Is it possible to use an AAD managed identity with Invoke-Sqlcmd? I tried with a connection string ($connectionString = "Server=${sqlServer};Authentication=Active Directory Managed Identity;Database=${database};MultipleActiveResultSets=True") on a deployment script that have the SQL Server Admin identity assigned to it. That throw System.ArgumentException: Keyword not supported: 'authentication'. I also tried using a token that I retrieved this way:
I can use that access token to login but when I try to assign another identity to a database (CREATE USER [${user}] FROM EXTERNAL PROVIDER) I instead get an error that the user couldn't be retrived and I need to assign Directory Readers to the identity, which I already have. This is the full error code:
Principal '<user>' could not be resolved. Error message: 'Server identity is not configured. Please follow the steps in "Assign an Azure AD identity to your server and add Directory Reader permission to your identity" (https://aka.ms/sqlaadsetup)'
Is this module using a version of System.Data.SqlClient/Microsoft.Data.SqlClient where this simply isn't yet supported perhaps?
Is it possible to use an AAD managed identity with
Invoke-Sqlcmd
? I tried with a connection string ($connectionString = "Server=${sqlServer};Authentication=Active Directory Managed Identity;Database=${database};MultipleActiveResultSets=True"
) on a deployment script that have the SQL Server Admin identity assigned to it. That throwSystem.ArgumentException: Keyword not supported: 'authentication'
. I also tried using a token that I retrieved this way:I can use that access token to login but when I try to assign another identity to a database (
CREATE USER [${user}] FROM EXTERNAL PROVIDER
) I instead get an error that the user couldn't be retrived and I need to assignDirectory Readers
to the identity, which I already have. This is the full error code:Is this module using a version of System.Data.SqlClient/Microsoft.Data.SqlClient where this simply isn't yet supported perhaps?