SQL).

The only way I can't connect is when using the Azure Active Directory Admin tied to Azure SQL when using Azure Automation.

回答1:

Using Azure AD to connect to SQL is not yet supported with Azure Automation Account.This feature requires .NET Framework 4.6 and currently Azure Automation workers only had .NET Framework 4.5.

Suggestion:

  • Instead of using Azure Active Password Authentication, try automating with SQL Server authentication
  • Try using Hybrid runbook worker as they are able to install the latest version of .Net Framework (ref: https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker)


回答2:

Using the Azure Automation Module

   ## Using Azure Automation ISE Add-on
    #Install-Module -Name AzureAutomationAuthoringToolkit
    Import-Module AzureAutomationAuthoringToolkit
    $SqlServer = "myazuresql.database.windows.net"
    $SqlServerPort = "1433"
    $Database = "TestDB"
    $Table = ""
    $SqlCredentialAsset = ""
    $SqlCredential = Get-AutomationPSCredential -Name $SqlCredentialAsset 
    if ($SqlCredential -eq $null) 
        { 
            throw "Could not retrieve '$SqlCredentialAsset' credential asset. Check that you created this first in the Automation service." 
        }   
    $SqlUsername = $SqlCredential.UserName 
    $SqlPass = $SqlCredential.GetNetworkCredential().Password 
    $Conn = New-Object System.Data.SqlClient.SqlConnection("Server=tcp:$SqlServer,$SqlServerPort;Database=$Database;User ID=$SqlUsername;Password=$SqlPass;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;")

    $Conn.Open() 
    $Cmd=new-object system.Data.SqlClient.SqlCommand("SELECT COUNT(*) from $Table", $Conn) 
    $Cmd.CommandTimeout=120 
    $Conn.Close()

Code for inside RunBook

#Runbook
Param
(
[Parameter(Mandatory=$true)]
[String]
$AureConnectionName
)

$AzureConn = Get-AutomationConnection -Name $AzureConnectionName

If ($AuzreConn -eq $null)
{
    throw "Could not retrieve '$SqlCredentialAsset' credential asset."
}
$Certificate = Get-AutomationCertificate -Name $AzureConn.AutomationCertificateName

if ($Certificate -eq $null)
{
 throw "Could not retrieve '$AzureConn.AutomationCertificateName' certificate asset." 
}

$cred = Get-Credential -Credential Domain\User
Login-AzureRmAccount -Credential $cred
Get-AzureRmSubscription | Select-AzureRmSubscription


回答3:

Please refer to this similar question.

If you want to connect SQL server with Azure AD user, ADAL SQL library should install on your VM. Now, Azure automation account does not install library. If you want use Azure AD user login your SQL server, you could select hybrid workers.

Runbooks in Azure Automation cannot access resources in your local data center since they run in the Azure cloud. The Hybrid Runbook Worker feature of Azure Automation allows you to run runbooks on machines located in your data center to manage local resources. The runbooks are stored and managed in Azure Automation and then delivered to one or more on-premises machines.