Can't add Azure AD Admins to Azure Database for PostgreSQL flexible server with Private access (VNet Integration)
I have created in my Azure subscription two instances of Azure Database for PostgreSQL flexible server.Let me call them server01-psql and server02-psql They both
- are in the same Resource group, let me call it app-rg
- run POstgreSQL version 14
- are created with Authentication method: PostgreSQL and Azure Active Directory authentication
The difference is only
- server01-psql | Networking > Connectivity method: Private access (VNet Integration) to a VNet and Subnet from the same Azure subscription
- server02-psql | Networking > Connectivity method: Public access (allowed IP addresses)
I want to add chosen Azure AD group, let me call it all-app-dbadm, as Azure Active Directory Administrators (Azure AD Admins) for both instances of Azure Database for PostgreSQL flexible server.
My account is Owner of the subscription and my account is also Global Administrator of the related Azure Active Directory.
I can successfully add group from related Tenant to server02-psql in section Authentication > Azure Active Directory Administrators (Azure AD Admins)
However if I try to use
- portal.azure.com
- or az-cli
az postgres flexible-server ad-admin create -g app-rg -s server01-psql -u mysupergroup -i mysupergroupguid -t GroupI allways get an error.Deployment to resource group 'app-rg' failed. Additional details from the underlying API that might be helpful: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details. The resource write operation failed to complete successfully, because it reached terminal provisioning state 'Failed'. (Code: ResourceDeploymentFailure, Target: /subscriptions/mysupersubscriptionid/resourceGroups/app-rg/providers/Microsoft.Resources/deployments/addAdmins-0-XXXXXX)
Could you recommend what needs to be changed on any of the related resources, or perhaps at the subscription level, or in the process of the change to add successfully Azure Active Directory Administrators (Azure AD Admins) to server01-psql?
I encountered the same error while setting the AD group as the AD admin in the Azure database for PostgreSQL flexible server, as mentioned below:
To resolve the issue, I added an outbound network security group (NSG) rule to allow virtual network traffic to only reach the AzureActiveDirectory service tag, as mentioned below:
I attempted to set the admin using the following command in Azure CLI:
az postgres flexible-server ad-admin create -g <resourceGroupName> -s <serverName> -u <AD Group> -i <AD groupId> -t Group
It executed successfully without any errors, as mentioned below:
The admin was added successfully to the server, as mentioned below:
For more information, you can refer to this.
- VM has reported a failure when processing extension AzureDiskEncryption
- How to pass secrets downloaded from Azure KeyVault as parameters to an Azure Function?
- Trigger / queue build policy pipeline on ADO PR with Azure CLI
- Azure AD B2C Password Reset
- Batch create mailbox folders with GRAPH API (from Graph Explorer)
- Azure Web App on Linux: "Error: Container didn't respond to HTTP pings on port: 8080" - when using: "start": "pm2 start server.js"
- How can I apply name=value tags to service principals in Azure?
- Visual Studio Code: Could not find $web blob container for storage account
- Error when registering data factory integration runtime on windows VM
- Retrieve list of repositories and their tag versions in one call
- Getting Error while running Azure DevOps Pipeline "Error: building account: could not acquire access token to parse claims: clientCredentialsToken
- Create Resource Group with Azure Management C# API
- Azure LDAP Authentication Connection Refused On Cloud Server or Other Desktops
- Create a gpu nodepool on azure with a student account
- How to set redirect URLs to b2clogin.com for Azure Active Directory B2C in React JS application
- Cannot connect to SQL Server from logic app
- How to Resolve Errors When Running Python Jobs in Azure App Service WebJobs
- How do I open Kudu console in Azure functions consumption plan?
- Azure AutoML Image Classification Job
- Onedrive GRAPH API - 403 when getting user's OneDrive
- Azure Government Get incidents returns 401 Forbidden
- Delta Table Partitioning - why only for tables bigger than 1 TB
- How to check if an Azure storage queue has messages
- Azure WAF exclusion, what's the difference between RequestArgNames and RequestArgValues?
- How to order results of a query by the results of an aggregate function in ComosDb?
- Azure routing between different subscriptions - force one, common outbound IP and share Site-to-site (IPSec) defined in Virtual network gateway
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- Azure DevOps - Create a work item from incoming email
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?