Share via


az sql server

Manage SQL servers.

Commands

Name Description Type Status
az sql server ad-admin

Manage a server's Active Directory administrator.

Core GA
az sql server ad-admin create

Create a new server Active Directory administrator.

Core GA
az sql server ad-admin delete

Sets a server's AD admin.

Core GA
az sql server ad-admin list

Gets a list of Azure Active Directory administrators in a server.

Core GA
az sql server ad-admin update

Update an existing server Active Directory administrator.

Core GA
az sql server ad-only-auth

Manage Azure Active Directory only Authentication settings for this Server.

Core GA
az sql server ad-only-auth disable

Disable Azure Active Directory only Authentication for this Server.

Core GA
az sql server ad-only-auth enable

Enable Azure Active Directory only Authentication for this Server.

Core GA
az sql server ad-only-auth get

Get a specific Azure Active Directory only Authentication property.

Core GA
az sql server advanced-threat-protection-setting

Manage a server's advanced threat protection setting.

Core GA
az sql server advanced-threat-protection-setting show

Gets an advanced threat protection setting.

Core GA
az sql server advanced-threat-protection-setting update

Update a server's advanced threat protection setting.

Core GA
az sql server audit-policy

Manage a server's auditing policy.

Core GA
az sql server audit-policy show

Show server audit policy.

Core GA
az sql server audit-policy update

Update a server's auditing policy.

Core GA
az sql server audit-policy wait

Place the CLI in a waiting state until a condition of the server's audit policy is met.

Core GA
az sql server conn-policy

Manage a server's connection policy.

Core GA
az sql server conn-policy show

Gets a server's secure connection policy.

Core GA
az sql server conn-policy update

Updates a server's secure connection policy.

Core GA
az sql server create

Create a server.

Core GA
az sql server delete

Deletes a server.

Core GA
az sql server dns-alias

Manage a server's DNS aliases.

Core GA
az sql server dns-alias create

Creates a server DNS alias.

Core GA
az sql server dns-alias delete

Deletes the server DNS alias with the given name.

Core GA
az sql server dns-alias list

Gets a list of server DNS aliases for a server.

Core GA
az sql server dns-alias set

Sets a server to which DNS alias should point.

Core GA
az sql server dns-alias show

Gets a server DNS alias.

Core GA
az sql server firewall-rule

Manage a server's firewall rules.

Core GA
az sql server firewall-rule create

Create a firewall rule.

Core GA
az sql server firewall-rule delete

Deletes a firewall rule.

Core GA
az sql server firewall-rule list

List a server's firewall rules.

Core GA
az sql server firewall-rule show

Shows the details for a firewall rule.

Core GA
az sql server firewall-rule update

Update a firewall rule.

Core GA
az sql server ipv6-firewall-rule

Manage a server's ipv6 firewall rules.

Core GA
az sql server ipv6-firewall-rule create

Create an ipv6 firewall rule.

Core GA
az sql server ipv6-firewall-rule delete

Deletes an IPv6 firewall rule.

Core GA
az sql server ipv6-firewall-rule list

List a server's ipv6 firewall rules.

Core GA
az sql server ipv6-firewall-rule show

Shows the details for an ipv6 firewall rule.

Core GA
az sql server ipv6-firewall-rule update

Update an ipv6 firewall rule.

Core GA
az sql server key

Manage a server's keys.

Core GA
az sql server key create

Creates a server key.

Core GA
az sql server key delete

Deletes a server key.

Core GA
az sql server key list

Gets a list of server keys.

Core GA
az sql server key show

Shows a server key.

Core GA
az sql server list

List available servers.

Core GA
az sql server list-usages

Returns server usages.

Core GA
az sql server ms-support

Manage a server's Microsoft support operations.

Core GA
az sql server ms-support audit-policy

Manage a server's Microsoft support operations auditing policy.

Core GA
az sql server ms-support audit-policy show

Show server Microsoft support operations audit policy.

Core GA
az sql server ms-support audit-policy update

Update a server's Microsoft support operations auditing policy.

Core GA
az sql server ms-support audit-policy wait

Place the CLI in a waiting state until a condition of the server's Microsoft support operations audit policy is met.

Core GA
az sql server outbound-firewall-rule

Manage a server's outbound firewall rules.

