Active Directory Password Connection Azure SQL Failure from Azure Automation

Question

I need to connect via Azure Automation to an Azure SQL Server using my Azure Active Directory Admin account that is set as the Azure SQL Server AZ AD Admin.

I am ab

Answer 1

Using Azure AD to connect to SQL is not yet supported with Azure Automation Account.This feature requires .NET Framework 4.6 and currently Azure Automation workers only had .NET Framework 4.5.

Suggestion:

• Instead of using Azure Active Password Authentication, try automating with SQL Server authentication
• Try using Hybrid runbook worker as they are able to install the latest version of .Net Framework (ref: https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker)

Answer 2

Using the Azure Automation Module

   ## Using Azure Automation ISE Add-on
    #Install-Module -Name AzureAutomationAuthoringToolkit
    Import-Module AzureAutomationAuthoringToolkit
    $SqlServer = "myazuresql.database.windows.net"
    $SqlServerPort = "1433"
    $Database = "TestDB"
    $Table = ""
    $SqlCredentialAsset = ""
    $SqlCredential = Get-AutomationPSCredential -Name $SqlCredentialAsset 
    if ($SqlCredential -eq $null) 
        { 
            throw "Could not retrieve '$SqlCredentialAsset' credential asset. Check that you created this first in the Automation service." 
        }   
    $SqlUsername = $SqlCredential.UserName 
    $SqlPass = $SqlCredential.GetNetworkCredential().Password 
    $Conn = New-Object System.Data.SqlClient.SqlConnection("Server=tcp:$SqlServer,$SqlServerPort;Database=$Database;User ID=$SqlUsername;Password=$SqlPass;Trusted_Connection=False;Encrypt=True;Connection Timeout=30;")

    $Conn.Open() 
    $Cmd=new-object system.Data.SqlClient.SqlCommand("SELECT COUNT(*) from $Table", $Conn) 
    $Cmd.CommandTimeout=120 
    $Conn.Close()

Code for inside RunBook

#Runbook
Param
(
[Parameter(Mandatory=$true)]
[String]
$AureConnectionName
)

$AzureConn = Get-AutomationConnection -Name $AzureConnectionName

If ($AuzreConn -eq $null)
{
    throw "Could not retrieve '$SqlCredentialAsset' credential asset."
}
$Certificate = Get-AutomationCertificate -Name $AzureConn.AutomationCertificateName

if ($Certificate -eq $null)
{
 throw "Could not retrieve '$AzureConn.AutomationCertificateName' certificate asset." 
}

$cred = Get-Credential -Credential Domain\User
Login-AzureRmAccount -Credential $cred
Get-AzureRmSubscription | Select-AzureRmSubscription

Answer 3

Please refer to this similar question.

If you want to connect SQL server with Azure AD user, ADAL SQL library should install on your VM. Now, Azure automation account does not install library. If you want use Azure AD user login your SQL server, you could select hybrid workers.

Runbooks in Azure Automation cannot access resources in your local data center since they run in the Azure cloud. The Hybrid Runbook Worker feature of Azure Automation allows you to run runbooks on machines located in your data center to manage local resources. The runbooks are stored and managed in Azure Automation and then delivered to one or more on-premises machines.