通过 ARM 模板将 Active Directory 管理员分配给 Azure SQL 实例
Assigning an Active Directory Administrator to an Azure SQL instance through ARM Templates
是否可以将 Active Directory 管理员分配给 ARM 资源模板中的 Azure SQL 实例?我正在尝试自动部署数据库服务器,但我似乎只能指定本地服务器管理凭据。
"properties": {
"administratorLogin": "[parameters('databaseAdministratorLogin')]",
"administratorLoginPassword": "[parameters('databaseAdministratorPassword')]",
"version": "12.0"
},
除此之外,我似乎没有任何地方可以指定特定的 Azure AD 管理员。
Microsoft 联系我并提供了一个示例资源模板来完成此任务:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"SQL Administrator Login": {
"type": "String"
},
"SQL Administrator Password": {
"type": "SecureString"
},
"AAD Admin Login": {
"type": "String"
},
"AAD Admin ObjectID": {
"type": "String"
},
"AAD TenantId": {
"type": "String"
},
"Location (Region)": {
"type": "String"
},
"Server Name": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Sql/servers",
"name": "[parameters('Server Name')]",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorLogin": "[parameters('SQL Administrator Login')]",
"administratorLoginPassword": "[parameters('SQL Administrator Password')]",
"version": "12.0"
},
"resources": [
{
"type": "firewallrules",
"name": "AllowAllWindowsAzureIps",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
},
{
"type": "administrators",
"name": "activeDirectory",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('AAD Admin Login')]",
"sid": "[parameters('AAD Admin ObjectID')]",
"tenantId": "[parameters('AAD TenantID')]"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
}
]
}
]
}
修改:
由于:
,以上内容不会 运行
CloudException:部署模板验证失败:'第 168 行和第 9 列的类型 'Microsoft.Sql/servers/administrators' 的模板资源 'activeDirectory' 的段长度不正确。 嵌套资源类型的段数必须与其资源名称相同。根资源类型的段长度必须比其资源名称大一。请参阅 https://aka.ms/arm-template/#resources 了解使用详情。'.
{
"type": "Microsoft.Sql/servers/administrators",
"name": "[concat(parameters('servers_tbg_backoffice_name'), '/', 'activeDirectory' )]",
"apiVersion": "2014-04-01-preview",
//"location": "[parameters('Location (Region)')]",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('AAD Admin Login')]",
"sid": "[parameters('AAD Admin ObjectID')]",
"tenantId": "[parameters('AAD TenantID')]"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('servers_tbg_backoffice_name'))]"
]
},
是否可以将 Active Directory 管理员分配给 ARM 资源模板中的 Azure SQL 实例?我正在尝试自动部署数据库服务器,但我似乎只能指定本地服务器管理凭据。
"properties": {
"administratorLogin": "[parameters('databaseAdministratorLogin')]",
"administratorLoginPassword": "[parameters('databaseAdministratorPassword')]",
"version": "12.0"
},
除此之外,我似乎没有任何地方可以指定特定的 Azure AD 管理员。
Microsoft 联系我并提供了一个示例资源模板来完成此任务:
{
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"SQL Administrator Login": {
"type": "String"
},
"SQL Administrator Password": {
"type": "SecureString"
},
"AAD Admin Login": {
"type": "String"
},
"AAD Admin ObjectID": {
"type": "String"
},
"AAD TenantId": {
"type": "String"
},
"Location (Region)": {
"type": "String"
},
"Server Name": {
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Sql/servers",
"name": "[parameters('Server Name')]",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorLogin": "[parameters('SQL Administrator Login')]",
"administratorLoginPassword": "[parameters('SQL Administrator Password')]",
"version": "12.0"
},
"resources": [
{
"type": "firewallrules",
"name": "AllowAllWindowsAzureIps",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"endIpAddress": "0.0.0.0",
"startIpAddress": "0.0.0.0"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
},
{
"type": "administrators",
"name": "activeDirectory",
"apiVersion": "2014-04-01-preview",
"location": "[parameters('Location (Region)')]",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('AAD Admin Login')]",
"sid": "[parameters('AAD Admin ObjectID')]",
"tenantId": "[parameters('AAD TenantID')]"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('Server Name'))]"
]
}
]
}
]
}
修改: 由于:
,以上内容不会 运行CloudException:部署模板验证失败:'第 168 行和第 9 列的类型 'Microsoft.Sql/servers/administrators' 的模板资源 'activeDirectory' 的段长度不正确。 嵌套资源类型的段数必须与其资源名称相同。根资源类型的段长度必须比其资源名称大一。请参阅 https://aka.ms/arm-template/#resources 了解使用详情。'.
{
"type": "Microsoft.Sql/servers/administrators",
"name": "[concat(parameters('servers_tbg_backoffice_name'), '/', 'activeDirectory' )]",
"apiVersion": "2014-04-01-preview",
//"location": "[parameters('Location (Region)')]",
"properties": {
"administratorType": "ActiveDirectory",
"login": "[parameters('AAD Admin Login')]",
"sid": "[parameters('AAD Admin ObjectID')]",
"tenantId": "[parameters('AAD TenantID')]"
},
"dependsOn": [
"[concat('Microsoft.Sql/servers/', parameters('servers_tbg_backoffice_name'))]"
]
},