Question

pdextercj on Wed, 06 Dec 2017 16:39:07


I'm having trouble adding users and groups to my database for permissions. I have configured the Active Directory admin account and configured on the Azure portal.  I can now connect to the database using this account.

When I try to create/add a new user or group from Active Directory I get the following message:

Principal 'exampleuser@domain.co.uk' could not be created. Only connections established with Active Directory accounts can create other Active Directory users.

I am confused as I have connected to the DB using SQL mgmt studio with an AD account.  Can someone assist?


Sponsored



Replies

Alberto Morillo on Wed, 06 Dec 2017 19:32:20


Hello,

Usually users receive that error when they try to add Azure Active Directory (AAD) users to Azure SQL Database while being authenticated with SQL Authentication, but you mentioned you are connected using an AAD that you already configure it as Azure SQL Administrator on Azure portal. Please confirm that.

Have you changed the default password for the AAD user you created as Azure SQL Administrator? Could you please try to reset its password, connect again to Azure SQL Database using that account and using SSMS, and then proceed to the create an AAD user as SQL Azure Database user again. Please see sample statement below:


CREATE USER [jgonzales@dani671hotmail.onmicrosoft.com] FROM EXTERNAL PROVIDER;


Hope this helps.



Regards,

Alberto Morillo
SQLCoffee.com




pdextercj on Thu, 07 Dec 2017 09:49:57


Hi,

Thanks for the response.  The command you mentioned above was something I had already tried yesterday when logged in with the AD admin account I configured on the Azure Portal.

Out of interest I have connected this morning with the same account and ran the exact same query and it has worked.  The user is now added to my database - very strange.
I am finding more and more that when working with Azure services sometimes all you need to do is wait a while if you find something is not working. 

Thanks for your advice.

Paul

Mirek Sztajno MS SQL PM on Fri, 08 Dec 2017 21:53:36


Please connect to the database as AAD SQL admin and try this operation again