Using "Active Directory Managed Identity" with Invoke-Sqlcmd

[OskarKlintrot]

Is it possible to use an AAD managed identity with Invoke-Sqlcmd? I tried with a connection string ($connectionString = "Server=${sqlServer};Authentication=Active Directory Managed Identity;Database=${database};MultipleActiveResultSets=True") on a deployment script that have the SQL Server Admin identity assigned to it. That throw System.ArgumentException: Keyword not supported: 'authentication'. I also tried using a token that I retrieved this way:

$credentials = Get-AzAccessToken -ResourceUrl https://database.windows.net
$token = $credentials. Token

I can use that access token to login but when I try to assign another identity to a database (CREATE USER [${user}] FROM EXTERNAL PROVIDER) I instead get an error that the user couldn't be retrived and I need to assign Directory Readers to the identity, which I already have. This is the full error code:

Principal '<user>' could not be resolved. Error message: 'Server identity is not configured. Please follow the steps in "Assign an Azure AD identity to your server and add Directory Reader permission to your identity" (https://aka.ms/sqlaadsetup)'

Is this module using a version of System.Data.SqlClient/Microsoft.Data.SqlClient where this simply isn't yet supported perhaps?

[OskarKlintrot]

Assign an Azure AD identity to your server

Doh! Just re-read the error message, I only assigned an identity to my script but not my server. My bad!