| Author | Chrissy LeMaire (@cl), netnerds.net |
| Availability | Windows, Linux, macOS |
Want to see the source code for this command? Check out New-DbaAzAccessToken on GitHub.
Want to see the Bill Of Health for this command? Check out New-DbaAzAccessToken.
Simplifies the generation of Azure oauth2 tokens.
Generates an oauth2 access token. Currently supports Managed Identities, Service Principals and IRenewableToken.
Want to know more about Access Tokens? This page explains it well: https://dzone.com/articles/using-managed-identity-to-securely-access-azure-re
New-DbaAzAccessToken
[-Type] <String>
[[-Subtype] <String>]
[[-Config] <Object>]
[[-Credential] <PSCredential>]
[[-Tenant] <String>]
[[-Thumbprint] <String>]
[[-Store] <String>]
[-EnableException]
[<CommonParameters>]
PS C:\> New-DbaAzAccessToken -Type ManagedIdentity
Returns a plain-text token for Managed Identities for SQL Azure Db.
PS C:\> $token = New-DbaAzAccessToken -Type ManagedIdentity -Subtype AzureSqlDb
PS C:\> $server = Connect-DbaInstance -SqlInstance myserver.database.windows.net -Database mydb -AccessToken $token -DisableException
Generates a token then uses it to connect to Azure SQL DB then connects to an Azure SQL Db
PS C:\> $token = New-DbaAzAccessToken -Type ServicePrincipal -Tenant whatup.onmicrosoft.com -Credential ee590f55-9b2b-55d4-8bca-38ab123db670
PS C:\> $server = Connect-DbaInstance -SqlInstance myserver.database.windows.net -Database mydb -AccessToken $token -DisableException
PS C:\> Invoke-DbaQuery -SqlInstance $server -Query "select 1 as test"
Generates a token then uses it to connect to Azure SQL DB then connects to an Azure SQL Db.
Once the connection is made, it is used to perform a test query.
The type of request:
ManagedIdentity
ServicePrincipal
RenewableServicePrincipal
| Alias | |
| Required | True |
| Pipeline | false |
| Default Value | |
| Accepted Values | ManagedIdentity,ServicePrincipal,RenewableServicePrincipal |
The subtype. Options include:
AzureSqlDb (default)
ResourceManager
DataLake
EventHubs
KeyVault
ResourceManager
ServiceBus
Storage
Read more here: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | AzureSqlDb |
| Accepted Values | AzureSqlDb,ResourceManager,DataLake,EventHubs,KeyVault,ResourceManager,ServiceBus,Storage |
The hashtable or json configuration.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
When using the ServicePrincipal type, a Credential is required. The username is the App ID and Password is the App Password
https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value |
When using the ServicePrincipal or RenewableServicePrincipal types, a tenant name or ID is required. This field works with both.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | (Get-DbatoolsConfigValue -FullName 'azure.tenantid') |
Thumbprint for connections to Azure MSI
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | (Get-DbatoolsConfigValue -FullName 'azure.certificate.thumbprint') |
Store where the Azure MSI certificate is stored
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | (Get-DbatoolsConfigValue -FullName 'azure.certificate.store') |
| Accepted Values | CurrentUser,LocalMachine |
By default, when something goes wrong we try to catch it, interpret it and give you a friendly warning message.
This avoids overwhelming you with "sea of red" exceptions, but is inconvenient because it basically disables advanced scripting.
Using this switch turns this "nice by default" feature off and enables you to catch exceptions with your own try/catch.
| Alias | |
| Required | False |
| Pipeline | false |
| Default Value | False |