Core GA
az sql server outbound-firewall-rule create

Create a new outbound firewall rule.

Core GA
az sql server outbound-firewall-rule delete

Delete the outbound firewall rule.

Core GA
az sql server outbound-firewall-rule list

List a server's outbound firewall rules.

Core GA
az sql server outbound-firewall-rule show

Show the details for an outbound firewall rule.

Core GA
az sql server refresh-external-governance-status

Refreshes external governance status.

Core GA
az sql server show

Gets a server.

Core GA
az sql server tde-key

Manage a server's encryption protector.

Core GA
az sql server tde-key revalidate

Revalidate a server encryption protector.

Core GA
az sql server tde-key set

Sets the server's encryption protector. Ensure to create the key first https://docs.microsoft.com/en-us/cli/azure/sql/server/key?view=azure-cli-latest#az-sql-server-key-create.

Core GA
az sql server tde-key show

Gets a server encryption protector.

Core GA
az sql server update

Update a server.

Core GA
az sql server vnet-rule

Manage a server's virtual network rules.

Core GA
az sql server vnet-rule create

Create a virtual network rule to allows access to an Azure SQL Server.

Core GA
az sql server vnet-rule delete

Deletes the virtual network rule with the given name.

Core GA
az sql server vnet-rule list

Gets a list of virtual network rules in a server.

Core GA
az sql server vnet-rule show

Gets a virtual network rule.

Core GA
az sql server vnet-rule update

Update a virtual network rule.

Core GA
az sql server wait

Place the CLI in a waiting state until a condition of the SQL server is met.

Core GA

az sql server create

Create a server.

az sql server create --name
                     --resource-group
                     [--admin-password]
                     [--admin-user]
                     [--assign-identity]
                     [--enable-ad-only-auth]
                     [--enable-public-network {false, true}]
                     [--external-admin-name]
                     [--external-admin-principal-type]
                     [--external-admin-sid]
                     [--federated-client-id]
                     [--identity-type {None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned}]
                     [--key-id]
                     [--location]
                     [--minimal-tls-version {1.0, 1.1, 1.2, 1.3}]
                     [--no-wait]
                     [--pid]
                     [--restrict-outbound-network-access {false, true}]
                     [--user-assigned-identity-id]

Examples

Create a server.

az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword

Create a server with disabled public network access to server.

az sql server create -l westus -g mygroup -n myserver -u myadminuser -p myadminpassword -e false

Create a server without SQL Admin, with AD admin and AD Only enabled.

az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer

Create a server without SQL Admin, with AD admin, AD Only enabled, User ManagedIdenties and Identity Type is SystemAssigned,UserAssigned.

az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName \ --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type SystemAssigned,UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Create a server without SQL Admin, with AD admin, AD Only enabled, User ManagedIdenties and Identity Type is UserAssigned.

az sql server create --enable-ad-only-auth --external-admin-principal-type User --external-admin-name myUserName \ --external-admin-sid c5e964e2-6bb2-1111-1111-3b16ec0e1234 -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Required Parameters

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--admin-password -p

The administrator login password (required forserver creation).

--admin-user -u

Administrator username for the server. Oncecreated it cannot be changed.

--assign-identity -i

Generate and assign an Azure Active Directory Identity for this server for use with key management services like Azure KeyVault.

Default value: False
--enable-ad-only-auth

Enable Azure Active Directory Only Authentication for this server.

Default value: False
--enable-public-network -e
Preview

Set whether public network access to server is allowed or not. When false,only connections made through Private Links can reach this server.

Accepted values: false, true
--external-admin-name

Display name of the Azure AD administrator user, group or application.

--external-admin-principal-type

User, Group or Application.

--external-admin-sid

The unique ID of the Azure AD administrator. Object Id for User or Group, Client Id for Applications.

--federated-client-id --fid

The federated client id used in cross tenant CMK scenario.

--identity-type -t

Type of Identity to be used. Possible values are SystemAsssigned,UserAssigned, SystemAssigned,UserAssigned and None.

Accepted values: None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned
--key-id -k

The key vault URI for encryption.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--minimal-tls-version

The minimal TLS version enforced by the sql server for inbound connections.

Accepted values: 1.0, 1.1, 1.2, 1.3
--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--pid --primary-user-assigned-identity-id

The ID of the primary user managed identity.

