Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

 

 

 

Home > Success Center > Database Performance Analyzer (DPA) > Use Azure AD authentication in DPA

Use Azure AD authentication in DPA

Table of contents

Updated February 14, 2017

Overview

You can use Azure Active Directory (AD) authentication in DPA if one or both of the following conditions apply to your environment:

  • Your repository database is Azure SQL.
  • You are monitoring one or more Azure SQL databases.

This form of authentication is only available if the DPA server is running on a Windows operating system.

Environment

  • DPA 11.0 and later

Steps

  1. On the DPA server, download and run ENU\x64\adalsql.msi from Microsoft.
  2. Download and run enu\sqljdbc_6.0.7728.100_enu.exe from Microsoft.
  3. Copy sqljdbc_auth.dll from Microsoft JDBC Driver 6.0 for SQL Server\sqljdbc_6.0\enu\auth\x64 to C:\Windows\System32 on the DPA server.
  4. Restart DPA.
  5. Add the Active Directory admin to the Logical Server where the monitored database is located. See step 4 in this guide from Micorsoft for more information.
  6. Connect to the Azure database with an Active Directory account and execute the appropriate script:

    For an Azure SQL repository database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = [ignite];
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
    GO
    CREATE SCHEMA [ignite] AUTHORIZATION [activeDirectoryUser@*.onmicrosoft.com];

    For a monitored Azure SQL database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER;
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
  7. In DPA, run the Create Repository or Register Instance wizard.
  8. When entering the connection information, click Advanced Connection Properties.
  9. In the JDBC URL Properties field, enter the following and click OK:
    Authentication=ActiveDirectoryPassword;HostNameInCertificate=*.database.windows.net
  10. Click I'll create the contained user or login, and enter credentials.
  11. Complete the wizard.
Last modified
11:02, 16 Feb 2017

Tags

Classifications

Public