diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj b/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj
index f38983522820..59290ab885c8 100644
--- a/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj
+++ b/src/ResourceManager/Resources/Commands.Resources.Test/Commands.Resources.Test.csproj
@@ -306,6 +306,9 @@
PreserveNewest
+
+ Always
+
Always
diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.cs b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.cs
index 860fd5da2a68..33bebcd08c8a 100644
--- a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.cs
+++ b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.cs
@@ -108,6 +108,32 @@ public void TestGetADGroupWithObjectId()
TestUtilities.GetCurrentMethodName());
}
+ [Fact]
+ [Trait(Category.AcceptanceType, Category.CheckIn)]
+ public void TestGetADGroupSecurityEnabled()
+ {
+ const string scriptMethod = "Test-GetADGroupSecurityEnabled '{0}' '{1}'";
+ Group newGroup = null;
+ var controllerAdmin = ResourcesController.NewInstance;
+
+ controllerAdmin.RunPsTestWorkflow(
+ // scriptBuilder
+ () =>
+ {
+ newGroup = CreateNewAdGroup(controllerAdmin);
+ return new[] { string.Format(scriptMethod, newGroup.ObjectId, newGroup.SecurityEnabled) };
+ },
+ // initialize
+ null,
+ // cleanup
+ () =>
+ {
+ DeleteAdGroup(controllerAdmin, newGroup);
+ },
+ TestUtilities.GetCallingClass(),
+ TestUtilities.GetCurrentMethodName());
+ }
+
[Fact]
[Trait(Category.AcceptanceType, Category.CheckIn)]
public void TestGetADGroupWithBadObjectId()
diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1 b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1
index 972084637f46..b6124abb6a2c 100644
--- a/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1
+++ b/src/ResourceManager/Resources/Commands.Resources.Test/ScenarioTests/ActiveDirectoryTests.ps1
@@ -78,6 +78,24 @@ function Test-GetADGroupWithObjectId
Assert-NotNull($groups[0].DisplayName)
}
+<#
+.SYNOPSIS
+Tests getting Active Directory group with security enabled .
+#>
+function Test-GetADGroupSecurityEnabled
+{
+ param([string]$objectId, [string]$securityEnabled)
+
+ # Test
+ $groups = Get-AzureADGroup -ObjectId $objectId
+
+ # Assert
+ Assert-AreEqual $groups.Count 1
+ Assert-AreEqual $groups[0].Id $objectId
+ Assert-AreEqual $groups[0].SecurityEnabled $securityEnabled
+ Assert-NotNull($groups[0].DisplayName)
+}
+
<#
.SYNOPSIS
Tests getting Active Directory groups.
diff --git a/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestGetADGroupSecurityEnabled.json b/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestGetADGroupSecurityEnabled.json
new file mode 100644
index 000000000000..9bc5d1eee118
--- /dev/null
+++ b/src/ResourceManager/Resources/Commands.Resources.Test/SessionRecords/Microsoft.Azure.Commands.Resources.Test.ScenarioTests.ActiveDirectoryTests/TestGetADGroupSecurityEnabled.json
@@ -0,0 +1,237 @@
+{
+ "Entries": [
+ {
+ "RequestUri": "/73bf5eac-7be2-4c8c-b3eb-9cc4aa201100/groups?api-version=1.42-previewInternal",
+ "EncodedRequestUri": "LzczYmY1ZWFjLTdiZTItNGM4Yy1iM2ViLTljYzRhYTIwMTEwMC9ncm91cHM/YXBpLXZlcnNpb249MS40Mi1wcmV2aWV3SW50ZXJuYWw=",
+ "RequestMethod": "POST",
+ "RequestBody": "{\r\n \"displayName\": \"adgroup6035\",\r\n \"mailEnabled\": false,\r\n \"mailNickname\": \"adgroupmail8751\",\r\n \"securityEnabled\": true\r\n}",
+ "RequestHeaders": {
+ "Content-Type": [
+ "application/json; charset=utf-8"
+ ],
+ "Content-Length": [
+ "127"
+ ],
+ "User-Agent": [
