I have been able to set up an active directory login for my Azure database.
Now I want to add additional active directory logins and set their permissions
I understand that I need to use Management Studio to do this and have installed SSMS v17.8.1
I have been studying docs but I can't find the instructions
[Update]
After reading Conor's answer I was able to create the user
CREATE USER [jobuser#mydomain] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA=[dbo]
However if I try to login using MSSMS with Active Directory - Password authentication I get
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' (MIcrosoft SQL Server, Error 18456)
[Update]
In the Connection Properties Tab
I had to overtype with the database name
That particular page only shows an example using a SQL login/user, so I can understand why you are confused.
Please read through this page:
https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-2017
Specifically, you want to create a user using the AS EXTERNAL PROVIDER example. This tells SQL Azure (and SQL DW) to use Azure Active Directory instead of creating a SQL user. Please note that this does not (as of today) work in SQL Server. (SQL Server supports integrated authentication against a local Active Directory, but it just does not currently support the Azure Active Directory service).
Also, there is no specific requirement that you use SSMS to do this step. You can do it within SSMS, SQL Operation Studio, through one of the SQL client drivers in a program you write (or some third party program that can invoke SQL over them), sqlcmd, etc. You don't even need to have the latest SSMS to make things work (though it is recommend to get the best experience against SQL Azure including syntax highlighting).
Please give that a try and see if it gets you unblocked.
Best of Luck!
Related
I am trying to deploy my SQL Server project into another database using Execute Azure SQL Tak:Dacpactask in VSTS. But I am getting a error that can't find the user that was in Source Database. I am using Admin credentials to deploy the scripts in target environment, But it shows that the source user is not available in target environment. Since user and logins are database specific, I don't want to make any changes in the users and logins. I want it to remain same. I have attached error in below link.
[Error that I recieved during deployment]
[1]: https://i.stack.imgur.com/IdrsD.jpg. Please let me know how to solve . I have added below Additional SQL Package.exe arguments,
/p:DropObjectsNotInSource=False/p:DropObjectsNotInSource=True /p:ExcludeObjectTypes=Users;Logins;RoleMembership;Permissions
Do we need to provide any delimiter for multiple arguments?
The Plan
Have HR personnel dump an Excel file of payroll Job Titles to a network share, add that file as a Linked Server in SSMS, use those titles in my ASP.Net web forms. Using a Linked Server instead of importing data to allow HR to update the Job Titles file at their discretion.
The Problem
I can create the Linked Server and query it without issue, so long as I'm in SSMS with Windows Authentication. But, if I try to access the linked server using a SQL account, I first get the error:
Access to the remote server is denied because no login-mapping exists (Error 7416)
The SQL account being used is the same account my web forms use for everything else. The fact that this SQL account doesn't have file permissions isn't surprising though, so an adjustment to the Linked Server's security should do the trick.
The Problem (part 2)
To reduce the number of variables, I moved the Excel file so it's on the same machine as my SQL Server. I'm logged into the machine and logged into SSMS with my domain admin account.
I access the Linked Server's security tab and, to try and cast the widest net possible, I leave the local login (top part) blank and head straight to "Be made with this security context:" and proceed to provide my domain admin credentials. I hit OK, and I get the following:
Not a valid account name or password (Error 7399)
I know the account name and password are good, so what gives?
Other Things
Folks who've ran into similar things have been instructed to change the logon account being used for the SQL Server service, which I've done using my domain admin account (for troubleshooting, atm). This did not fix the problem.
This is what the Linked Server code looks like, although I created it via the GUI (included for sake of completeness):
EXEC master.dbo.sp_addlinkedserver #server = N'ADP_TITLES', #srvproduct=N'', #provider=N'Microsoft.ACE.OLEDB.12.0', #datasrc=N'C:\JOB_TITLE_EXPORT.xlsx', #provstr=N'Excel 12.0 Xml'
EXEC master.dbo.sp_addlinkedsrvlogin #rmtsrvname=N'ADP_TITLES',#useself=N'False',#locallogin=NULL,#rmtuser=N'DOMAIN\username',#rmtpassword='########'
The solution appears to be entering "admin" for the remote login, and leave the password blank.
This only works, however, if the file is stored locally. If it's on the network, I still get a 7399 error, but instead of saying the issue is the account name/password, it now says the issue is unspecified.
I can make my project work with a local file though. Since I'll be moving forward with that, I have no need to solicit additional answers.
Question
Sign in to vote
0
Sign in to vote
VS2013 Community html project, SQL2014 Standard db
Does anyone have a good walkthrough of deploying with an intrinsic db? Deployment with external db works fine, but not with intrinsic.
F5 build works fine on localhost with external or intrinsic db, server deploy to IIS/SQL works fine with external db... just not with intrinsic db...
