az sql server

Manage SQL servers.

Commands

Name	Description	Type	Status
az sql server ad-admin	Manage a server's Active Directory administrator.	Core	GA
az sql server ad-admin create	Create a new server Active Directory administrator.	Core	GA
az sql server ad-admin delete	Sets a server's AD admin.	Core	GA
az sql server ad-admin list	Gets a list of Azure Active Directory administrators in a server.	Core	GA
az sql server ad-admin update	Update an existing server Active Directory administrator.	Core	GA
az sql server ad-only-auth	Manage Azure Active Directory only Authentication settings for this Server.	Core	GA
az sql server ad-only-auth disable	Disable Azure Active Directory only Authentication for this Server.	Core	GA
az sql server ad-only-auth enable	Enable Azure Active Directory only Authentication for this Server.	Core	GA
az sql server ad-only-auth get	Get a specific Azure Active Directory only Authentication property.	Core	GA
az sql server advanced-threat-protection-setting	Manage a server's advanced threat protection setting.	Core	GA
az sql server advanced-threat-protection-setting show	Gets an advanced threat protection setting.	Core	GA
az sql server advanced-threat-protection-setting update	Update a server's advanced threat protection setting.	Core	GA
az sql server audit-policy	Manage a server's auditing policy.	Core	GA
az sql server audit-policy show	Show server audit policy.	Core	GA
az sql server audit-policy update	Update a server's auditing policy.	Core	GA
az sql server audit-policy wait	Place the CLI in a waiting state until a condition of the server's audit policy is met.	Core	GA
az sql server conn-policy	Manage a server's connection policy.	Core	GA
az sql server conn-policy show	Gets a server's secure connection policy.	Core	GA
az sql server conn-policy update	Updates a server's secure connection policy.	Core	GA
az sql server create	Create a server.	Core	GA
az sql server delete	Deletes a server.	Core	GA
az sql server dns-alias	Manage a server's DNS aliases.	Core	GA
az sql server dns-alias create	Creates a server DNS alias.	Core	GA
az sql server dns-alias delete	Deletes the server DNS alias with the given name.	Core	GA
az sql server dns-alias list	Gets a list of server DNS aliases for a server.	Core	GA
az sql server dns-alias set	Sets a server to which DNS alias should point.	Core	GA
az sql server dns-alias show	Gets a server DNS alias.	Core	GA
az sql server firewall-rule	Manage a server's firewall rules.	Core	GA
az sql server firewall-rule create	Create a firewall rule.	Core	GA
az sql server firewall-rule delete	Deletes a firewall rule.	Core	GA
az sql server firewall-rule list	List a server's firewall rules.	Core	GA
az sql server firewall-rule show	Shows the details for a firewall rule.	Core	GA
az sql server firewall-rule update	Update a firewall rule.	Core	GA
az sql server ipv6-firewall-rule	Manage a server's ipv6 firewall rules.	Core	GA
az sql server ipv6-firewall-rule create	Create an ipv6 firewall rule.	Core	GA
az sql server ipv6-firewall-rule delete	Deletes an IPv6 firewall rule.	Core	GA
az sql server ipv6-firewall-rule list	List a server's ipv6 firewall rules.	Core	GA
az sql server ipv6-firewall-rule show	Shows the details for an ipv6 firewall rule.	Core	GA
az sql server ipv6-firewall-rule update	Update an ipv6 firewall rule.	Core	GA
az sql server key	Manage a server's keys.	Core	GA
az sql server key create	Creates a server key.	Core	GA
az sql server key delete	Deletes a server key.	Core	GA
az sql server key list	Gets a list of server keys.	Core	GA
az sql server key show	Shows a server key.	Core	GA
az sql server list	List available servers.	Core	GA
az sql server list-usages	Returns server usages.	Core	GA
az sql server ms-support	Manage a server's Microsoft support operations.	Core	GA
az sql server ms-support audit-policy	Manage a server's Microsoft support operations auditing policy.	Core	GA
az sql server ms-support audit-policy show	Show server Microsoft support operations audit policy.	Core	GA
az sql server ms-support audit-policy update	Update a server's Microsoft support operations auditing policy.	Core	GA
az sql server ms-support audit-policy wait	Place the CLI in a waiting state until a condition of the server's Microsoft support operations audit policy is met.	Core	GA
az sql server outbound-firewall-rule	Manage a server's outbound firewall rules.	Core	GA
az sql server outbound-firewall-rule create	Create a new outbound firewall rule.	Core	GA
az sql server outbound-firewall-rule delete	Delete the outbound firewall rule.	Core	GA
az sql server outbound-firewall-rule list	List a server's outbound firewall rules.	Core	GA
az sql server outbound-firewall-rule show	Show the details for an outbound firewall rule.	Core	GA
az sql server refresh-external-governance-status	Refreshes external governance status.	Core	GA
az sql server show	Gets a server.	Core	GA
az sql server tde-key	Manage a server's encryption protector.	Core	GA
az sql server tde-key revalidate	Revalidate a server encryption protector.	Core	GA
az sql server tde-key set	Sets the server's encryption protector. Ensure to create the key first https://docs.microsoft.com/en-us/cli/azure/sql/server/key?view=azure-cli-latest#az-sql-server-key-create.	Core	GA
az sql server tde-key show	Gets a server encryption protector.	Core	GA
az sql server update	Update a server.	Core	GA
az sql server vnet-rule	Manage a server's virtual network rules.	Core	GA
az sql server vnet-rule create	Create a virtual network rule to allows access to an Azure SQL Server.	Core	GA
az sql server vnet-rule delete	Deletes the virtual network rule with the given name.	Core	GA
az sql server vnet-rule list	Gets a list of virtual network rules in a server.	Core	GA
az sql server vnet-rule show	Gets a virtual network rule.	Core	GA
az sql server vnet-rule update	Update a virtual network rule.	Core	GA
az sql server wait	Place the CLI in a waiting state until a condition of the SQL server is met.	Core	GA