+ "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.ppe.windows.net/73bf5eac-7be2-4c8c-b3eb-9cc4aa201100/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Group/@Element\",\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Group\",\r\n \"objectType\": \"Group\",\r\n \"objectId\": \"0b7e4247-de60-405c-9c04-6cc9721539a1\",\r\n \"softDeletionTimestamp\": null,\r\n \"appMetadata\": null,\r\n \"exchangeResources\": [],\r\n \"description\": null,\r\n \"dirSyncEnabled\": null,\r\n \"displayName\": \"adgroup6035\",\r\n \"groupType\": null,\r\n \"isPublic\": null,\r\n \"lastDirSyncTime\": null,\r\n \"licenseAssignment\": [],\r\n \"mail\": null,\r\n \"mailNickname\": \"adgroupmail8751\",\r\n \"mailEnabled\": false,\r\n \"onPremiseSecurityIdentifier\": null,\r\n \"provisioningErrors\": [],\r\n \"proxyAddresses\": [],\r\n \"securityEnabled\": true,\r\n \"sharepointResources\": []\r\n}",
+ "ResponseHeaders": {
+ "Content-Length": [
+ "710"
+ ],
+ "Content-Type": [
+ "application/json; odata=minimalmetadata; streaming=true; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "ocp-aad-diagnostics-server-name": [
+ "p26FZwHhWTf12W1XQXK+GyAVGWe+soGFePh6Rq4qHrI="
+ ],
+ "request-id": [
+ "3a6f6342-c8fa-4e0a-95f1-684e1804c4b0"
+ ],
+ "client-request-id": [
+ "9663327c-670b-4f78-9eca-0aa9ee4e4c1a"
+ ],
+ "x-ms-gateway-rewrite": [
+ "false"
+ ],
+ "x-ms-dirapi-data-contract-version": [
+ "1.42-previewInternal"
+ ],
+ "ocp-aad-session-key": [
+ "CxL0SUxsw4WnJVmlwroRNjovfpfYLZPQIunngNXUsC6mZOmMq1-YKykQNSBVLb2fzsD7k7DAlVXzQ2Ui5pGs1aDPLo7FC6muKk1Ghbi2V7ub9RICbzNAK1a08grMzvXX94Q2JPOpxwGmfaDhBmbPDg.6RPP7LGnF2_VC2CkQQEtp8zagjFfcy386N5GtNaSbcY"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "DataServiceVersion": [
+ "3.0;"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "Access-Control-Allow-Origin": [
+ "*"
+ ],
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Location": [
+ "https://graph.ppe.windows.net/73bf5eac-7be2-4c8c-b3eb-9cc4aa201100/directoryObjects/0b7e4247-de60-405c-9c04-6cc9721539a1/Microsoft.WindowsAzure.ActiveDirectory.Group"
+ ],
+ "Server": [
+ "Microsoft-IIS/8.5"
+ ],
+ "X-AspNet-Version": [
+ "4.0.30319"
+ ],
+ "X-Powered-By": [
+ "ASP.NET",
+ "ASP.NET"
+ ],
+ "Date": [
+ "Tue, 18 Aug 2015 16:56:03 GMT"
+ ]
+ },
+ "StatusCode": 201
+ },
+ {
+ "RequestUri": "/73bf5eac-7be2-4c8c-b3eb-9cc4aa201100/groups/0b7e4247-de60-405c-9c04-6cc9721539a1?api-version=1.42-previewInternal",
+ "EncodedRequestUri": "LzczYmY1ZWFjLTdiZTItNGM4Yy1iM2ViLTljYzRhYTIwMTEwMC9ncm91cHMvMGI3ZTQyNDctZGU2MC00MDVjLTljMDQtNmNjOTcyMTUzOWExP2FwaS12ZXJzaW9uPTEuNDItcHJldmlld0ludGVybmFs",
+ "RequestMethod": "GET",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0"
+ ]
+ },
+ "ResponseBody": "{\r\n \"odata.metadata\": \"https://graph.ppe.windows.net/73bf5eac-7be2-4c8c-b3eb-9cc4aa201100/$metadata#directoryObjects/Microsoft.WindowsAzure.ActiveDirectory.Group/@Element\",\r\n \"odata.type\": \"Microsoft.WindowsAzure.ActiveDirectory.Group\",\r\n \"objectType\": \"Group\",\r\n \"objectId\": \"0b7e4247-de60-405c-9c04-6cc9721539a1\",\r\n \"softDeletionTimestamp\": null,\r\n \"appMetadata\": null,\r\n \"exchangeResources\": [],\r\n \"description\": null,\r\n \"dirSyncEnabled\": null,\r\n \"displayName\": \"adgroup6035\",\r\n \"groupType\": null,\r\n \"isPublic\": null,\r\n \"lastDirSyncTime\": null,\r\n \"licenseAssignment\": [],\r\n \"mail\": null,\r\n \"mailNickname\": \"adgroupmail8751\",\r\n \"mailEnabled\": false,\r\n \"onPremiseSecurityIdentifier\": null,\r\n \"provisioningErrors\": [],\r\n \"proxyAddresses\": [],\r\n \"securityEnabled\": true,\r\n \"sharepointResources\": []\r\n}",
+ "ResponseHeaders": {
+ "Content-Length": [
+ "710"
+ ],
+ "Content-Type": [