None of the docs I have found are real detailed about how to setup sql server to handle the intrinsic deployment.
Created the sql project, selected that in LS app properties. Do I create a DB on the SQL server or does LS do that? The Publish dialog on the database step says the admin account will be used to "create and update" the db. Have tried sql admin account with and without specifying a target db. Can the user account be the same as the admin account? Tried that both ways.
Moved from RDS to a fully managed SQL instance and now works. – user5050939 just now edit delete
I'm getting nothing but this error TF246017 I'm not able to access TFS as admin or domain user
While accessing administration console, showing the error TF246017
Domain users getting TF31001 where the server returns TF246017
TFS was working fine with SQL Server 2008. And now we have also installed SQL server 2012 in the same machine.( I believe it doesn't connected anyway to tfs server)
But, even after uninstalling SQL 2012, it displays the same error
In application tier/ database tier, getting error as Error retrieving value.
Unable to access http://xxxxxxx:8080/tfs displays same error TF246017
And also, im unable to locate the sql express database to take the backup.
How to resolve this issue?
Note : I'm using TFS 2012 and VS2010
Login to windows server using the same windows credential user you used during SQL Server installation.
Verify or add the new windows user credential (assuming you are using different user credential to connect to TFS) to be part of sysadmin user group in SQL Server or ask your SQL Server DBA to add the user to sysadmin group.
Note: This is required because for every new TFS Team project created, TFS presents 2 option empty database or new database. To create new database the TFS admin user have to be part of SQL server sysadmin group
If TFS 2012 was installed using the same windows credential, open the TFS Admin console and add or verify the user is listed in "administration Console Users" list.
If TFS Admin console reads "You do not have permission or not administrator" or something along this line, then you need to log out and log back using the correct windows credential used for installation or use one of the TFS admin user and then add the new user credential.
Recommendation: To avoid confusion I would recommend use the same user credential for SQL Server and TFS server. Ex: "domainname/tfs" is local admin to the server, sysadmin in SQL Server DB and also admin user to TFS server.
To make like simple start of by, adding the windows user (intended to use as TFS admin) as windows administration group. Then logout and log back using the TFS admin user to install SQL Server and TFS server.
I had a similar issue branch code in my version of TFS (Azure DevOps Premise). I tracked my issue down by looking at the event viewer on the local TFS server and found that I was that I was getting the following SQL error:
DESCRIPTION: SQL Server Assertion: File: , line=951 Failed Assertion =
'IS_OFF (BUF_MINLOGGED, m_buf->bstat) || pageModifyType !=
PageModifyType_Contents || GetPagePtr ()->IsTextPage ()'. This error
may be timing-related. If the error persists after rerunning the
statement, use DBCC CHECKDB to check the database for structural
integrity, or restart the server to ensure in-memory data structures
are not corrupted.
I found the first item in the following answer solved my issue.
I simply switched my main TFS database containing my collection to FULL recovery mode and I was immediately able to proceed with my previously erroring task.
Connect to your SQL instance via SQL Server Management Studio and check if any of the TFS databases are in a "Recovery Pending" state. If so, restart your SQL instance and the state should return to normal. Worked for me!
Just find out the Team foundation application under application pool. right click and go to advance setting set the identity using the credentials used for SQL Sever or TFS Admin and done ..you can now access the TFS as earlier.
I have an issue with logging a Support user into an Application that has a SQL Server backend.
When configuring the application itself, the SQL set-up asked me to assign whether the Security to access the Application would be Windows Authentication or SQL: server Authentication, I chose Windows Authentication, and as I was using a login called
'LabUser1' I have been able to login to the application fine.
However, when I logon to the server using a different windows login, this time 'Support', SQL keeps giving me the error:
Error accessing the database DSN
Now I know the reason is because the install of SQL happened using the 'Labuser1' profile, but how can I create a script that will allow me to add the 'Support' user to the 'Allowed Logins' so that I can logon to the app server and at least open the Application? (I have seperate logins for when I see the applicatiojn login window, so please don't confuse the matter by thinking it is a simple case of creating a login for Support....I am talking about logging into the server)
The current batch file I am trying to run is:
sqlcmd -S localhost\OCDBB01 -i createSupportlogin.sql
Then I run this batch file after having created the following SQL script:
CREATE LOGIN OCDMW1\Support FROM WINDOWS
GO
Your description of the situation is a bit confusing to me however it appears that the "SQL setup" that is part of the application configuration created a ODBC DSN that uses the credentials of person logging into the machine as the login for SQL Server.
Simply creating a new (correct) login to the SQL instance may not resolve this issue since that does nothing to modify the DSN. If you are tied to using Window Authentication for SQL access it might be necessary to create multiple DSNs for the application to use and find a way to have the correct DSN associated to the right login for the application to use.