On premises migration to Azure Managed Instance - link AAD login to db user

  • angel.gray

    SSC Veteran

    Points: 202

    I am migrating an on premises SQL Server to Azure Managed Instance however having problems with changing the existing Windows groups database users to be Azure AD groups. I can manually add them by dropping users and recreating them but worried this will miss out some permissions as they are quite complex.

    Reading an article on here it says:

    One of the key things to understand with Azure SQL Managed Instances is that if you are leveraging AAD for authentication then the SID for the server level login will not be the same as on-premises. This will be a consideration when you are migrating your database and users from on-premises to Azure SQL Managed Instance. Just like any database migration where SQL Authentication is used, you will need to handle the mismatch in SID between the database user and Instance Login.

    This means that you may have to use ALTER USER to link the AAD login to the database user. Which in effect will link the database user to the server login.

     

    Any ideas how to do this as this is as much as the article says? I don't know why I'm finding this so difficult 🙁

  • angel.gray

    SSC Veteran

    Points: 202

    For info, I have finally spoken to Microsoft about this and the article I mentioned in my post is incorrect. There is no way to link the Azure AD logins to a Windows group database user or to convert the group to AAD. Your only option is to drop all users/schemas and recreate all the permissions. 🙁

  • oogibah

    Say Hey Kid

    Points: 673

    Thanks for the follow up.. silver lining I guess... great for AD cleanup

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply