Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Database Performance Analyzer (DPA) > Use Azure AD authentication in DPA

Use Azure AD authentication in DPA

Table of contents

Updated February 14, 2017

Overview

You can use Azure Active Directory (AD) authentication in DPA if one or both of the following conditions apply to your environment:

  • Your repository database is Azure SQL.
  • You are monitoring one or more Azure SQL databases.

This form of authentication is only available if the DPA server is running on a Windows operating system.

Environment

  • DPA 11.0 and later

Steps

  1. On the DPA server, download and run ENU\x64\adalsql.msi from Microsoft.
  2. Download and run enu\sqljdbc_6.0.7728.100_enu.exe from Microsoft.
  3. Copy sqljdbc_auth.dll from Microsoft JDBC Driver 6.0 for SQL Server\sqljdbc_6.0\enu\auth\x64 to C:\Windows\System32 on the DPA server.
  4. Restart DPA.
  5. Add the Active Directory admin to the Logical Server where the monitored database is located. See step 4 in this guide from Micorsoft for more information.
  6. Connect to the Azure database with an Active Directory account and execute the appropriate script:

    For an Azure SQL repository database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = [ignite];
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
    GO
    CREATE SCHEMA [ignite] AUTHORIZATION [activeDirectoryUser@*.onmicrosoft.com];

    For a monitored Azure SQL database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER;
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
  7. In DPA, run the Create Repository or Register Instance wizard.
  8. When entering the connection information, click Advanced Connection Properties.
  9. In the JDBC URL Properties field, enter the following and click OK:
    Authentication=ActiveDirectoryPassword;HostNameInCertificate=*.database.windows.net
  10. Click I'll create the contained user or login, and enter credentials.
  11. Complete the wizard.
Last modified
11:02, 16 Feb 2017

Tags

Classifications

Public