As part of my process, I generally create automation and test it using my own account and on my local machine. Once I feel like I have something working, I move that to Azure automation. In general, the service account that Azure Automation automatically has the same permissions as my own account (unless changed from the default). This is true for Azure, but not true for some of the API access that may be inherently required.
The command that I am using to add a SQL Admin is Set-AzureRmSqlServerActiveDirectoryAdministrator. Unfortunately, the MSDN docs do a pretty poor job of describing the minimum set of permissions required to run these commands. In my automation tests, I received a cryptic "Access Denied". At first I thought this had to do with Azure access, but that didn't make much sense. Running the above command with the verbose flag and the debug flag yielded the following:
As you can see from the body of the response, I do not have sufficient privileges with the automation service account. The Request is going out to the graph API and seems to be verifying that the display name actually exists in AAD before adding it.
Granting permissions to the service account is quite easy, can can be done via the Azure portal. Navigate to AAD, click App Registrations, select the appropriate one and then click on Required Permissions. As these permissions need to be done by the service account itself, click add and then select the Graph API. I selected Read All Groups and Read Directory Data from the Application Permissions section.
After this, ensure to hit the Grant Permissions button at the top to make the changes permanent. After these changes, I was finally able to add an Azure AD Admin to an Azure SQL server via script with an Azure Automation service account.
I'm really enjoyed this article. I hope it is useful for others. Thanking you.
ReplyDeleteAppium Training in Chennai
Mobile Appium Coaching in Chennai
Appium Training in OMR
JMeter Training Course
JMeter Course
core java training in chennai
C C++ Training in Chennai
javascript training in chennai
Really wonderful blog! Thanks for taking your valuable time to share this with us. Keep us updated with more such blogs.
ReplyDeleteAWS Training in Chennai
AWS Training
DevOps certification in Chennai
VMware Training in Chennai
Azure Training in Chennai
Cloud Computing Training in Chennai
AWS course in Chennai
AWS Certification in Chennai
AWS Training in Chennai
This was helpful to me thanks for sharing this useful information. Kindly continue the work.
ReplyDeleteSpoken English Class in Chennai
Spoken English in Chennai
IELTS Training in Chennai
IELTS Chennai
Best English Speaking Classes in Mumbai
Spoken English Classes in Mumbai
IELTS Mumbai
IELTS Center in Mumbai
ReplyDeleteGreat Blog!!! Was an interesting blog with a clear concept. And will surely help many to update them.
Machine Learning course in Chennai
Machine Learning Training in Chennai
Data Science Course in Chennai
DevOps Training in Chennai
RPA Training in Chennai
AWS Training in Chennai
Aivivu - đại lý chuyên vé máy bay trong nước và quốc tế
ReplyDeletevé máy bay đi Mỹ bao nhiêu
gia ve may bay ve vn
vé máy bay hà nội sài gòn giá rẻ
vé máy bay từ phú quốc đi hà nội
vé máy bay hà nội nha trang
dịch vụ xe đưa đón sân bay
combo hà nội đà lạt 4 ngày 3 đêm
I really appreciate your efforts for writing this blog.Thanks for sharing.
ReplyDeleteSQL training in Pune
informative blog, keep posting java classes in pune
ReplyDelete