April 17, 2019 at 2:22 pm
I am migrating an on premises SQL Server to Azure Managed Instance however having problems with changing the existing Windows groups database users to be Azure AD groups. I can manually add them by dropping users and recreating them but worried this will miss out some permissions as they are quite complex.
Reading an article on here it says:
One of the key things to understand with Azure SQL Managed Instances is that if you are leveraging AAD for authentication then the SID for the server level login will not be the same as on-premises. This will be a consideration when you are migrating your database and users from on-premises to Azure SQL Managed Instance. Just like any database migration where SQL Authentication is used, you will need to handle the mismatch in SID between the database user and Instance Login.
This means that you may have to use ALTER USER to link the AAD login to the database user. Which in effect will link the database user to the server login.
Any ideas how to do this as this is as much as the article says? I don't know why I'm finding this so difficult 🙁
May 2, 2019 at 1:24 pm
For info, I have finally spoken to Microsoft about this and the article I mentioned in my post is incorrect. There is no way to link the Azure AD logins to a Windows group database user or to convert the group to AAD. Your only option is to drop all users/schemas and recreate all the permissions. 🙁
May 7, 2019 at 9:30 pm
Thanks for the follow up.. silver lining I guess... great for AD cleanup
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply