问题
In our Azure AD, we have Security groups named with (:) in the name. So the format looks like SG:{Group Name}. When I try to add a group with (:) in the name to Azure SQL using a query below
CREATE USER [SG:Developers] FROM EXTERNAL PROVIDER;
I'm getting an error shown below
Msg 15007, Level 16, State 6, Line 1 'SG:Developers' is not a valid
login or you do not have permission.
I am able to add groups with spaces or underscores in the name, so far its just (:) causing issues.
I don't believe its permissions issue, cos I'm logged in to Azure SQL Database with Active Directory Admin credentials.
EDIT
As Alberto Morillo suggested in his answer, it could be true that (:) is the issue. But what I'm trying to understand is, why does it work without any issues when I add the same [SG:Developers] group as Active Directory Admin from Azure Portal, but doesn't work when trying to add it to any DB using a T-SQL statement. Whats the missing link?
Cross posted on MSDN Forums
回答1:
Names in Active Directory do not allow colon (:) as mentioned in this support article.
来源:https://stackoverflow.com/questions/49930177/unable-to-add-azure-ad-group-with-in-display-name-to-azure-sql-am-i-missing