【问题标题】:Cannot find the Active Directory object '' in tenant在租户中找不到 Active Directory 对象“”
【发布时间】:2018-04-04 10:30:34
【问题描述】:

我该如何解决这个问题?有人经历过吗?我正在尝试通过运行以下脚本来在我的 sql server 数据库中启用始终加密,如教程中所述。我已经检查了我的 azure 中的租户 ID,AAD 一切似乎都很好,所以不知道为什么我会收到这个错误。事实证明很难找到任何有类似问题的资源/帮助。

New-AzureRmKeyVault : The specified vault already exists.
At line:1 char:1
+ New-AzureRmKeyVault -VaultName $akvName -ResourceGroupName $resourceG ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzureRmKeyVault], ArgumentException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.NewAzureKeyVault

PS C:\Users\xxxxxxx> Set-AzureRmKeyVaultAccessPolicy -VaultName $akvName -ResourceGroupName $resourceGroup -PermissionsToKeys get, create, delete, list, update, import, backup, restore, wrapKey,unwrapKey, sign, verify -UserPrincipalName $azureCtx.Account
Set-AzureRmKeyVaultAccessPolicy : Cannot find the Active Directory object '' in tenant
'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'. Please make sure that the user or application service principal you are
authorizing is registered in the current subscription's Azure Active directory. The TenantID displayed by the cmdlet
'Get-AzureRmContext' is the current subscription's Azure Active directory.
At line:1 char:1
+ Set-AzureRmKeyVaultAccessPolicy -VaultName $akvName -ResourceGroupNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Set-AzureRmKeyVaultAccessPolicy], ArgumentException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.SetAzureKeyVaultAccessPolicy

PS C:\Users\xxxxxxx> $akvKey = Add-AzureKeyVaultKey -VaultName "AdeKeyVault1"-Name "ContosoFirstKey" -Destination "Software"

PS C:\Users\xxxxxxx> # Import the SqlServer module.
PS C:\Users\xxxxxxx> Import-Module "SqlServer"
PS C:\Users\xxxxxxx>
PS C:\Users\xxxxxxx> # Connect to your database (Azure SQL database).
PS C:\Users\xxxxxxx> $serverName = "xxxxxxxxxxxxxxxxx.windows.net"
PS C:\Users\xxxxxxx> $databaseName = "Hospital"
PS C:\Users\xxxxxxx> $connStr = "Server = " + $serverName + "; Database = " + $databaseName + "; Authentication
= Active Directory Integrated"
PS C:\Users\xxxxxxx> $connection = New-Object Microsoft.SqlServer.Management.Common.ServerConnection
PS C:\Users\xxxxxxx> $connection.ConnectionString = $connStr
PS C:\Users\xxxxxxx> $connection.Connect()
Exception calling "Connect" with "0" argument(s): "Failed to connect to server (local)."
At line:1 char:1
+ $connection.Connect()
+ ~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ConnectionFailureException

PS C:\Users\xxxxxxx> $server = New-Object Microsoft.SqlServer.Management.Smo.Server($connection)
PS C:\Users\xxxxxxx> $database = $server.Databases[$databaseName]
PS C:\Users\xxxxxxx>
PS C:\Users\xxxxxxx> # Create a SqlColumnMasterKeySettings object for your column master key.
PS C:\Users\xxxxxxx> $cmkSettings = New-SqlAzureKeyVaultColumnMasterKeySettings -KeyURL $akvKey.ID
PS C:\Users\xxxxxxx>
PS C:\Users\xxxxxxx> # Create column master key metadata in the database.
PS C:\Users\xxxxxxx> $cmkName = "CMK1"
PS C:\Users\xxxxxxx> New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnMasterKeySettings $cmkSettings
New-SqlColumnMasterKey : Cannot validate argument on parameter 'InputObject'. The argument is null or empty. Provide
an argument that is not null or empty, and then try the command again.
At line:1 char:52
+ New-SqlColumnMasterKey -Name $cmkName -InputObject $database -ColumnM ...
+                                                    ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [New-SqlColumnMasterKey], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.SqlServer.Management.PowerShell.AlwaysEncrypt
   ed.NewSqlColumnMasterKey

【问题讨论】:

  • $azureCtx.Account 的值是多少?是用户的 UPN 吗?
  • 感谢您的回复,是的
  • 您能否尝试指定-ObjectId 而不是用户主体名称?该值需要是用户的对象 ID。您可以通过某些 PS cmdlet 找到它,也可以从 Azure 门户的 Azure Active Directory -> 用户刀片中找到它。
  • 好的,当我使用 objectId 时,我没有收到该错误,但后续错误仍然存​​在。即使用“0”参数调用“连接”的异常:“无法连接到服务器(本地)。”在 line:1 char:1 + $connection.Connect()

标签: sql-server powershell azure always-encrypted


【解决方案1】:

您似乎使用的是 Microsoft 帐户(如 outlook.com、hotmail.com)。 UserPrincipalName 不是您的电子邮件。

正如 juuas 所说,您可以使用用户的对象 ID。

Set-AzureRmKeyVaultAccessPolicy -VaultName $akvName -ResourceGroupName $resourceGroup -PermissionsToKeys get, create, delete, list, update, import, backup, restore, wrapKey,unwrapKey, sign, verify -ObjectId <user id>

【讨论】:

  • 感谢您的回复,我现在的问题是这个“异常调用“连接”与“0”参数:“无法连接到服务器(本地)。”在 line:1 char: 1 + $connection.Connect() –"
  • 我看到您使用 Active Directory 身份验证,您是否设置了 Azure AD 管理员?
猜你喜欢
  • 2021-06-26
  • 2016-08-04
  • 2020-09-20
  • 1970-01-01
  • 2021-08-24
  • 2010-11-26
  • 2017-10-10
  • 2018-02-10
  • 1970-01-01
相关资源
最近更新 更多