az sql server create

Create a server.

az sql server create --name
                     --resource-group
                     [--admin-password]
                     [--admin-user]
                     [--assign-identity]
                     [--enable-ad-only-auth]
                     [--enable-public-network {false, true}]
                     [--external-admin-name]
                     [--external-admin-principal-type]
                     [--external-admin-sid]
                     [--federated-client-id]
                     [--identity-type {None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned}]
                     [--key-id]
                     [--location]
                     [--minimal-tls-version {1.0, 1.1, 1.2, 1.3}]
                     [--no-wait]
                     [--pid]
                     [--restrict-outbound-network-access {false, true}]
                     [--user-assigned-identity-id]

Examples

Create a server.

az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword

Create a server with disabled public network access to server.

az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword -e false

Create a server without SQL Admin, with AD admin and AD Only enabled.

az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer

Create a server without SQL Admin, with AD admin, AD Only enabled, User ManagedIdenties and Identity Type is SystemAssigned,UserAssigned.

az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName \ --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type SystemAssigned,UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Create a server without SQL Admin, with AD admin, AD Only enabled, User ManagedIdenties and Identity Type is UserAssigned.

az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName \ --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Required Parameters

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin-password -p

The administrator login password (required forserver creation).

--admin-user -u

Administrator username for the server. Oncecreated it cannot be changed.

--assign-identity -i

Generate and assign an Azure Active Directory Identity for this server for use with key management services like Azure KeyVault.

Default value: False

--enable-ad-only-auth

Enable Azure Active Directory Only Authentication for this server.

Default value: False

--enable-public-network -e

Preview

Set whether public network access to server is allowed or not. When false,only connections made through Private Links can reach this server.

Accepted values: false, true

--external-admin-name

Display name of the Azure AD administrator user, group or application.

--external-admin-principal-type

User, Group or Application.

--external-admin-sid

The unique ID of the Azure AD administrator. Object Id for User or Group, Client Id for Applications.

--federated-client-id --fid

The federated client id used in cross tenant CMK scenario.

--identity-type -t

Type of Identity to be used. Possible values are SystemAsssigned,UserAssigned, SystemAssigned,UserAssigned and None.

Accepted values: None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned

--key-id -k

The key vault URI for encryption.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--minimal-tls-version

The minimal TLS version enforced by the sql server for inbound connections.

Accepted values: 1.0, 1.1, 1.2, 1.3

--no-wait

Do not wait for the long-running operation to finish.

