1

I have a command in my script called

Set-AzSqlServerActiveDirectoryAdministrator -ResourceGroupName $ResourceGroupName -ServerName $SqlServerName -DisplayName $SqlServerAdmin

I have used proper values for these parameters. Thing is this command runs perfectly when I run it from Powershell ISE, but when I do the same in Azure Powershell Task in Azure DevOps, it returns an error saying:

2020-09-18T11:02:54.0670872Z ##[error]Operation returned an invalid status code 'Forbidden'

I cant figure out what I am missing.

Improve this question
4
  • permission issue on the service principal running the pipeline? what are the existing permissions/roles ? Commented Sep 18, 2020 at 11:45
  • When I go into the Roles and Adminstrators section of the service principal, 2 are listed there : Application administrator ; Cloud application administrator Commented Sep 18, 2020 at 11:55
  • you need to grant permission to your app to manange your SQL DB. in the IAM blade of the SQL SErver resource Commented Sep 18, 2020 at 11:57
  • I gave Owner access to the service principal for the subscription. Still I am getting the same error Commented Sep 18, 2020 at 12:08

1 Answer 1

Reset to default
1

I was able to find a solution for the same. We need to add the service principal to Directory readers using this command:

Add-AzureADDirectoryRoleMember -ObjectId (Get-AzureADDirectoryRole | where-object {$_.DisplayName -eq "Directory Readers"}).Objectid -RefObjectId <object-id>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.