A utility that scripts Creates and Drops for Entra Logins, Users, User Defined Roles, Role Memberships and most object permissions into TSQL.
Our team has a blog on this site which describes the process of moving an Azure SQL DB from one tenant to another. When doing this, the Entra (was AAD) logins and users defined in the database will no longer be valid. You therefore need to recreate the logins and users in the SQL DB after the move to the new tenant. In some cases the logins and users will be completely different in the new tenant, but if the logins and users in the new tenant are the same, we have created a downloadable utility to enable customers to capture this information.
The application makes no changes to the SQL DB but instead produces a TSQL script with Drop and Create statements for Entra logins, users, user defined roles, role memberships and most object permissions from the source Azure SQL DB. The Drop statements will help you clean up objects in the database, while the Create statements should be carefully reviewed and can be selectively applied as required once the SQL DB is in the new tenant.
Using the utility in production should be approached cautiously, with sufficient testing to ensure all of the logins, users, roles and permissions are recreated.
Application Configuration
The application requires the .NET 8 runtime which, if necessary, can be installed here: Download .NET 8.0 (Linux, macOS, and Windows)
The utility has no installation, just unzip all the files into a folder. The only configuration required is to change the connection string in the appsettings.json file. Once the connection string is set, run the utility executable.
Sample Execution
Below is snapshot of a sample execution of the utility.
Feedback and suggestions
If you have feedback or suggestions for improving this data migration asset, please contact the Data SQL Engineering Team (datasqlninja@microsoft.com). Thanks for your support!
Microsoft