Default value: False

--pid --primary-user-assigned-identity-id

The ID of the primary user managed identity.

--restrict-outbound-network-access -r

Preview

Set whether outbound network access to server is restricted or not. When true,the outbound connections from the server will be restricted.

Accepted values: false, true

--user-assigned-identity-id -a

Generate and assign an User Managed Identity(UMI) for this server.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server delete

Deletes a server.

az sql server delete [--ids]
                     [--name]
                     [--resource-group]
                     [--subscription]
                     [--yes]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server list

List available servers.

az sql server list [--expand-ad-admin]
                   [--resource-group]

Examples

List all servers in the current subscription.

az sql server list

List all servers in a resource group.

az sql server list -g mygroup

Optional Parameters

--expand-ad-admin

Expand the Active Directory Administrator for the server.

Default value: False

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server list-usages

Returns server usages.

az sql server list-usages [--ids]
                          [--name]
                          [--resource-group]
                          [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server refresh-external-governance-status

Refreshes external governance status.

az sql server refresh-external-governance-status [--ids]
                                                 [--resource-group]
                                                 [--server]
                                                 [--subscription]

Examples

Refresh external governance status for server

az sql server refresh-external-governance-status  --resource-group MyResourceGroup --server MyServer

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--server -s

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server show

Gets a server.

az sql server show [--expand-ad-admin]
                   [--ids]
                   [--name]
                   [--resource-group]
                   [--subscription]

Optional Parameters

--expand-ad-admin

Expand the Active Directory Administrator for the server.

Default value: False

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server update

Update a server.

az sql server update [--add]
                     [--admin-password]
                     [--assign_identity]
                     [--enable-public-network {false, true}]
                     [--federated-client-id]
                     [--force-string]
                     [--identity-type {None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned}]
                     [--ids]
                     [--key-id]
                     [--minimal-tls-version {1.0, 1.1, 1.2, 1.3}]
                     [--name]
                     [--no-wait]
                     [--pid]
                     [--remove]
                     [--resource-group]
                     [--restrict-outbound-network-access {false, true}]
                     [--set]
                     [--subscription]
                     [--user-assigned-identity-id]

Examples

Update a server. (autogenerated)

az sql server update --admin-password myadminpassword --name MyAzureSQLServer --resource-group MyResourceGroup

Update a server with User Managed Identies and Identity Type is SystemAssigned,UserAssigned.

az sql server update -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type SystemAssigned,UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Update a server with User Managed Identies and Identity Type is UserAssigned.

az sql server update -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Default value: []

--admin-password -p

The administrator login password.

--assign_identity -i

Generate and assign an Azure Active Directory Identity for this server for use with key management services like Azure KeyVault.

Default value: False

--enable-public-network -e

Preview

Set whether public network access to server is allowed or not. When false,only connections made through Private Links can reach this server.

Accepted values: false, true

--federated-client-id --fid

The federated client id used in cross tenant CMK scenario.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Default value: False

--identity-type -t

Type of Identity to be used. Possible values are SystemAsssigned,UserAssigned, SystemAssigned,UserAssigned and None.

Accepted values: None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--key-id -k

The key vault URI for encryption.

--minimal-tls-version

The minimal TLS version enforced by the sql server for inbound connections.

Accepted values: 1.0, 1.1, 1.2, 1.3

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False

--pid --primary-user-assigned-identity-id

The ID of the primary user managed identity.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Default value: []

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--restrict-outbound-network-access -r

Preview

Set whether outbound network access to server is restricted or not. When true,the outbound connections from the server will be restricted.

Accepted values: false, true

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Default value: []

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--user-assigned-identity-id -a

Generate and assign an User Managed Identity(UMI) for this server.

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server wait

Place the CLI in a waiting state until a condition of the SQL server is met.

az sql server wait [--created]
                   [--custom]
                   [--deleted]
                   [--exists]
                   [--expand]
                   [--ids]
                   [--interval]
                   [--name]
                   [--resource-group]
                   [--subscription]
                   [--timeout]
                   [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False

--exists

Wait until the resource exists.

Default value: False

--expand

The child resources to include in the response. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc

Default value: json

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.