Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Database Performance Analyzer (DPA) > Use Azure AD authentication in DPA

Use Azure AD authentication in DPA

Table of contents

Updated February 14, 2017

Overview

You can use Azure Active Directory (AD) authentication in DPA if one or both of the following conditions apply to your environment:

  • Your repository database is Azure SQL.
  • You are monitoring one or more Azure SQL databases.

This form of authentication is only available if the DPA server is running on a Windows operating system.

Environment

  • DPA 11.0 and later

Steps

  1. On the DPA server, download and run ENU\x64\adalsql.msi from Microsoft.
  2. Download and run enu\sqljdbc_6.0.7728.100_enu.exe from Microsoft.
  3. Copy sqljdbc_auth.dll from Microsoft JDBC Driver 6.0 for SQL Server\sqljdbc_6.0\enu\auth\x64 to C:\Windows\System32 on the DPA server.
  4. Restart DPA.
  5. Add the Active Directory admin to the Logical Server where the monitored database is located. See step 4 in this guide from Micorsoft for more information.
  6. Connect to the Azure database with an Active Directory account and execute the appropriate script:

    For an Azure SQL repository database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA = [ignite];
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
    GO
    CREATE SCHEMA [ignite] AUTHORIZATION [activeDirectoryUser@*.onmicrosoft.com];

    For a monitored Azure SQL database

    CREATE USER [activeDirectoryUser@*.onmicrosoft.com] FROM EXTERNAL PROVIDER;
    ALTER ROLE db_owner ADD member [activeDirectoryUser@*.onmicrosoft.com];
  7. In DPA, run the Create Repository or Register Instance wizard.
  8. When entering the connection information, click Advanced Connection Properties.
  9. In the JDBC URL Properties field, enter the following and click OK:
    Authentication=ActiveDirectoryPassword;HostNameInCertificate=*.database.windows.net
  10. Click I'll create the contained user or login, and enter credentials.
  11. Complete the wizard.

Note: This feature for LDAP auth with the above steps will not work if the Azure instance also has Multi-factor authentication turned on for the instance. This is a limitation that is known. 

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication

https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server

 

Last modified

Tags

Classifications

Public