changing Entra Admin in SQL server bicep template

Smriti 0 Reputation points
2024-08-22T07:35:04.04+00:00

I have deployed an Azure SQL server with some Entra Id admin through bicep template: but when i redeploy by changing the entra admin, It is not allowing me to do so it throws an error like the provided adminlogin is not valid. I gone through the documentation and found out that we have to use another Api outside of the sql server admin then we will be able to change the entra Admin but i am not able to understand the reason behind this rework.

  1. Please suggest why there is no feature to utilize the same bicep {attached code} for changing server entra admin
  2. And even if i add another authorization api for changing admin, that will not work for new server. I have to manually add a parameter for determining if the server already exists which is not a good practice.
  3. How can i ensure that my bicep template works for both new server and existing server without having to modify the template in both situations. My module should be idempotent.
  4. How can i dynamically determine the existence of the server every time i deploy and based on some Boolean output it should work.



@description('SQL server Name')
param pSqlServerName string

@description('Location for SQL server deployment')
param pLocation string

@description('Admin Login username for SQL Server')
param pSqlAzureAdLogin string            

@description('Tags')
param pResourceTags object

@description('Sid of Azure AD admin')
param pSid string
 
@description('tenant id')
param pTenantId string

// SQL Server
resource rSqlserver 'Microsoft.Sql/servers@2021-11-01' = {
  name: pSqlServerName
  location: pLocation
  tags:pResourceTags
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    administrators: {
      administratorType: 'ActiveDirectory'
      azureADOnlyAuthentication: true
      login: pSqlAzureAdLogin
      principalType: 'Group'
      sid: pSid
      tenantId: pTenantId
    }
    restrictOutboundNetworkAccess: 'Disabled'
    minimalTlsVersion: '1.2'
    publicNetworkAccess: 'Disabled'
    version: '12.0'
  }
}

//Outputs
output outSqlServerId string= rSqlserver.id
Azure SQL Database
SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,670 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,365 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sedat SALMAN 13,740 Reputation points
    2024-08-23T21:06:13.18+00:00

    here is a official issue tracking about bicep and admin problem

    you can check all the thread for a solution to your problem

    https://github.com/Azure/bicep/issues/4988

    0 comments
  2. ShaktiSingh-MSFT 15,056 Reputation points
    2024-08-30T04:42:40.77+00:00

    Hi @Smriti ,

    Thanks for your patience.

    We understand that the current behavior is less than desirable; the team is actively developing support for updates to the Microsoft Entra administrator via the Servers APIs to ensure that customer deployments can be idempotent.

    We appreciate your patience until the feature is available and follow Roadmap and "What's New" page to get latest updates to the product.

    Thank you!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.