dbatools icon indicating copy to clipboard operation
dbatools copied to clipboard
verified publisher icon dataplat

Sync-DbaAvailabilityGroup not syncing Azure Entra logins

Open S0l4r15 opened this issue 10 months ago • 2 comments

Verified issue does not already exist?

No, I did not search

What error did you receive?

We use Sync-DbaAvailabilityGroup to keep the passive secondary of an AAG in sync with the primary. This worked well until we introduced Entra logins. Is this expected or an issue with the command? I believe the code to generate an Entra login is something like : Create Login ... from External Provider ...

Steps to Reproduce

The part of the PS script we use that handles this functionality is as follows:

Sync-DbaAvailabilityGroup -AvailabilityGroup $agName -Primary $primaryServer -Force

Please confirm that you are running the most recent version of dbatools

2.1.26

Other details or mentions

No response

What PowerShell host was used when producing this error

Windows PowerShell (powershell.exe)

PowerShell Host Version

Name Value

PSVersion 5.1.20348.2760
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.2760
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

SQL Server Edition and Build number

Microsoft SQL Server 2022 (RTM-CU15-GDR) (KB5046059) - 16.0.4150.1 (X64) Sep 25 2024 17:34:41 Copyright (C) 2022 Microsoft Corporation Developer Edition (64-bit) on Windows Server 2022 Datacenter 10.0 <X64> (Build 20348: ) (Hypervisor)

.NET Framework Version

PSChildName Version

Client 4.8.04161 Full 4.8.04161 Client 4.0.0.0

S0l4r15 avatar Feb 14 '25 12:02 S0l4r15

Forgot to mention. To try to get around this I attempted the following :

Get-DbaLogin -SqlInstance $primary | Where-Object LoginType -like "ExternalGroup" | Copy-DbaLogin -Destination $secondary

This came up with errors which looks to be truncated : Failed An exception occurred while executing a Transact-SQL statement or batch.Cannot find the ...

I ran the "Get-DbatoolsError" command:

CategoryInfo : InvalidOperation: (:) [], Exception ErrorDetails : Exception : System.Exception: An exception occurred while executing a Transact-SQL statement or batch.Cannot find the login 'EntraLoginNameHere', because it does not exist or you do not have permission. ---> System.Exception: An exception occurred while executing a Transact-SQL statement or batch.Cannot find the login 'EntraLoginNameHere', because it does not exist or you do not have permission. ---> System.Management.Automation.MethodInvocationException: Exception calling "Query" with "1" argument(s): "An exception occurred while executing a Transact-SQL statement or batch.Cannot find the login 'EntraLoginNameHere', because it does not exist or you do not have permission." ---> System.Management.Automation.RuntimeException: An exception occurred while executing a Transact-SQL statement or batch.Cannot find the login 'EntraLoginNameHere', because it does not exist or you do not have permission. ---> System.Management.Automation.RuntimeException: An exception occurred while executing a Transact-SQL statement or batch.Cannot find the login 'EntraLoginNameHere', because it does not exist or you do not have permission. --- End of inner exception stack trace --- at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at <ScriptBlock>(Closure , FunctionContext ) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(ScriptBlockClauseToInvoke clauseToInvoke, Boolean createLocalScope, Dictionary2 functionsToDefine, List1 variablesToDefine, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args) at System.Management.Automation.ScriptBlock.<>c__DisplayClass57_0.<InvokeWithPipe>b__0() at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(Action action) at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Boolean propagateAllExceptionsToTop, List1 variablesToDefine, Dictionary2 functionsToDefine, Object[] args) at System.Management.Automation.ScriptBlock.DoInvokeReturnAsIs(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Object[] args) at System.Management.Automation.PSScriptMethod.InvokeScript(String methodName, ScriptBlock script, Object this, Object[] arguments) --- End of inner exception stack trace --- at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at lambda_method(Closure , Object[] , StrongBox`1[] , InterpretedFrame ) --- End of inner exception stack trace --- --- End of inner exception stack trace --- FullyQualifiedErrorId : dbatools_New-DbaLogin InvocationInfo : System.Management.Automation.InvocationInfo PipelineIterationInfo : {} PSMessageDetails : ScriptStackTrace : at Stop-Function, <No file>: line 98163 at New-DbaLogin<Process>, <No file>: line 61581 at Copy-Login, <No file>: line 9393 at Copy-DbaLogin<Process>, <No file>: line 9459 at Select-DefaultView<Process>, <No file>: line 95690 at Get-DbaLogin<Process>, <No file>: line 32839 at <ScriptBlock>, <No file>: line 1 TargetObject :

This was ran as a user with local server Administrator permissions and Sysadmin permissions on both primary and secondary server.

S0l4r15 avatar Feb 14 '25 12:02 S0l4r15

this is probably an error of -DbaLogin than sync- . We need SMO support for Entra or work around the limitation

niphlod avatar Feb 14 '25 12:02 niphlod