Reputation: 971
Unable to add Azure AD group with ':' in display name to Azure SQL, am I missing something?
In our Azure AD, we have Security groups named with (:) in the name. So the format looks like SG:{Group Name}. When I try to add a group with (:) in the name to Azure SQL using a query below
CREATE USER [SG:Developers] FROM EXTERNAL PROVIDER;
I'm getting an error shown below
Msg 15007, Level 16, State 6, Line 1 'SG:Developers' is not a valid
login or you do not have permission.
I am able to add groups with spaces or underscores in the name, so far its just (:) causing issues.
I don't believe its permissions issue, cos I'm logged in to Azure SQL Database with Active Directory Admin credentials.
EDIT
As Alberto Morillo suggested in his answer, it could be true that (:) is the issue. But what I'm trying to understand is, why does it work without any issues when I add the same [SG:Developers] group as Active Directory Admin from Azure Portal, but doesn't work when trying to add it to any DB using a T-SQL statement. Whats the missing link?
Cross posted on MSDN Forums
Upvotes: 1
Views: 925
Answers (1)
Reputation: 15698
Names in Active Directory do not allow colon (:) as mentioned in this support article.
Upvotes: 2
Related Questions
- Not able to create Azure AD Dynamic Group
- Azure AD group not visible in Devops
- Missing CommonName attribute for results from Get-AzureADGroup and Get-AzureADMSGroup commands
- Cannot set Azure Active Directory Admin in Azure SQL Database
- Escaping special characters in AD group name
- How to add Azure AD Groups in Azure SQL Server
- Access to AD group in Azure SQL Database
- Active Directory(AD) Authentication in Azure Sql not working
- How to add Azure AD groups via ARM script to a Azure SQL database
- Azure AD - no groups listed when setting Access Control in the portal