+ "application/json; odata=minimalmetadata; streaming=true; charset=utf-8"
+ ],
+ "Expires": [
+ "-1"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "ocp-aad-diagnostics-server-name": [
+ "vhYgA4yOUvjGnawHsDLVJznXNq0HF1intYYZGiD8RqA="
+ ],
+ "request-id": [
+ "fcfc812f-4c75-4050-a26d-13319ea6a584"
+ ],
+ "client-request-id": [
+ "e2cbd040-d98a-489a-9ce9-d2256e485035"
+ ],
+ "x-ms-gateway-rewrite": [
+ "false"
+ ],
+ "x-ms-dirapi-data-contract-version": [
+ "1.42-previewInternal"
+ ],
+ "ocp-aad-session-key": [
+ "cDC4lcRcPV6FLoN7Gd_FKWd7XvI78lkKeJxpz9UibQmAqFRy5vBuc_PpkyW-yB-BuWl033MW-AQ-i6rWNItLO92wDzEd2t-hFwl7VWswVo-fAwkZ5H4CiGTePIOpE1GpE6j2vkhEYI7MLOshQnayfg.k9Tz72L20M2yv4kgOIEDIPaY0qfEHdBsM33mTfekIMo"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "DataServiceVersion": [
+ "3.0;"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "Access-Control-Allow-Origin": [
+ "*"
+ ],
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-IIS/8.5"
+ ],
+ "X-AspNet-Version": [
+ "4.0.30319"
+ ],
+ "X-Powered-By": [
+ "ASP.NET",
+ "ASP.NET"
+ ],
+ "Date": [
+ "Tue, 18 Aug 2015 16:56:03 GMT"
+ ]
+ },
+ "StatusCode": 200
+ },
+ {
+ "RequestUri": "/73bf5eac-7be2-4c8c-b3eb-9cc4aa201100/groups/0b7e4247-de60-405c-9c04-6cc9721539a1?api-version=1.42-previewInternal",
+ "EncodedRequestUri": "LzczYmY1ZWFjLTdiZTItNGM4Yy1iM2ViLTljYzRhYTIwMTEwMC9ncm91cHMvMGI3ZTQyNDctZGU2MC00MDVjLTljMDQtNmNjOTcyMTUzOWExP2FwaS12ZXJzaW9uPTEuNDItcHJldmlld0ludGVybmFs",
+ "RequestMethod": "DELETE",
+ "RequestBody": "",
+ "RequestHeaders": {
+ "User-Agent": [
+ "Microsoft.Azure.Graph.RBAC.GraphRbacManagementClient/1.0.0.0"
+ ]
+ },
+ "ResponseBody": "",
+ "ResponseHeaders": {
+ "Expires": [
+ "-1"
+ ],
+ "Pragma": [
+ "no-cache"
+ ],
+ "ocp-aad-diagnostics-server-name": [
+ "p26FZwHhWTf12W1XQXK+GyAVGWe+soGFePh6Rq4qHrI="
+ ],
+ "request-id": [
+ "5d694c7d-a5b3-4598-9a2e-13ec7647d942"
+ ],
+ "client-request-id": [
+ "89e4709f-c962-42bf-b703-df5180ec3cf2"
+ ],
+ "x-ms-gateway-rewrite": [
+ "false"
+ ],
+ "x-ms-dirapi-data-contract-version": [
+ "1.42-previewInternal"
+ ],
+ "ocp-aad-session-key": [
+ "U2xkwifbpzW18YgrT01D0Z0Jb7sN55yzRIkX3Ok355EEVR1Yehs4jYQL_t5I-WyXYQQAGsEasX5GDadld9N8TljR-gJH2Z98wXMZ4mCqaLNAtxwuoN8Fqv1njzKiEazRobH2UuaBsRgQLqIB2Oxl5Q.99_JDq-Z8uaz1-CCXjpdINoQYBRW_HUwqjn4M3snDTE"
+ ],
+ "X-Content-Type-Options": [
+ "nosniff"
+ ],
+ "DataServiceVersion": [
+ "1.0;"
+ ],
+ "Strict-Transport-Security": [
+ "max-age=31536000; includeSubDomains"
+ ],
+ "Access-Control-Allow-Origin": [
+ "*"
+ ],
+ "Cache-Control": [
+ "no-cache"
+ ],
+ "Server": [
+ "Microsoft-IIS/8.5"
+ ],
+ "X-AspNet-Version": [
+ "4.0.30319"
+ ],
+ "X-Powered-By": [
+ "ASP.NET",
+ "ASP.NET"
+ ],
+ "Date": [
+ "Tue, 18 Aug 2015 16:56:03 GMT"
+ ]
+ },
+ "StatusCode": 204
+ }
+ ],
+ "Names": {
+ "CreateNewAdGroup": [
+ "adgroup6035",
+ "adgroupmail8751"
+ ]
+ },
+ "Variables": {
+ "SubscriptionId": "83ff500d-38ad-4a36-a26b-f500be74b250",
+ "TenantId": "73bf5eac-7be2-4c8c-b3eb-9cc4aa201100",
+ "Domain": "aztestorg067.ccsctp.net"
+ }
+}
\ No newline at end of file
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs
index 3eaedadaccf0..59f2b4f10cc4 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/ActiveDirectoryClientExtensions.cs
@@ -60,7 +60,8 @@ public static PSADObject ToPSADObject(this AADObject obj)
{
DisplayName = obj.DisplayName,
Type = obj.ObjectType,
- Id = new Guid(obj.ObjectId)/*,
+ Id = new Guid(obj.ObjectId),
+ SecurityEnabled = obj.SecurityEnabled/*,
Mail = group.Mail*/
};
@@ -101,7 +102,8 @@ public static PSADGroup ToPSADGroup(this Group group)
return new PSADGroup()
{
DisplayName = group.DisplayName,
- Id = new Guid(group.ObjectId)/*,
+ Id = new Guid(group.ObjectId),
+ SecurityEnabled = group.SecurityEnabled/*,
Mail = group.Mail*/
};
}
diff --git a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADGroup.cs b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADGroup.cs
index 2a705cec6a64..7b9fa4f109c7 100644
--- a/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADGroup.cs
+++ b/src/ResourceManager/Resources/Commands.Resources/Models.ActiveDirectory/PSADGroup.cs
@@ -17,5 +17,7 @@ namespace Microsoft.Azure.Commands.Resources.Models.ActiveDirectory
public class PSADGroup : PSADObject
{
public string Mail { get; set; }
+
+ public bool? SecurityEnabled { get; set; }
}
}
diff --git a/src/ResourceManager/Sql/Commands.Sql/Microsoft.Azure.Commands.Sql.dll-Help.xml b/src/ResourceManager/Sql/Commands.Sql/Microsoft.Azure.Commands.Sql.dll-Help.xml
index b3c0925595e2..7c6f6422c2d5 100644
--- a/src/ResourceManager/Sql/Commands.Sql/Microsoft.Azure.Commands.Sql.dll-Help.xml
+++ b/src/ResourceManager/Sql/Commands.Sql/Microsoft.Azure.Commands.Sql.dll-Help.xml
@@ -1643,7 +1643,7 @@ Switch-AzureMode –Name AzureResourceManager
Get-AzureSqlServerActiveDirectoryAdministrator
- The Get-AzureSqlServerActiveDirectoryAdministrator cmdlet returns information about an Azure Active Directory administrator for an Azure SQL Server in the current subscription.
+ Returns information about an Azure Active Directory administrator for Azure SQL Server in the current subscription.
@@ -1653,6 +1653,7 @@ Switch-AzureMode –Name AzureResourceManager
+ The Get-AzureSqlServerActiveDirectoryAdministrator cmdlet returns information about an Azure Active Directory administrator for Azure SQL Server in the current subscription.
Note: This cmdlet can only be executed in Azure Resource Manager mode. To enable Azure Resource Manager mode run the following command:
Switch-AzureMode –Name AzureResourceManager
For more information, see Using Windows PowerShell with Resource Manager.
@@ -1660,7 +1661,7 @@ Switch-AzureMode –Name AzureResourceManager
Get-AzureSqlServerActiveDirectoryAdministrator
-
+
ServerName
The name of the Azure SQL Server containing the Azure Active Directory administrator.
@@ -1684,7 +1685,7 @@ Switch-AzureMode –Name AzureResourceManager
-
+
ServerName
The name of the Azure SQL Server containing the Azure Active Directory administrator.
@@ -1729,7 +1730,8 @@ Switch-AzureMode –Name AzureResourceManager
- System.String
+
+System.String
@@ -1741,7 +1743,8 @@ Switch-AzureMode –Name AzureResourceManager
- System.Object
+
+System.Object
@@ -1754,8 +1757,39 @@ Switch-AzureMode –Name AzureResourceManager
+
+ -------------------------- Code Example 1 --------------------------
+
+ PS C:\>
+
+ PS C:\>Get-AzureSqlServerActiveDirectoryAdministrator –ResourceGroupName "Group-23" –ServerName "aad-managed-demo"
+
+ Returns information about an Azure Active Directory administrator for Azure SQL Database Server "aad_managed_demo" associated with resource group "Group-23"
+
+
+
+ResourceGroupName ServerName DisplayName ObjectId
+----------------- ---------- ----------- --------
+Group-23 aad-managed-demo DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b
+
+
+
+
+
+
+
+
+
+
+ Remove-AzureSqlServerActiveDirectoryAdministrator
+
+
+
+ Set-AzureSqlServerActiveDirectoryAdministrator
+
+
@@ -6575,7 +6609,7 @@ Switch-AzureMode –Name AzureResourceManager
Remove-AzureSqlServerActiveDirectoryAdministrator
- Removes an Azure Active Directory administrator for an Azure SQL Server in the current subscription.
