From 4fd106071216c952955dd3657931bc3f972130f2 Mon Sep 17 00:00:00 2001 From: Amol Agarwal Date: Fri, 21 Feb 2020 16:57:29 -0800 Subject: [PATCH 1/6] update sql server AAD Admin to use 2019-06-01-preview API. --- src/Sql/Sql.Test/Sql.Test.csproj | 2 +- ...rActiveDirectoryAdministratorCmdletBase.cs | 2 - ...reSqlServerActiveDirectoryAdministrator.cs | 36 ++++++++++++---- ...ServerActiveDirectoryAdministratorModel.cs | 5 +++ ...rverActiveDirectoryAdministratorAdapter.cs | 41 +++++++++++-------- ...ctiveDirectoryAdministratorCommunicator.cs | 23 +++++------ src/Sql/Sql/Sql.csproj | 2 +- 7 files changed, 70 insertions(+), 41 deletions(-) diff --git a/src/Sql/Sql.Test/Sql.Test.csproj b/src/Sql/Sql.Test/Sql.Test.csproj index 236524fa864e..aeb51e0b4de0 100644 --- a/src/Sql/Sql.Test/Sql.Test.csproj +++ b/src/Sql/Sql.Test/Sql.Test.csproj @@ -19,7 +19,7 @@ - + diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/AzureSqlServerActiveDirectoryAdministratorCmdletBase.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/AzureSqlServerActiveDirectoryAdministratorCmdletBase.cs index 4dba4ca7e271..8f6a4e2ec262 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/AzureSqlServerActiveDirectoryAdministratorCmdletBase.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/AzureSqlServerActiveDirectoryAdministratorCmdletBase.cs @@ -12,8 +12,6 @@ // limitations under the License. // ---------------------------------------------------------------------------------- -using Microsoft.Azure.Commands.Common.Authentication.Abstractions; -using Microsoft.Azure.Commands.Common.Authentication.Models; using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters; using Microsoft.Azure.Commands.Sql.Common; using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model; diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/SetAzureSqlServerActiveDirectoryAdministrator.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/SetAzureSqlServerActiveDirectoryAdministrator.cs index 509f6d01bcb9..cc27e2a6b619 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/SetAzureSqlServerActiveDirectoryAdministrator.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Cmdlet/SetAzureSqlServerActiveDirectoryAdministrator.cs @@ -11,9 +11,8 @@ // See the License for the specific language governing permissions and // limitations under the License. // ---------------------------------------------------------------------------------- - -using Hyak.Common; using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model; +using Microsoft.Rest.Azure; using System; using System.Collections.Generic; using System.Linq; @@ -24,7 +23,7 @@ namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Cmdlet /// /// Cmdlet to create a new Azure SQL Server Active Directory administrator /// - [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlServerActiveDirectoryAdministrator",ConfirmImpact = ConfirmImpact.Medium, SupportsShouldProcess = true), OutputType(typeof(AzureSqlServerActiveDirectoryAdministratorModel))] + [Cmdlet("Set", ResourceManager.Common.AzureRMConstants.AzureRMPrefix + "SqlServerActiveDirectoryAdministrator", ConfirmImpact = ConfirmImpact.Medium, SupportsShouldProcess = true), OutputType(typeof(AzureSqlServerActiveDirectoryAdministratorModel))] public class SetAzureSqlServerActiveDirectoryAdministrator : AzureSqlServerActiveDirectoryAdministratorCmdletBase { /// @@ -47,6 +46,16 @@ public class SetAzureSqlServerActiveDirectoryAdministrator : AzureSqlServerActiv [ValidateNotNullOrEmpty()] public Guid ObjectId { get; set; } + /// + /// Only Azure Active Directory authentication allowed + /// + [Parameter(Mandatory = false, + ValueFromPipelineByPropertyName = true, + Position = 4, + HelpMessage = "Specifies if only Azure Active Directory authentication is allowed.")] + [ValidateNotNullOrEmpty()] + public bool? IsAzureOnlyAuthentication { get; set; } + /// /// Get the entities from the service /// @@ -54,12 +63,16 @@ public class SetAzureSqlServerActiveDirectoryAdministrator : AzureSqlServerActiv protected override IEnumerable GetEntity() { List