I am trying to execute below command in azure devops to set the AD group as setsqlserveradmin.
Set-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName "xyz" -ServerName "xyzsqlserver" -DisplayName "ADgroup" -ObjectId "27f75d8c-xxxx-xxxx-xxxx-xxxxxxxxxx"
Below is the Error logs
2020-05-07T15:55:05.2211587Z ##[command]Disconnect-AzAccount -Scope Process
ErrorAction Stop 2020-05-07T15:55:05.6167436Z ##[command]Clear-AzContext -Scope Process - ErrorAction
Stop 2020-05-07T15:55:05.9479005Z ##[error]Cannot find the Azure Active Directory object 'Adgroup'.
Please make sure that the user or group you are authorizing is registered in the current
subscription's Azure Active directory. To get a list of Azure Active Directory groups use Get-
AzADGroup, or to get a list of Azure Active Directory users use Get-AzADUser. 2020-05-
07T15:55:06.0117846Z ##[section]Finishing: Azure PowerShell script: InlineScript
Note - I checked Adgroup and correponding objectid is correct.
powershell task 4.0 and version 3.1.0
I can reproduce your issue, first, make sure the group is in the same tenant of your service connection.
Then navigate to the Azure portal -> Azure Active Directory
-> App registrations
-> find the AD App Registration related to your service connection, follow the steps below to add the Application permission Directory.Read.All
of Azure Active Directory Graph
(not Microsoft Graph
), don't forget to click the Grant admin consent for xxx
button at last.
After adding the permission, there is some delay(30m - 1h), then test the command, it works.