+ Removes an Azure Active Directory administrator for Azure SQL Server in the current subscription.
@@ -6585,6 +6619,7 @@ Switch-AzureMode –Name AzureResourceManager
+ The Remove-AzureSqlServerActiveDirectoryAdministrator cmdlet removes an Azure Active Directory administrator for Azure SQL Server in the current subscription.
Note: This cmdlet can only be executed in Azure Resource Manager mode. To enable Azure Resource Manager mode run the following command:
Switch-AzureMode –Name AzureResourceManager
For more information, see Using Windows PowerShell with Resource Manager.
@@ -6592,6 +6627,13 @@ Switch-AzureMode –Name AzureResourceManager
Remove-AzureSqlServerActiveDirectoryAdministrator
+
+ Force
+
+ Skip confirmation message and remove the Azure SQL Server.
+
+ SwitchParameter
+
ServerName
@@ -6599,17 +6641,10 @@ Switch-AzureMode –Name AzureResourceManager
String
-
- Force
-
- Skip confirmation message and remove the Azure SQL Server Active Directory administrator.
-
- SwitchParameter
-
ResourceGroupName
- The name of the resource group that contains the Azure SQL Server Active Directory administrator to remove.
+ The name of the resource group that contains the Azure SQL Server to remove.
String
@@ -6637,26 +6672,26 @@ Switch-AzureMode –Name AzureResourceManager
-
- ServerName
+
+ Force
- The name of the Azure SQL Server to remove.
+ Skip confirmation message and remove the Azure SQL Server.
- String
+ SwitchParameter
- String
+ SwitchParameter
none
-
- Force
+
+ ServerName
- Skip confirmation message and remove the Azure SQL Server.
+ The name of the Azure SQL Server to remove.
- SwitchParameter
+ String
- SwitchParameter
+ String
none
@@ -6718,7 +6753,8 @@ Switch-AzureMode –Name AzureResourceManager
- System.String
+
+System.String
@@ -6730,7 +6766,8 @@ Switch-AzureMode –Name AzureResourceManager
- System.Object
+
+System.Object
@@ -6743,8 +6780,43 @@ Switch-AzureMode –Name AzureResourceManager
+
+ -------------------------- Code Example 1 --------------------------
+
+ PS C:\>
+
+ PS c:\> Remove-AzureSqlServerActiveDirectoryAdministrator -ResourceGroupName "Group-23" –ServerName "aad-managed-demo"
+
+ This command removes an Azure Active Directory administrator for Azure SQL Database Server "aad_managed_demo" associated with resource group "Group-23"
+
+
+
+Confirm
+Are you sure you want to remove the Azure Sql Server Active Directory Administrator on server 'aadtest'?
+[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
+
+ResourceGroupName ServerName DisplayName ObjectId
+----------------- ---------- ----------- --------
+Group-233 aad-managed-demo DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b
+
+
+
+
+
+
+
+
+
+
+ Get-AzureSqlServerActiveDirectoryAdministrator
+
+
+
+ Set-AzureSqlServerActiveDirectoryAdministrator
+
+
@@ -9264,10 +9336,20 @@ Switch-AzureMode –Name AzureResourceManager
Set
- AzureSqlServer
+ AzureSqlServerActiveDirectoryAdministrator
+ The Set-AzureSqlServerActiveDirectoryAdministrator cmdlet provisions an Azure Active Directory administrator for Azure SQL Server in the current subscription.
+ At any given time only one administrator can be provisioned
+ The following members of Azure Active Directory can be provisioned as an administrator for Azure SQL Server
+ Native members of Azure Active Directory
+ Federated members of Azure Active Directory
+ Imported members from other Azure Active Directories who are native or federated members
+ Active directory groups created as security groups
+
+ Microsoft accounts (i.e. outllok.com, hotmail.com, live.com) or other guest accounts (i.e. gmail.com, yahoo.com) are not supported as administrators
+ For manageability purpose it is recommended to provision a dedicated Azure Active Directory group as an administrator
Note: This cmdlet can only be executed in Azure Resource Manager mode. To enable Azure Resource Manager mode run the following command:
Switch-AzureMode –Name AzureResourceManager
For more information, see Using Windows PowerShell with Resource Manager.
@@ -9278,35 +9360,36 @@ Switch-AzureMode –Name AzureResourceManager
DisplayName
-
+ Diplay name of the Azure AD administrator (user or group) to be provisioned for SQL Server.
String
ObjectId
-
+ The unique object ID of the Azure AD administrator to be provisioned for SQL Server. Required if Azure AD <DisplayName> parameter is not unique.
+
Guid
ServerName
-
+ The name of the Azure SQL Server that contains the Azure Active Directory administrator you want to change.
String
ResourceGroupName
-
+ The name of the resource group that contains the Azure SQL Server with the Azure Active Directory administrator to change.