currentActiveDirectoryAdmins = null; + try { - currentActiveDirectoryAdmins = new List() + AzureSqlServerActiveDirectoryAdministratorModel model = ModelAdapter.GetServerActiveDirectoryAdministrator(this.ResourceGroupName, this.ServerName); + + if (model != null) { - ModelAdapter.GetServerActiveDirectoryAdministrator(this.ResourceGroupName, this.ServerName), - }; + currentActiveDirectoryAdmins = new List(); + currentActiveDirectoryAdmins.Add(model); + } } catch (CloudException ex) { @@ -69,6 +82,14 @@ protected override IEnumerable throw; } } + catch (Exception ex) + { + if ((ex.InnerException is CloudException ex1) && + ex1.Response.StatusCode != System.Net.HttpStatusCode.NotFound) + { + throw ex.InnerException ?? ex; + } + } return currentActiveDirectoryAdmins; } @@ -80,13 +101,14 @@ protected override IEnumerable /// A list of models that was passed in protected override IEnumerable ApplyUserInputToModel(IEnumerable model) { - List newEntity = new List(); + List newEntity = new List(); newEntity.Add(new AzureSqlServerActiveDirectoryAdministratorModel() { ResourceGroupName = ResourceGroupName, ServerName = ServerName, DisplayName = DisplayName, ObjectId = ObjectId, + IsAzureADOnlyAuthentication = IsAzureOnlyAuthentication, }); return newEntity; } diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Model/AzureSqlServerActiveDirectoryAdministratorModel.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Model/AzureSqlServerActiveDirectoryAdministratorModel.cs index 80efaabb8671..1d6a0a5a88e2 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Model/AzureSqlServerActiveDirectoryAdministratorModel.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Model/AzureSqlServerActiveDirectoryAdministratorModel.cs @@ -40,5 +40,10 @@ public class AzureSqlServerActiveDirectoryAdministratorModel /// Gets or sets the unique ID of the Azure SQL Server Active administrator admin object id /// public Guid ObjectId { get; set; } + + /// + /// Gets or sets the value to indicate if only Azure AD Only authentication is allowed + /// + public bool? IsAzureADOnlyAuthentication { get; set; } } } diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs index 01a515d04150..280f784222d1 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs @@ -14,8 +14,7 @@ using Microsoft.Azure.Commands.Common.Authentication.Abstractions; using Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model; -using Microsoft.Azure.Commands.Sql.Services; -using Microsoft.Azure.Management.Sql.LegacySdk.Models; +using Microsoft.Azure.Management.Sql.Models; using Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory; using System; using System.Collections.Generic; @@ -113,10 +112,7 @@ internal ICollection ListServer /// The upserted Azure SQL Server Active Directory administrator internal AzureSqlServerActiveDirectoryAdministratorModel UpsertServerActiveDirectoryAdministrator(string resourceGroup, string serverName, AzureSqlServerActiveDirectoryAdministratorModel model) { - var resp = Communicator.CreateOrUpdate(resourceGroup, serverName, new ServerAdministratorCreateOrUpdateParameters() - { - Properties = GetActiveDirectoryInformation(model.DisplayName, model.ObjectId) - }); + var resp = Communicator.CreateOrUpdate(resourceGroup, serverName, GetActiveDirectoryInformation(model.DisplayName, model.ObjectId, model.IsAzureADOnlyAuthentication)); return CreateServerActiveDirectoryAdministratorModelFromResponse(resourceGroup, serverName, resp); } @@ -138,16 +134,21 @@ public void RemoveServerActiveDirectoryAdministrator(string resourceGroupName, s /// The name of the Azure Sql ServerActiveDirectoryAdministrator Server /// The service response /// The converted model - public static AzureSqlServerActiveDirectoryAdministratorModel CreateServerActiveDirectoryAdministratorModelFromResponse(string resourceGroup, string serverName, Management.Sql.LegacySdk.Models.ServerAdministrator admin) + public static AzureSqlServerActiveDirectoryAdministratorModel CreateServerActiveDirectoryAdministratorModelFromResponse(string resourceGroup, string