--restrict-outbound-network-access -r
Preview

Set whether outbound network access to server is restricted or not. When true,the outbound connections from the server will be restricted.

Accepted values: false, true
--user-assigned-identity-id -a

Generate and assign an User Managed Identity(UMI) for this server.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server delete

Deletes a server.

az sql server delete [--ids]
                     [--name]
                     [--resource-group]
                     [--subscription]
                     [--yes]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server list

List available servers.

az sql server list [--expand-ad-admin]
                   [--resource-group]

Examples

List all servers in the current subscription.

az sql server list

List all servers in a resource group.

az sql server list -g mygroup

Optional Parameters

--expand-ad-admin

Expand the Active Directory Administrator for the server.

Default value: False
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server list-usages

Returns server usages.

az sql server list-usages [--ids]
                          [--name]
                          [--resource-group]
                          [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server refresh-external-governance-status

Refreshes external governance status.

az sql server refresh-external-governance-status [--ids]
                                                 [--resource-group]
                                                 [--server]
                                                 [--subscription]

Examples

Refresh external governance status for server

az sql server refresh-external-governance-status  --resource-group MyResourceGroup --server MyServer

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--server -s

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server show

Gets a server.

az sql server show [--expand-ad-admin]
                   [--ids]
                   [--name]
                   [--resource-group]
                   [--subscription]

Optional Parameters

--expand-ad-admin

Expand the Active Directory Administrator for the server.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server update

Update a server.

az sql server update [--add]
                     [--admin-password]
                     [--assign_identity]
                     [--enable-public-network {false, true}]
                     [--federated-client-id]
                     [--force-string]
                     [--identity-type {None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned}]
                     [--ids]
                     [--key-id]
                     [--minimal-tls-version {1.0, 1.1, 1.2, 1.3}]
                     [--name]
                     [--no-wait]
                     [--pid]
                     [--remove]
                     [--resource-group]
                     [--restrict-outbound-network-access {false, true}]
                     [--set]
                     [--subscription]
                     [--user-assigned-identity-id]

Examples

Update a server. (autogenerated)

az sql server update --admin-password myadminpassword --name MyAzureSQLServer --resource-group MyResourceGroup

Update a server with User Managed Identies and Identity Type is SystemAssigned,UserAssigned.

az sql server update -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type SystemAssigned,UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Update a server with User Managed Identies and Identity Type is UserAssigned.

az sql server update -g myResourceGroup -n myServer -i \ --user-assigned-identity-id /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi \ --identity-type UserAssigned --pid /subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/testumi

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Default value: []
--admin-password -p

The administrator login password.

--assign_identity -i

Generate and assign an Azure Active Directory Identity for this server for use with key management services like Azure KeyVault.

Default value: False
--enable-public-network -e
Preview

Set whether public network access to server is allowed or not. When false,only connections made through Private Links can reach this server.

Accepted values: false, true
--federated-client-id --fid

The federated client id used in cross tenant CMK scenario.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Default value: False
--identity-type -t

Type of Identity to be used. Possible values are SystemAsssigned,UserAssigned, SystemAssigned,UserAssigned and None.

Accepted values: None, SystemAssigned, SystemAssigned,UserAssigned, UserAssigned
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--key-id -k

The key vault URI for encryption.

--minimal-tls-version

The minimal TLS version enforced by the sql server for inbound connections.

Accepted values: 1.0, 1.1, 1.2, 1.3
--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--pid --primary-user-assigned-identity-id

The ID of the primary user managed identity.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Default value: []
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--restrict-outbound-network-access -r
Preview

Set whether outbound network access to server is restricted or not. When true,the outbound connections from the server will be restricted.

Accepted values: false, true
--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Default value: []
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--user-assigned-identity-id -a

Generate and assign an User Managed Identity(UMI) for this server.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az sql server wait

Place the CLI in a waiting state until a condition of the SQL server is met.

az sql server wait [--created]
                   [--custom]
                   [--deleted]
                   [--exists]
                   [--expand]
                   [--ids]
                   [--interval]
                   [--name]
                   [--resource-group]
                   [--subscription]
                   [--timeout]
                   [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--expand

The child resources to include in the response. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name -n

Name of the Azure SQL Server. You can configure the default using az configure --defaults sql-server=<name>.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.