String
Profile
-
+ In-memory profile.
AzureProfile
@@ -9316,7 +9399,7 @@ Switch-AzureMode –Name AzureResourceManager
DisplayName
-
+ Diplay name of the Azure AD administrator (user or group) to be provisioned for SQL Server.
String
@@ -9328,7 +9411,8 @@ Switch-AzureMode –Name AzureResourceManager
ObjectId
-
+ The unique object ID of the Azure AD administrator to be provisioned for SQL Server. Required if Azure AD <DisplayName> parameter is not unique.
+
Guid
@@ -9340,7 +9424,7 @@ Switch-AzureMode –Name AzureResourceManager
ServerName
-
+ The name of the Azure SQL Server that contains the Azure Active Directory administrator you want to change.
String
@@ -9352,7 +9436,7 @@ Switch-AzureMode –Name AzureResourceManager
ResourceGroupName
-
+ The name of the resource group that contains the Azure SQL Server with the Azure Active Directory administrator to change.
String
@@ -9361,184 +9445,6 @@ Switch-AzureMode –Name AzureResourceManager
-
- Profile
-
-
-
- AzureProfile
-
- AzureProfile
-
-
-
-
-
-
-
-
- InputType
-
-
-
-
- System.String
-
-
-
-
-
-
- OutputType
-
-
-
-
- System.Object
-
-
-
-
-
-
-
-
- This cmdlet supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. For more information, see about_CommonParameters.
-
-
-
-
-
-
-
-
-
-
- Set-AzureSqlServerFirewallRule
-
- Updates an Azure SQL Server firewall rule.
-
-
-
-
- Set
- AzureSqlServerFirewallRule
-
-
-
- The Set-AzureSqlServerFirewallRule cmdlet updates an Azure SQL Server firewall rule.
- Note: This cmdlet can only be executed in Azure Resource Manager mode. To enable Azure Resource Manager mode run the following command:
-Switch-AzureMode –Name AzureResourceManager
- For more information, see Using Windows PowerShell with Resource Manager.
-
-
-
- Set-AzureSqlServerFirewallRule
-
- FirewallRuleName
-
- The name of the Azure SQL Server firewall rule to update.
-
- String
-
-
- StartIpAddress
-
- The new starting IP address for the firewall rule.
-
- String
-
-
- EndIpAddress
-
- The new ending IP address for this rule.
-
- String
-
-
- ServerName
-
- The name of the Azure SQL Server that contains the firewall rule you want to change.
-
- String
-
-
- ResourceGroupName
-
- The name of the resource group that contains the Azure SQL Server with the firewall rule to change.
-
- String
-
-
- Profile
-
- In-memory profile.
-
- AzureProfile
-
-
-
-
-
- FirewallRuleName
-
- The name of the Azure SQL Server firewall rule to update.
-
- String
-
- String
-
-
- none
-
-
- StartIpAddress
-
- The new starting IP address for the firewall rule.
-
- String
-
- String
-
-
- none
-
-
- EndIpAddress
-
- The new ending IP address for this rule.
-
- String
-
- String
-
-
- none
-
-
- ServerName
-
- The name of the Azure SQL Server that contains the firewall rule you want to change.
-
- String
-
- String
-
-
- none
-
-
- ResourceGroupName
-
- The name of the resource group that contains the Azure SQL Server with the firewall rule to change.
-
- String
-
- String
-
-
- none
-
Profile
@@ -9549,7 +9455,7 @@ Switch-AzureMode –Name AzureResourceManager
AzureProfile
- none
+
@@ -9560,7 +9466,8 @@ Switch-AzureMode –Name AzureResourceManager
- System.String
+
+System.String
@@ -9572,7 +9479,8 @@ Switch-AzureMode –Name AzureResourceManager
- System.Object
+
+System.Object
@@ -9586,16 +9494,66 @@ Switch-AzureMode –Name AzureResourceManager
- -------------------------- Code Example --------------------------
+ -------------------------- Code Example 1 --------------------------
+
+ PS C:\>
+
+ PS C:\>Set-AzureSqlServerActiveDirectoryAdministrator –ResourceGroupName "Group-23" –ServerName "aad-managed-demo" –DisplayName "DBAs"
+
+ This command provisions an Azure Active Directory administrator group “DBAs” for Azure SQL Database Server “aad-managed-demo” associated with resource group "Group-23"
+
+
+
+ResourceGroupName ServerName DisplayName ObjectId
+----------------- ---------- ----------- --------
+Group-23 aad-managed-demo DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b
+
+
+
+
+
+
+
+
+
+
+ -------------------------- Code Example 2 --------------------------
PS C:\>
- PS C:\>Set-AzureSqlServerFirewallRule
+ PS C:\>Set-AzureSqlServerActiveDirectoryAdministrator –ResourceGroupName "Group-23" –ServerName "aad-managed-demo" –DisplayName "Bob Johns"
+ This command provisions an Azure Active Directory user "Bob Johns" as an administrator for Azure SQL Database Server “aad-managed-demo” associated with resource group "Group-23"
+
+ResourceGroupName ServerName DisplayName ObjectId