serverName, Management.Sql.Models.ServerAzureADAdministrator admin) { - AzureSqlServerActiveDirectoryAdministratorModel model = new AzureSqlServerActiveDirectoryAdministratorModel(); - - model.ResourceGroupName = resourceGroup; - model.ServerName = serverName; - model.DisplayName = admin.Properties.Login; - model.ObjectId = admin.Properties.Sid; + if (admin != null) + { + AzureSqlServerActiveDirectoryAdministratorModel model = new AzureSqlServerActiveDirectoryAdministratorModel(); + + model.ResourceGroupName = resourceGroup; + model.ServerName = serverName; + model.DisplayName = admin.Login; + model.ObjectId = admin.Sid; + model.IsAzureADOnlyAuthentication = admin.AzureADOnlyAuthentication; + return model; + } - return model; + return null; } /// @@ -155,8 +156,9 @@ public static AzureSqlServerActiveDirectoryAdministratorModel CreateServerActive /// /// Azure Active Directory user or group display name /// Azure Active Directory user or group object id + /// Allow only Azure Active Directory authentication /// - protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformation(string displayName, Guid objectId) + protected ServerAzureADAdministrator GetActiveDirectoryInformation(string displayName, Guid objectId, bool? isAzureADOnlyAuthentication) { // Gets the default Tenant id for the subscriptions Guid tenantId = GetTenantId(); @@ -164,7 +166,7 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat // Check for a Azure Active Directory group. Recommended to always use group. IEnumerable groupList = null; - var filter = new ADObjectFilterOptions() + var filter = new ADObjectFilterOptions() { Id = (objectId != null && objectId != Guid.Empty) ? objectId.ToString() : null, SearchString = displayName, @@ -190,11 +192,13 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat throw new ArgumentException(string.Format(Microsoft.Azure.Commands.Sql.Properties.Resources.InvalidADGroupNotSecurity, displayName)); } - return new ServerAdministratorCreateOrUpdateProperties() + + return new ServerAzureADAdministrator() { Login = group.DisplayName, Sid = group.Id, TenantId = tenantId, + AzureADOnlyAuthentication = isAzureADOnlyAuthentication, }; } @@ -238,11 +242,12 @@ protected ServerAdministratorCreateOrUpdateProperties GetActiveDirectoryInformat // Only one user was found. Get the user display name and object id var obj = userList.First(); - return new ServerAdministratorCreateOrUpdateProperties() + return new ServerAzureADAdministrator() { Login = displayName, Sid = obj.Id, TenantId = tenantId, + AzureADOnlyAuthentication = isAzureADOnlyAuthentication, }; } } diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs index 9f78a57fd735..9ae12b41a075 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs @@ -14,8 +14,9 @@ using Microsoft.Azure.Commands.Common.Authentication; using Microsoft.Azure.Commands.Common.Authentication.Abstractions; -using Microsoft.Azure.Management.Sql.LegacySdk; -using Microsoft.Azure.Management.Sql.LegacySdk.Models; +using Microsoft.Azure.Management.Sql; +using Microsoft.Azure.Management.Sql.Models; +using Microsoft.WindowsAzure.Commands.Utilities.Common; using System.Collections.Generic; namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Services @@ -68,27 +69,25 @@ public AzureSqlServerActiveDirectoryAdministratorCommunicator(IAzureContext cont /// /// Gets the Azure SQL Server Active Directory administrator /// - public Management.Sql.LegacySdk.Models.ServerAdministrator Get(string resourceGroupName, string serverName) + public Management.Sql.Models.ServerAzureADAdministrator Get(string resourceGroupName, string serverName) { - return GetCurrentSqlClient().ServerAdministrators.Get(resourceGroupName, serverName, ActiveDirectoryDefaultName).Administrator; + return GetCurrentSqlClient().ServerAzureADAdministrators.GetAsync(resourceGroupName, serverName).Result; } /// /// Lists Azure SQL Server Active Directory administrators /// - public IList List(string resourceGroupName, string serverName) + public IEnumerable List(string resourceGroupName, string serverName) { - return GetCurrentSqlClient().ServerAdministrators.List(resourceGroupName, serverName).Administrators; + return GetCurrentSqlClient().ServerAzureADAdministrators.ListByServer(resourceGroupName, serverName); } /// /// Creates or updates a Azure SQL Server Active Directory Administrator /// - public Management.Sql.LegacySdk.Models.ServerAdministrator CreateOrUpdate(string resourceGroupName, string serverName, ServerAdministratorCreateOrUpdateParameters parameters) + public Management.Sql.Models.ServerAzureADAdministrator CreateOrUpdate(string resourceGroupName, string serverName, ServerAzureADAdministrator parameters) { - // Always set the type to active directory - parameters.Properties.AdministratorType = ActiveDirectoryDefaultType; - return GetCurrentSqlClient().ServerAdministrators.CreateOrUpdate(resourceGroupName, serverName, ActiveDirectoryDefaultName, parameters).ServerAdministrator; + return GetCurrentSqlClient().ServerAzureADAdministrators.CreateOrUpdate(resourceGroupName, serverName, parameters); } /// @@ -96,7 +95,7 @@ public Management.Sql.LegacySdk.Models.ServerAdministrator CreateOrUpdate(string /// public void Remove(string resourceGroupName, string serverName) { - GetCurrentSqlClient().ServerAdministrators.Delete(resourceGroupName, serverName, ActiveDirectoryDefaultName); + GetCurrentSqlClient().ServerAzureADAdministrators.DeleteWithHttpMessagesAsync(resourceGroupName, serverName); } /// @@ -109,7 +108,7 @@ private SqlManagementClient GetCurrentSqlClient() // Get the SQL management client for the current subscription if (SqlClient == null) { - SqlClient = AzureSession.Instance.ClientFactory.CreateClient(Context, AzureEnvironment.Endpoint.ResourceManager); + SqlClient = AzureSession.Instance.ClientFactory.CreateArmClient(Context, AzureEnvironment.Endpoint.ResourceManager); } return SqlClient; } diff --git a/src/Sql/Sql/Sql.csproj b/src/Sql/Sql/Sql.csproj index f05265f9440a..80f93c27e136 100644 --- a/src/Sql/Sql/Sql.csproj +++ b/src/Sql/Sql/Sql.csproj @@ -21,7 +21,7 @@ - + From be35bf0e793c9edede8bafa4f52abc7eb6422eb2 Mon Sep 17 00:00:00 2001 From: Amol Agarwal Date: Mon, 24 Feb 2020 13:06:47 -0800 Subject: [PATCH 2/6] add Disable-AzSqlServerActiveDirectoryOnlyAuthentication cmdlet and help files. --- src/Sql/Sql/Az.Sql.psd1 | 3 +- ...rverActiveDirectoryAdministratorAdapter.cs | 13 ++ ...ctiveDirectoryAdministratorCommunicator.cs | 9 +- src/Sql/Sql/help/Az.Sql.md | 4 + ...ServerActiveDirectoryOnlyAuthentication.md | 134 ++++++++++++++++++ ...AzSqlServerActiveDirectoryAdministrator.md | 8 +- ...AzSqlServerActiveDirectoryAdministrator.md | 23 ++- 7 files changed, 186 insertions(+), 8 deletions(-) create mode 100644 src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md diff --git a/src/Sql/Sql/Az.Sql.psd1 b/src/Sql/Sql/Az.Sql.psd1 index e8a1fb6dcde3..a3eb6fe16375 100644 --- a/src/Sql/Sql/Az.Sql.psd1 +++ b/src/Sql/Sql/Az.Sql.psd1 @@ -252,7 +252,8 @@ CmdletsToExport = 'Get-AzSqlDatabaseTransparentDataEncryption', 'Enable-AzSqlDatabaseSensitivityRecommendation', 'Disable-AzSqlDatabaseSensitivityRecommendation', 'Enable-AzSqlInstanceDatabaseSensitivityRecommendation', - 'Disable-AzSqlInstanceDatabaseSensitivityRecommendation' + 'Disable-AzSqlInstanceDatabaseSensitivityRecommendation', + 'Disable-AzSqlServerActiveDirectoryOnlyAuthentication' # Variables to export from this module # VariablesToExport = @() diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs index 280f784222d1..d3dafde0de59 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorAdapter.cs @@ -127,6 +127,19 @@ public void RemoveServerActiveDirectoryAdministrator(string resourceGroupName, s Communicator.Remove(resourceGroupName, serverName); } + /// + /// Disable Azure Active Directory only authentication on a Azure SQL Server + /// + /// The name of the resource group + /// The name of the Azure Sql ServerActiveDirectoryAdministrator Server + /// The upserted Azure SQL Server Active Directory administrator + internal AzureSqlServerActiveDirectoryAdministratorModel DisableAzureADOnlyAuthenticaion(string resourceGroup, string serverName) + { + var resp = Communicator.Disable(resourceGroup, serverName); + + return CreateServerActiveDirectoryAdministratorModelFromResponse(resourceGroup, serverName, resp); + } + /// /// Converts the response from the service to a powershell database object /// diff --git a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs index 9ae12b41a075..c8c2556733c3 100644 --- a/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs +++ b/src/Sql/Sql/ServerActiveDirectoryAdministrator/Services/AzureSqlServerActiveDirectoryAdministratorCommunicator.cs @@ -16,7 +16,6 @@ using Microsoft.Azure.Commands.Common.Authentication.Abstractions; using Microsoft.Azure.Management.Sql; using Microsoft.Azure.Management.Sql.Models; -using Microsoft.WindowsAzure.Commands.Utilities.Common; using System.Collections.Generic; namespace Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Services @@ -98,6 +97,14 @@ public void Remove(string resourceGroupName, string serverName) GetCurrentSqlClient().ServerAzureADAdministrators.DeleteWithHttpMessagesAsync(resourceGroupName, serverName); } + /// + /// Disables Azure Active Directory only authentication on a Azure SQL Server + /// + public Management.Sql.Models.ServerAzureADAdministrator Disable(string resourceGroupName, string serverName) + { + return GetCurrentSqlClient().ServerAzureADAdministrators.DisableAzureADOnlyAuthenticationAsync(resourceGroupName, serverName).Result; + } + /// /// Retrieve the SQL Management client for the currently selected subscription, adding the session and request /// id tracing headers for the current cmdlet invocation. diff --git a/src/Sql/Sql/help/Az.Sql.md b/src/Sql/Sql/help/Az.Sql.md index 08179ef60b27..e933487b7851 100644 --- a/src/Sql/Sql/help/Az.Sql.md +++ b/src/Sql/Sql/help/Az.Sql.md @@ -71,6 +71,10 @@ Disables Advanced Data Security on a managed instance. ### [Disable-AzSqlInstanceDatabaseSensitivityRecommendation](Disable-AzSqlInstanceDatabaseSensitivityRecommendation) Disbles sensitivity recommendations on columns in the Azure SQL managed instance database. + +### [Disable-AzSqlServerActiveDirectoryOnlyAuthentication](Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md) +Disables Azure AD only authentication for a specific SQL Server. + ### [Disable-AzSqlServerAdvancedDataSecurity](Disable-AzSqlServerAdvancedDataSecurity.md) Disables Advanced Data Security on a server. diff --git a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md new file mode 100644 index 000000000000..a2f4d509ae7f --- /dev/null +++ b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md @@ -0,0 +1,134 @@ +--- +external help file: Microsoft.Azure.PowerShell.Cmdlets.Sql.dll-Help.xml +Module Name: Az.Sql +online version: +schema: 2.0.0 +--- + +# Disable-AzSqlServerActiveDirectoryOnlyAuthentication + +## SYNOPSIS +Disables Azure AD only authentication for a specific SQL Server. + +## SYNTAX + +``` +Disable-AzSqlServerActiveDirectoryOnlyAuthentication [-ServerName] [-ResourceGroupName] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] +``` + +## DESCRIPTION +The **Disable-AzSqlServerActiveDirectoryOnlyAuthentication** cmdlet disables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL Server in the current subscription. + +## EXAMPLES + +### Example 1: Disable Azure Active Directory only authentication for a server +``` +PS C:\>Disable-AzSqlServerActiveDirectoryOnlyAuthentication -ResourceGroupName "ResourceGroup01" -ServerName "Server01" +ResourceGroupName ServerName DisplayName ObjectId IsAzureADOnlyAuthentication +----------------- ---------- ----------- -------- ----------- +ResourceGroup01 Server01 DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b False +``` + +This command disables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL server named Server01 that is associated with a resource group named ResourceGroup01. + +## PARAMETERS + +### -DefaultProfile +The credentials, account, tenant, and subscription used for communication with Azure. + +```yaml +Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Parameter Sets: (All) +Aliases: AzContext, AzureRmContext, AzureCredential + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -ResourceGroupName +The name of the resource group. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 0 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -ServerName +The name of the Azure SQL Server the Azure Active Directory administrator is in. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: True +Position: 1 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + +### -Confirm +Prompts you for confirmation before running the cmdlet. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: cf + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### -WhatIf +Shows what would happen if the cmdlet runs. +The cmdlet is not run. + +```yaml +Type: System.Management.Automation.SwitchParameter +Parameter Sets: (All) +Aliases: wi + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + +### CommonParameters +This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216). + +## INPUTS + +### System.String + +## OUTPUTS + +### Microsoft.Azure.Commands.Sql.ServerActiveDirectoryAdministrator.Model.AzureSqlServerActiveDirectoryAdministratorModel + +## NOTES + +## RELATED LINKS + +[Remove-AzSqlServerActiveDirectoryAdministrator](./Remove-AzSqlServerActiveDirectoryAdministrator.md) + +[Set-AzSqlServerActiveDirectoryAdministrator](./Set-AzSqlServerActiveDirectoryAdministrator.md) + +[Get-AzSqlServerActiveDirectoryAdministrator](./Get-AzSqlServerActiveDirectoryAdministrator.md) + +[SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) diff --git a/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryAdministrator.md b/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryAdministrator.md index 3c7c3f6c2d05..a239884dabad 100644 --- a/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryAdministrator.md +++ b/src/Sql/Sql/help/Get-AzSqlServerActiveDirectoryAdministrator.md @@ -26,9 +26,9 @@ The **Get-AzSqlServerActiveDirectoryAdministrator** cmdlet gets information abou ### Example 1: Gets information about an administrator for a server ``` PS C:\>Get-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -ResourceGroupName ServerName DisplayName ObjectId ------------------ ---------- ----------- -------- -ResourceGroup01 Server01 DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b +ResourceGroupName ServerName DisplayName ObjectId IsAzureADOnlyAuthentication +----------------- ---------- ----------- -------- ----------- +ResourceGroup01 Server01 DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b true ``` This command gets information about an Azure AD administrator for a server named Server01 that is associated with a resource group named ResourceGroup01. @@ -130,6 +130,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable [Set-AzSqlServerActiveDirectoryAdministrator](./Set-AzSqlServerActiveDirectoryAdministrator.md) +[Disable-AzSqlServerActiveDirectoryOnlyAuthentication](./Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md) + [SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) diff --git a/src/Sql/Sql/help/Set-AzSqlServerActiveDirectoryAdministrator.md b/src/Sql/Sql/help/Set-AzSqlServerActiveDirectoryAdministrator.md index 455d0849ebc2..863db122ca17 100644 --- a/src/Sql/Sql/help/Set-AzSqlServerActiveDirectoryAdministrator.md +++ b/src/Sql/Sql/help/Set-AzSqlServerActiveDirectoryAdministrator.md @@ -14,9 +14,9 @@ Provisions an Azure AD administrator for SQL Server. ## SYNTAX ``` -Set-AzSqlServerActiveDirectoryAdministrator [-DisplayName] [[-ObjectId] ] [-ServerName] - [-ResourceGroupName] [-DefaultProfile ] [-WhatIf] [-Confirm] - [] +Set-AzSqlServerActiveDirectoryAdministrator [-DisplayName] [[-ObjectId] ] + [[-IsAzureOnlyAuthentication] ] [-ServerName] [-ResourceGroupName] + [-DefaultProfile ] [-WhatIf] [-Confirm] [] ``` ## DESCRIPTION @@ -98,6 +98,21 @@ Accept pipeline input: True (ByPropertyName) Accept wildcard characters: False ``` +### -IsAzureOnlyAuthentication +Specifies if only Azure Active Directory authentication is allowed. + +```yaml +Type: System.Nullable`1[System.Boolean] +Parameter Sets: (All) +Aliases: + +Required: False +Position: 4 +Default value: None +Accept pipeline input: True (ByPropertyName) +Accept wildcard characters: False +``` + ### -ObjectId Specifies the unique ID of the Azure AD administrator that this cmdlet provisions. If the display name is not unique, you must specify a value for this parameter. @@ -196,6 +211,8 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable [Remove-AzSqlServerActiveDirectoryAdministrator](./Remove-AzSqlServerActiveDirectoryAdministrator.md) +[Disable-AzSqlServerActiveDirectoryOnlyAuthentication](./Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md) + [SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) From d8d93722a5244cb999781055af32ca606bcde588 Mon Sep 17 00:00:00 2001 From: Amol Agarwal Date: Tue, 3 Mar 2020 09:39:11 -0800 Subject: [PATCH 3/6] regenerate the help file. --- ...AzSqlServerActiveDirectoryOnlyAuthentication.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md index a2f4d509ae7f..dc9d07e7c4c7 100644 --- a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md +++ b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md @@ -22,8 +22,8 @@ The **Disable-AzSqlServerActiveDirectoryOnlyAuthentication** cmdlet disables Azu ## EXAMPLES -### Example 1: Disable Azure Active Directory only authentication for a server -``` +### Example 1 +```powershell PS C:\>Disable-AzSqlServerActiveDirectoryOnlyAuthentication -ResourceGroupName "ResourceGroup01" -ServerName "Server01" ResourceGroupName ServerName DisplayName ObjectId IsAzureADOnlyAuthentication ----------------- ---------- ----------- -------- ----------- @@ -38,7 +38,7 @@ This command disables Azure Active Directory (Azure AD) only authentication requ The credentials, account, tenant, and subscription used for communication with Azure. ```yaml -Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer +Type: IAzureContextContainer Parameter Sets: (All) Aliases: AzContext, AzureRmContext, AzureCredential @@ -53,7 +53,7 @@ Accept wildcard characters: False The name of the resource group. ```yaml -Type: System.String +Type: String Parameter Sets: (All) Aliases: @@ -68,7 +68,7 @@ Accept wildcard characters: False The name of the Azure SQL Server the Azure Active Directory administrator is in. ```yaml -Type: System.String +Type: String Parameter Sets: (All) Aliases: @@ -83,7 +83,7 @@ Accept wildcard characters: False Prompts you for confirmation before running the cmdlet. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: cf @@ -99,7 +99,7 @@ Shows what would happen if the cmdlet runs. The cmdlet is not run. ```yaml -Type: System.Management.Automation.SwitchParameter +Type: SwitchParameter Parameter Sets: (All) Aliases: wi From d27f305d2bbb74af643679b67b4836c408296acd Mon Sep 17 00:00:00 2001 From: Amol Agarwal Date: Tue, 3 Mar 2020 10:09:29 -0800 Subject: [PATCH 4/6] regenerate blank file and see if that works. --- ...ServerActiveDirectoryOnlyAuthentication.md | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md index dc9d07e7c4c7..b4f4a022481f 100644 --- a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md +++ b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md @@ -8,7 +8,7 @@ schema: 2.0.0 # Disable-AzSqlServerActiveDirectoryOnlyAuthentication ## SYNOPSIS -Disables Azure AD only authentication for a specific SQL Server. +{{ Fill in the Synopsis }} ## SYNTAX @@ -18,19 +18,16 @@ Disable-AzSqlServerActiveDirectoryOnlyAuthentication [-ServerName] [-Re ``` ## DESCRIPTION -The **Disable-AzSqlServerActiveDirectoryOnlyAuthentication** cmdlet disables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL Server in the current subscription. +{{ Fill in the Description }} ## EXAMPLES ### Example 1 ```powershell -PS C:\>Disable-AzSqlServerActiveDirectoryOnlyAuthentication -ResourceGroupName "ResourceGroup01" -ServerName "Server01" -ResourceGroupName ServerName DisplayName ObjectId IsAzureADOnlyAuthentication ------------------ ---------- ----------- -------- ----------- -ResourceGroup01 Server01 DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b False +PS C:\> {{ Add example code here }} ``` -This command disables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL server named Server01 that is associated with a resource group named ResourceGroup01. +{{ Add example description here }} ## PARAMETERS @@ -124,11 +121,3 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS - -[Remove-AzSqlServerActiveDirectoryAdministrator](./Remove-AzSqlServerActiveDirectoryAdministrator.md) - -[Set-AzSqlServerActiveDirectoryAdministrator](./Set-AzSqlServerActiveDirectoryAdministrator.md) - -[Get-AzSqlServerActiveDirectoryAdministrator](./Get-AzSqlServerActiveDirectoryAdministrator.md) - -[SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) From cc9c7a3c97df28fb9ae64d1bfe168fbdac06605a Mon Sep 17 00:00:00 2001 From: Amol Agarwal Date: Tue, 3 Mar 2020 10:20:34 -0800 Subject: [PATCH 5/6] add online version to help file. Looks like that has become compulsory now. --- ...ServerActiveDirectoryOnlyAuthentication.md | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md index b4f4a022481f..9412b526e601 100644 --- a/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md +++ b/src/Sql/Sql/help/Disable-AzSqlServerActiveDirectoryOnlyAuthentication.md @@ -1,14 +1,14 @@ --- external help file: Microsoft.Azure.PowerShell.Cmdlets.Sql.dll-Help.xml Module Name: Az.Sql -online version: +online version: https://docs.microsoft.com/en-us/powershell/module/az.sql/disable-azsqlserveractivedirectoryonlyauthentication schema: 2.0.0 --- # Disable-AzSqlServerActiveDirectoryOnlyAuthentication ## SYNOPSIS -{{ Fill in the Synopsis }} +Disables Azure AD only authentication for a specific SQL Server. ## SYNTAX @@ -18,16 +18,19 @@ Disable-AzSqlServerActiveDirectoryOnlyAuthentication [-ServerName] [-Re ``` ## DESCRIPTION -{{ Fill in the Description }} +The **Disable-AzSqlServerActiveDirectoryOnlyAuthentication** cmdlet disables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL Server in the current subscription. ## EXAMPLES ### Example 1 ```powershell -PS C:\> {{ Add example code here }} +PS C:\>Disable-AzSqlServerActiveDirectoryOnlyAuthentication -ResourceGroupName "ResourceGroup01" -ServerName "Server01" +ResourceGroupName ServerName DisplayName ObjectId IsAzureADOnlyAuthentication +----------------- ---------- ----------- -------- ----------- +ResourceGroup01 Server01 DBAs 40b79501-b343-44ed-9ce7-da4c8cc7353b False ``` -{{ Add example description here }} +This command disables Azure Active Directory (Azure AD) only authentication requirement for an AzureSQL server named Server01 that is associated with a resource group named ResourceGroup01. ## PARAMETERS @@ -121,3 +124,11 @@ This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable ## NOTES ## RELATED LINKS + +[Remove-AzSqlServerActiveDirectoryAdministrator](./Remove-AzSqlServerActiveDirectoryAdministrator.md) + +[Set-AzSqlServerActiveDirectoryAdministrator](./Set-AzSqlServerActiveDirectoryAdministrator.md) + +[Get-AzSqlServerActiveDirectoryAdministrator](./Get-AzSqlServerActiveDirectoryAdministrator.md) + +[SQL Database Documentation](https://docs.microsoft.com/azure/sql-database/) From e4951e188dfc17f8b4d7ec4268290a4e5435b003 Mon Sep 17 00:00:00 2001 From: Amol Agarwal Date: Tue, 3 Mar 2020 11:22:06 -0800 Subject: [PATCH 6/6] update ChangeLog.md --- src/Sql/Sql/ChangeLog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Sql/Sql/ChangeLog.md b/src/Sql/Sql/ChangeLog.md index 02bae8e27c3a..e7ef1ac16453 100644 --- a/src/Sql/Sql/ChangeLog.md +++ b/src/Sql/Sql/ChangeLog.md @@ -21,6 +21,7 @@ * Added support for cross subscription point in time restore on Managed Instances. * Added support for changing existing Sql Managed Instance hardware generation * Fixed `Update-AzSqlServerVulnerabilityAssessmentSetting` help examples: parameter/property output - EmailAdmins +* Updating Azure SQL Server Active Azure administrator API to use 2019-06-01-preview api version. ## Version 2.2.0 Fix New-AzSqlDatabaseSecondary cmdlet to check for PartnerDatabaseName existence instead of DatabaseName existence.