Invoke-Sqlcmd with AAD authentication Invoke-Sqlcmd with AAD authentication powershell powershell

Invoke-Sqlcmd with AAD authentication


powershell azure-devops azure-active-directory azure-sql-database azure-powershell

Oil - Understood.

Try something like this example, just tweak for your needs...

$Creds = Get-Credential -Credential 'username@domainname.onmicrosoft.com'$Username = $($Creds.GetNetworkCredential().UserName)$Password = $($Creds.GetNetworkCredential().Password)$Database = "testg"$Server = 'test.database.windows.net'$Port = 1433$cxnString = "Server=tcp:$Server,$Port;Database=$Database;Authentication=Active Directory Password;UID=$UserName;PWD=$Password;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;"$query = "select count(*) from dbo.Authors"$cxn = New-Object System.Data.SqlClient.SqlConnection($cxnString)$cxn.Open()$cmd = New-Object System.Data.SqlClient.SqlCommand($query, $cxn)$cmd.CommandTimeout = 120$cmd.ExecuteNonQuery()$cxn.Close()

Update for OP

That was just an option. If you don't want the popups, you can create a secure file and pull creds from that or store creds in the Windows credential store and pull them from there. Yet, you still have to create those first.

powershell azure-devops azure-active-directory azure-sql-database azure-powershell

To authenticate with AAD, you'll need the following:

  • An Azure Service principal
  • A database where the Service Principal is either the Azure AD Administrator, or assigned to the database
  • An Azure DevOps Service Connection that uses this Service Principal

In your Azure DevOps pipeline, use an Azure PowerShell Task that uses this Service Principal. Then call the Get-AzAccessToken function to obtain a credential that you can use.

- task: AzurePowerShell@5  displayName: Azure DB Awesomeness  inputs:    azureSubscription: 'MyServiceConnection'    azurePowerShellVersion: 'LatestVerison'    scriptType: inlinescript    script: |        $token = (Get-AzAccessToken -ResourceUrl https://database.windows.net).Token        Invoke-SqlCmd -ServerInstance "$(DatabaseServer)" `                      -Database "$(Database)" `                      -AccessToken "$token" `                      -Query "<YOUR QUERY>"

The reason this works is that the AzurePowerShell@5 task obtains the service principal credentials from the service connection and then calls Connect-Az. The Get-AzAccessToken cmdlet obtains the credentials of the service principal which can be used accordingly.

powershell azure-devops azure-active-directory azure-sql-database azure-powershell

I couldn't find a way to do this with Invoke-SQLCmd, but the Module DBATools which i use primarily has a very easy method explained here (Example 8): https://docs.dbatools.io/#Connect-DbaInstance

I have been using this for a while now and have had no issues with it connecting, however, as far as i know, MFA is not supported yet.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last