无法将Active Directory用户添加到Azure SQL [英] Unable to add Active Directory User to Azure SQL

问题描述

大家好，

我试图使用以下查询将Active Directory用户添加到Azure Sql数据库中

I was trying to add Active Directory User into Azure Sql database with below query

" CREATE USER [EMAIL @ DOMAINNAME]来自EXTERNAL PROVIDER"。 

"CREATE USER [EMAIL@DOMAINNAME] FROM EXTERNAL PROVIDER". 

单程：

 为此，我们需要SQL Active Directory密码身份验证连接字符串授权，它从本地.Net应用程序（控制台/ Web）工作正常。如果我们在Azure应用服务中托管它们并尝试使用相同的代码，则会收到以下错误

 For this we require SQL Active Directory Password Authentication connection string mandate, It is working fine from on-premises .Net Applications(Console/web). If we host them in Azure app service and try with same code, will be getting the below error

"一个或多个错误发布"。   ;

第二种方式：

我们将托管服务标识设置为我的Azure功能应用，试图生成用于添加AD用户的AD令牌。收到以下错误。

We turned on Managed Service Identity to my Azure Function App, and tried to generate AD token used it for Adding AD User. Getting following error.

" principal' [EMAIL @ DOMAINNAME]   '在此无法找到时间。请稍后再试"。

"principal '[EMAIL@DOMAINNAME] ' could not be found at this time. Please try again later".

我从谷歌获得此链接并遇到一些文章并尝试如下， 

I got this link from Google and came across some article and tried like below, 

创建用户[name_emaildomain＃ EXT#@yourcompany.onmicrosoft.com]来自外部提供商

问题仍然存在，任何人都可以请帮帮我？

Still the issue was same, can anyone please help me out?

快速回复将不胜感激。

提前感谢

Chandrasekhar.V

Chandrasekhar.V

推荐答案

你好Chandrasekhar，

Hi Chandrasekhar,

我认为您的问题与网络相关，但需要澄清的是，当您说"我 t从内部部署工作正常时。"整个解决方案是在内部部署的吗？或者，应用程序是内部托管的，并且能够通过AAD身份验证与
Azure SQL数据库连接？如果我正确地解释您的帖子，听起来在两种情况下都在Azure中托管SQL数据库。内部部署托管应用程序可以与AAD托管标识连接，但是当应用程序托管在Azure中时，
不能 使用相同的托管标识连接SQL数据库。

I think your issue is networking related but need to clarify when you say that, "It is working fine from on-premises." The entire solution is deployed on-premise? Or the application is hosted on-premise and is able to connect with Azure SQL Database via AAD authentication? If I interpret your post correctly, it sounds like the SQL Database is hosted in Azure in both cases. The on-premise hosted application can connect with AAD managed identity but when the application is hosted in Azure, it cannot connect with the SQL Database with the same managed identity. 

Azure SQL Server防火墙设置中有"允许访问Azure服务"的配置设置。需要启用。这是为了允许从App Service到Azure SQL实例的连接。如果未启用此功能，则需要
将SQL Server防火墙中的App Server的IP地址列入白名单。 

There is a configuration setting in the Azure SQL Server firewall settings for "Allow Access to Azure services" that needs to be enabled. This is to allow connections from the App Service to the Azure SQL instance. If this is not enabled, you will need to whitelist the IP address of the App Server in the SQL Server firewall. 

如果这不是网络问题，可以请查看以下文档：  配置和管理Azure Active
使用SQL进行目录身份验证

If this is not a networking issue, can you please review the following document: Configure and manage Azure Active Directory authentication with SQL

以上是使用Azure SQL Server为单实例，弹性池，数据仓库和托管实例配置AAD身份验证的整个过程。请注意，配置过程对于托管实例是唯一的。

这篇关于无法将Active Directory用户添加到Azure SQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！