Automate exporting of azure sql database as .bacpac to blog storage.
Published Jun 22 2021 07:37 AM 12.8K Views

Login to Azure Portal-->Go to automation account -->Runbooks-->browse gallery -->type backup azure sql databases to blob storage and import the module.


  1. Open the run book and click edit.



  2. Download the code and replace the with your details as shown below:
    	Human-readable informational and error messages produced during the job. Not intended to be consumed by another runbook.
        $RESOURCEGROUPNAME = '<ResourceGroupName>'
        $DatabaseServerName = '<DatabaseName>'
        $DatabaseAdminUsername = '<AdminAccountHere>'
        $DatabaseAdminPassword = '<YourPasswordHere>'
        $DatabaseNames = '<DatabaseNaem>'
        $StorageAccountName = '<StorageAccountName>'
        $BlobStorageEndpoint = 'https://<StorageAccountName>'
        $StorageKey = '<StorageAccessKey>'
        $BlobContainerName = '<ContainerName>'
        $RetentionDays = '10'
    $ErrorActionPreference = 'stop'
    function Login() {
    	$connectionName = "AzureRunAsConnection"
    		$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName         
    		Write-Verbose "Logging in to Azure..." -Verbose
    		Add-AzureRmAccount `
    			-ServicePrincipal `
    			-TenantId $servicePrincipalConnection.TenantId `
    			-ApplicationId $servicePrincipalConnection.ApplicationId `
    			-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint | Out-Null
    	catch {
    		if (!$servicePrincipalConnection)
    			$ErrorMessage = "Connection $connectionName not found."
    			throw $ErrorMessage
    		} else{
    			Write-Error -Message $_.Exception
    			throw $_.Exception
    function Create-Blob-Container([string]$blobContainerName, $storageContext) {
    	Write-Verbose "Checking if blob container '$blobContainerName' already exists" -Verbose
    	if (Get-AzureStorageContainer -ErrorAction "Stop" -Context $storageContext | Where-Object { $_.Name -eq $blobContainerName }) {
    		Write-Verbose "Container '$blobContainerName' already exists" -Verbose
    	} else {
    		New-AzureStorageContainer -ErrorAction "Stop" -Name $blobContainerName -Permission Off -Context $storageContext
    		Write-Verbose "Container '$blobContainerName' created" -Verbose
    function Export-To-Blob-Storage([string] $RESOURCEGROUPNAME, [string]$databaseServerName, [string]$databaseAdminUsername, [string]$databaseAdminPassword, [string[]]$databaseNames, [string]$storageKey, [string]$blobStorageEndpoint, [string]$blobContainerName) {
    	Write-Verbose "Starting database export to databases '$databaseNames'" -Verbose
    	$securePassword = ConvertTo-SecureString –String $databaseAdminPassword –AsPlainText -Force 
    	$creds = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $databaseAdminUsername, $securePassword
    	foreach ($databaseName in $databaseNames.Split(",").Trim()) {
    		Write-Output "Creating request to backup database '$databaseName'"
    		$bacpacFilename = $databaseName + (Get-Date).ToString("yyyyMMddHHmm") + ".bacpac"
    		$bacpacUri = $blobStorageEndpoint + $blobContainerName + "/" + $bacpacFilename
    		$exportRequest = New-AzureRmSqlDatabaseExport -ResourceGroupName $RESOURCEGROUPNAME –ServerName $databaseServerName `
    			–DatabaseName $databaseName –StorageKeytype "StorageAccessKey" –storageKey $storageKey -StorageUri $BacpacUri `
    			–AdministratorLogin $creds.UserName –AdministratorLoginPassword $creds.Password -ErrorAction "continue"
    		# Print status of the export
    		Get-AzureRmSqlDatabaseImportExportStatus -OperationStatusLink $exportRequest.OperationStatusLink -ErrorAction "Stop"
    function Delete-Old-Backups([int]$retentionDays, [string]$blobContainerName, $storageContext) {
    	Write-Output "Removing backups older than '$retentionDays' days from blob: '$blobContainerName'"
    	$isOldDate = [DateTime]::UtcNow.AddDays(-$retentionDays)
    	$blobs = Get-AzureStorageBlob -Container $blobContainerName -Context $storageContext
    	foreach ($blob in ($blobs | Where-Object { $_.LastModified.UtcDateTime -lt $isOldDate -and $_.BlobType -eq "BlockBlob" })) {
    		Write-Verbose ("Removing blob: " + $blob.Name) -Verbose
    		Remove-AzureStorageBlob -Blob $blob.Name -Container $blobContainerName -Context $storageContext
    Write-Verbose "Starting database backup" -Verbose
    $StorageContext = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageKey
    Create-Blob-Container `
    	-blobContainerName $blobContainerName `
    	-storageContext $storageContext
    Export-To-Blob-Storage `
    	-resourceGroupName $RESOURCEGROUPNAME `
    	-databaseServerName $DatabaseServerName `
    	-databaseAdminUsername $DatabaseAdminUsername `
    	-databaseAdminPassword $DatabaseAdminPassword `
    	-databaseNames $DatabaseNames `
    	-storageKey $StorageKey `
    	-blobStorageEndpoint $BlobStorageEndpoint `
    	-blobContainerName $BlobContainerName
    Write-Verbose "Database backup script finished" -Verbose

You can get required details from azure portal as shown in below snippets:
To get the Blob container name: Go to the storage account and select the container name where you want to save the bacpac file .




To find the storage key: Go to Access keys and copy the key as shown in below image:




You can get the Blob Storage Endpoint from endpoint option as shown in the below image.



  1. Now go to runbook and click on edit PowerShell runbook option and replace the existing script with the modified script that you have.


  2. Now to automate click on “link to schedule” and schedule the time according to your requirement in order to run the export job and click on create.


6.If you want to confirm If bacpac is completed successfully, you can go to job output and check the status of backup.



You can also verify the status in SQL Server import and export history wizard as shown below:



Once the backup is successful, you can find the .bacpac file in your specific storage account.



Points to ponder:

  1. Make sure that you have set the option Allow all azure services to “Yes”.
  2. This functionality works only when public end point has been used and make sure deny public access should be set to “NO"
  3. Also If you encounter any issue related to module is miss then you need to go the below path to fix the issue:
    Go  the automation account-->module-->browse gallery--> Search missing module-->Import
Version history
Last update:
‎Jun 22 2021 07:36 AM
Updated by: