Submit a ticketCall us

whitepaperYour VM Perplexities Called, and They Need You to Read This.

Virtualization can give you enormous flexibility with future workloads and can be a key enabler for other areas, like cloud computing and disaster recovery. So, how can you get a handle on the performance challenges in your virtual environment and manage deployments without erasing the potential upside? Learn the four key areas you need to be focusing on to help deliver a healthy and well-performing data center.

Get your free white paper.

Home > Success Center > Database Performance Analyzer (DPA) > DPA - Knowledgebase Articles > Use Azure AD authentication in DPA

Use Azure AD authentication in DPA

Table of contents

Updated February 14, 2017

Overview

You can use Azure Active Directory (AD) authentication in DPA if one or both of the following conditions apply to your environment:

  • Your repository database is Azure SQL.
  • You are monitoring one or more Azure SQL databases.

This form of authentication is only available if the DPA server is running on a Windows operating system.

Environment

  • DPA 11.0 and later

Steps

  1. On the DPA server, download and run ENU\x64\adalsql.msi from Microsoft.
  2. Download and run enu\sqljdbc_6.0.7728.100_enu.exe from Microsoft.
  3. Copy sqljdbc_auth.dll from Microsoft JDBC Driver 6.0 for SQL Server\sqljdbc_6.0\enu\auth\x64 to C:\Windows\System32 on the DPA server.
  4. Restart DPA.
  5. Add the Active Directory admin to the Logical Server where the monitored database is located. See step 4 in this guide from Micorsoft for more information.
  6. Connect to the Azure database with an Active Directory account and execute the appropriate script:

    For an Azure SQL repository database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = [ignite];
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
    GO
    CREATE SCHEMA [ignite] AUTHORIZATION [activeDirectoryUser@*.onmicrosoft.com];

    For a monitored Azure SQL database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER;
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
  7. In DPA, run the Create Repository or Register Instance wizard.
  8. When entering the connection information, click Advanced Connection Properties.
  9. In the JDBC URL Properties field, enter the following and click OK:
    Authentication=ActiveDirectoryPassword;HostNameInCertificate=*.database.windows.net
  10. Click I'll create the contained user or login, and enter credentials.
  11. Complete the wizard.

Note: This feature for LDAP auth with the above steps will not work if the Azure instance also has Multi-factor authentication turned on for the instance. This is a limitation that is known. 

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server

 

Last modified

Tags

Classifications

Public