I have an Azure SQL Server and can SSMS into it. I also have an Azure Active Directory with a user named mytestuser@mytest.onmicrosoft.com. I want to add this user to have permissions to a database in my Azure SQL Server. The first step is trying to add it to the primary security of the Azure SQL Server.

I have tried the following on the Master Database:

CREATE USER [mytestuser@mytest.onmicrosoft.com] FROM EXTERNAL PROVIDER;
CREATE USER mytestuser;

But this generates the errors of:

Principal 'mytestuser@mytest.onmicrosoft.com' could not be created. Only connections established with Active Directory accounts can create other Active Directory users.

and

'mytestuser' is not a valid login or you do not have permission.

How do I add an Azure Active Account to Azure SQL? Once I have added it via the Master so it shows up in Security, I should be able to add it to any number of created databases via:

CREATE USER mytestuser FROM LOGIN mytestuser; 

After wasting 4 hours of my day trying to do this, below are the steps that worked for me:

• as per the documentation, set your AD account as the Active Directory admin (follow the steps mentioned in the documentation here: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure under: Provision an Azure Active Directory administrator for your Azure SQL Database server).
• Install the latest version of SSMS on your machine (the 18 RC1 in my case). If you have an existing version installed, uninstall it and "try" to clean any left over registry keys, list here: Failed to parse XML blob ).
• Connect to your server using [Active Directory Integrated]. If you get the following error message : [Failed to parse XML blob], repeat step 2, or just install the latest version of SSMS on a different VM/Machine on your network (needs to be part of the same domain).
• Once connected, execute the following SQL (from the official documentation) CREATE USER [username@domain.com] FROM EXTERNAL PROVIDER;

I cannot believe I wasted almost two working days trying to do something as simple as adding a user to db. This is beyond belief. (/rantover)

I was able to connect and add an Active Directory User but it required the following:

1) SQL Server Management Studio 2016 or greater to have the Active Directory Login options (I used Active Directory Password Authentication)

2) Ensuring that the Azure SQL Server had the Azure Active Directory Admin set. You will this account to connect in Step 1