0

I have a new Azure AD

I've switched my subscription over to it

I created a SQL Server managed instance

I went to the SQL Server MI, and to the active directory admin section of the MI.

I attempted to grant read permissions to the AD via the "click here to grand read permissions link"

I received the following error enter image description here

Any clues?

GilesDMiddleton
  • 2,279
  • 22
  • 31
  • May I know what is the authentication method selected by you while creating the SQL MI? – Ansuman Bal Oct 14 '21 at 09:37
  • @AnsumanBal-MT I left nearly everything as default, except the cores/ram, and made it a public endpoint. Don't remember being asked much about authentication except I think I saw it had a system assigned identity, and that's what the MI says it has. No databases have been created yet. – GilesDMiddleton Oct 14 '21 at 09:47
  • 1
    Could you please try logging in to portal from incognito browser and see if you are able to add? and also may I know If you have created SQL MI first in that subscription then attached the azure ad to subscription or vice-versa? – Ansuman Bal Oct 14 '21 at 10:13
  • 1
    @AnsumanBal-MT logging in to a private window (and passing my company's MFA) then made it work. Write that as the answer and I'll accept it. I created the AD, switched subscription to the AD, then created the MI. Earlier, I had previously tried to move an existing MI from the old AD to new AD, and failed, so deleted it (test db), and created a new MI as described. – GilesDMiddleton Oct 14 '21 at 10:53
  • Glad to be of Help @GilesDMiddleton !! Added the same as answer.. – Ansuman Bal Oct 14 '21 at 13:30

1 Answers1

1

While clicking on the Grant permissions it should automatically take the User objectId who has logged in to the portal and check the permissions for the user if the user has Global administrator / Directory Reader role(Preview) in the Tenant Or Subscription and finally will perform the operation.

But as you have created a new AD tenant and added it to the subscription it sometimes fails to sync (tenant and subscription) and as per the error Invalid object Identifier null it fails to get the user details .

So, the Issue can be fixed by logging in to the portal from a private window of the browser or signing out of the portal,then clearing the cache of the browser and relogging.

Ansuman Bal
  • 9,705
  • 2
  • 10
  • 27