It’s been observed that Users while configuring any management service feature like Vulnerability Assessment , Auditing , Threat protection etc. for their Azure SQL DB/Server seldom fails with an error message { “:\”PrinicipalNotFound\”,\”message\”:\”Principal ***** does not exist in the directory ****. \”} with HTTPS status code 400 (bad request)
This error states , There is no Azure AD Identity assigned for your Azure SQL Server or
when the portal/Powershell try to use the Application ID instead of the Object ID in role assignment. To solve the problem you may need to create an Azure AD identity and assign the identity to the Azure SQL logical server with below steps.
Function Assign-AzSQLidentity
{
Param
(
[parameter(Mandatory=$true)][string]$ResourceGroup,
[parameter(Mandatory=$true)][string]$ServerName
)
"Checking if server identity exists..."
if(Get-AzADServicePrincipal -DisplayName $ServerName)
{
"Server identity already exist ,Ensuring Again"
Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity
Get-AzADServicePrincipal -DisplayName $ServerName
}
else {
"Server identify for server " + $ServerName + " does not exist"
"Assigning identity to server " + $ServerName
Set-AzSqlServer -ResourceGroupName $ResourceGroup -ServerName $ServerName -AssignIdentity
}
}
Assign-AzSQLidentity
Once the Identity is assigned , Please retry the management operation (Setting Auditing /VA etc..) , it should work now.
I hope this helps , Please let me know if you have any feedback or queries on it on the comment section .
Thank you @Yochanan Rachamim for guidance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.