+----------------- ---------- ----------- --------
+Group-23 aad-managed-demo Bob Johns 11E95548-B179-4FE1-9AF4-ACA49D13ABB9
+
+
+
+
+
+
+
+
+
+
+ -------------------------- Code Example 3 --------------------------
+
+ PS C:\>
+
+ PS c:\>Set-AzureSqlServerActiveDirectoryAdministrator –ResourceGroupName "Group-23" –ServerName "aad-managed-demo" –DisplayName "DBAs" –ObjectId "40b79501-b343-44ed-9ce7-da4c8cc7353b"
+
+ This command provisions an Azure Active Directory administrator group “DBAs” for Azure SQL Database Server “aad-managed-demo” associated with resource group "Group-23". To enforce <DisplayName> uniqueness, an optional parameter <–ObjectId > "40b79501-b343-44ed-9ce7-da4c8cc7353b" representing Azure AD ObjectID for the DBAs group is included
-
+
+ PS c:\>Set-AzureSqlServerActiveDirectoryAdministrator –ResourceGroupName "Group-23" –ServerName "aad-managed-demo" –DisplayName "DBAs" –ObjectId "40b79501-b343-44ed-9ce7-da4c8cc7353b"
+
+ResourceGroupName ServerName DisplayName ObjectId
+----------------- ---------- ----------- --------
+Group-23 aad-managed-demo DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b
@@ -9608,19 +9566,11 @@ Switch-AzureMode –Name AzureResourceManager
- Azure_SqlDatabase
-
-
-
- Get-AzureSqlServerFirewallRule
+ Get-AzureSqlServerActiveDirectoryAdministrator
- New-AzureSqlServerFirewallRule
-
-
-
- Remove-AzureSqlServerFirewallRule
+ Remove-AzureSqlServerActiveDirectoryAdministrator
diff --git a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs
index 8833ba027e43..8f8748c4718b 100644
--- a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs
+++ b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.Designer.cs
@@ -61,7 +61,7 @@ internal Resources() {
}
///
- /// Looks up a localized string similar to More than one Active Directory group with the display name '{0}' was found. Please provide an object id to select the correct group..
+ /// Looks up a localized string similar to More than one Active Directory group with the display name '{0}' was found. Please provide an Azure Active Directory object id to select the correct group. To get the object id use Get-AzureADGroup -SearchString "{0}".
///
internal static string ADGroupMoreThanOneFound {
get {
@@ -70,7 +70,7 @@ internal static string ADGroupMoreThanOneFound {
}
///
- /// Looks up a localized string similar to Cannot find the Azure Active Directory object '{0}'. Please make sure that the user or application service principal you are authorizing is registered in the current subscription's Azure Active directory..
+ /// Looks up a localized string similar to Cannot find the Azure Active Directory object '{0}'. Please make sure that the user or group you are authorizing is registered in the current subscription's Azure Active directory. To get a list of Azure Active Directory groups use Get-AzureADGroup, or to get a list of Azure Active Directory users use Get-AzureADUser..
///
internal static string ADObjectNotFound {
get {
@@ -79,7 +79,7 @@ internal static string ADObjectNotFound {
}
///
- /// Looks up a localized string similar to More than one Azure Active Directory user with the display name '{0}' was found. Please provide an object id to select the correct user..
+ /// Looks up a localized string similar to More than one Azure Active Directory user with the display name '{0}' was found. Please provide an Azure Active Directory object id to select the correct user. To get the object id use Get-AzureADUser -SearchString "{0}".
///
internal static string ADUserMoreThanOneFound {
get {
@@ -177,6 +177,15 @@ internal static string EnterUserId {
}
}
+ ///
+ /// Looks up a localized string similar to The Active Directory Group '{0}' is not security enabled. Only Azure Active Directory Security Enabled Groups are supported..
+ ///
+ internal static string InvalidADGroupNotSecurity {
+ get {
+ return ResourceManager.GetString("InvalidADGroupNotSecurity", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to Cannot use the '{0}' option with other event types..
///
@@ -186,6 +195,15 @@ internal static string InvalidEventTypeSet {
}
}
+ ///
+ /// Looks up a localized string similar to Please use Set-AzureEnvironment to set a valid GraphEndpoint in the AzureEnvironment. .
+ ///
+ internal static string InvalidGraphEndpoint {
+ get {
+ return ResourceManager.GetString("InvalidGraphEndpoint", resourceCulture);
+ }
+ }
+
///
/// Looks up a localized string similar to Cannot use audit table retention without specifying TableIdentifier. You may want to use '{0}'..
///
diff --git a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx
index 62ed6c78604c..4206ff9e5601 100644
--- a/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx
+++ b/src/ResourceManager/Sql/Commands.Sql/Properties/Resources.resx
@@ -232,13 +232,13 @@
Auditing cannot be enabled . Upgrade to Basic, Standard or Premium Service Tier to enable auditing on your database(s)
- More than one Active Directory group with the display name '{0}' was found. Please provide an object id to select the correct group.
+ More than one Active Directory group with the display name '{0}' was found. Please provide an Azure Active Directory object id to select the correct group. To get the object id use Get-AzureADGroup -SearchString "{0}"
- Cannot find the Azure Active Directory object '{0}'. Please make sure that the user or application service principal you are authorizing is registered in the current subscription's Azure Active directory.
+ Cannot find the Azure Active Directory object '{0}'. Please make sure that the user or group you are authorizing is registered in the current subscription's Azure Active directory. To get a list of Azure Active Directory groups use Get-AzureADGroup, or to get a list of Azure Active Directory users use Get-AzureADUser.
- More than one Azure Active Directory user with the display name '{0}' was found. Please provide an object id to select the correct user.
+ More than one Azure Active Directory user with the display name '{0}' was found. Please provide an Azure Active Directory object id to select the correct user. To get the object id use Get-AzureADUser -SearchString "{0}"
Please set a valid tenant id in the AzureEnvironment.
@@ -249,4 +249,10 @@
Are you sure you want to remove the Azure Sql Server Active Directory Administrator on server '{0}'?
+
+ The Active Directory Group '{0}' is not security enabled. Only Azure Active Directory Security Enabled Groups are supported.
+
+
+ Please use Set-AzureEnvironment to set a valid GraphEndpoint for the current AzureEnvironment.
+
\ No newline at end of file
diff --git a/src/ResourceManager/Sql/Commands.Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs b/src/ResourceManager/Sql/Commands.Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs
index ee7dabb2dd61..500a365733d5 100644
--- a/src/ResourceManager/Sql/Commands.Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs
+++ b/src/ResourceManager/Sql/Commands.Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs
@@ -65,6 +65,10 @@ public MicrosoftAzureCommandsResourcesModelsActiveDirectory.ActiveDirectoryClien
{
if (_activeDirectoryClient == null)
{
+ if (!Profile.Context.Environment.IsEndpointSet(AzureEnvironment.Endpoint.Graph))
+ {
+ throw new ArgumentException(string.Format(Resources.InvalidGraphEndpoint));
+ }
_activeDirectoryClient = new MicrosoftAzureCommandsResourcesModelsActiveDirectory.ActiveDirectoryClient(Profile.Context);
}
return this._activeDirectoryClient;
@@ -192,6 +196,13 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat
{
// Only one group was found. Get the group display name and object id
var group = groupList.First();
+
+ // Only support Security Groups
+ if (group.SecurityEnabled.HasValue && !group.SecurityEnabled.Value)
+ {
+ throw new ArgumentException(string.Format(Resources.InvalidADGroupNotSecurity, displayName));
+ }
+
return new ServerAdministratorCreateOrUpdateProperties()
{
Login = group.DisplayName,
@@ -211,6 +222,20 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat
// Get a list of user from Azure Active Directory
var userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.DisplayName, displayName, StringComparison.OrdinalIgnoreCase));
+ // No user was found. Check if the display name is a UPN
+ if (userList == null || userList.Count() == 0)
+ {
+ // Check if the display name is the UPN
+ filter = new MicrosoftAzureCommandsResourcesModelsActiveDirectory.ADObjectFilterOptions()
+ {
+ Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null,
+ UPN = displayName,
+ Paging = true,
+ };
+
+ userList = ActiveDirectoryClient.FilterUsers(filter).Where(gr => string.Equals(gr.UserPrincipalName, displayName, StringComparison.OrdinalIgnoreCase));
+ }
+
// No user was found
if (userList == null || userList.Count() == 0)
{
@@ -228,7 +253,7 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat
return new ServerAdministratorCreateOrUpdateProperties()
{
- Login = obj.DisplayName,
+ Login = displayName,
Sid = obj.Id,
TenantId = tenantId,
};
@@ -243,8 +268,6 @@ protected Guid GetTenantId()
{
var tenantIdStr =
Profile.Context.Subscription.GetPropertyAsArray(AzureSubscription.Property.Tenants).FirstOrDefault();
- string adTenant = Profile.Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.AdTenant);
- string graph = Profile.Context.Environment.GetEndpoint(AzureEnvironment.Endpoint.Graph);
var tenantIdGuid = Guid.Empty;
if (string.IsNullOrWhiteSpace(tenantIdStr) || !Guid.TryParse(tenantIdStr, out tenantIdGuid))