Posted January 17, 20231 yr Windows Authentication for SQL Managed Instance has been released in August 2022. Windows Authentication for Azure AD principals for SQL Managed Instance is now Generally Available - Microsoft Community Hub One of the two options available to achieve this is “Incoming trust-based authentication flow”. How to set up Windows Authentication for Azure Active Directory with the incoming trust-based flow - Azure SQL Managed Instance | Microsoft Learn When executing Set-AzureAdKerberosServer command to add the Trusted Domain Object, you may get below error message. Set-AzureAdKerberosServer -Domain $domain ` -DomainCredential $domainCred ` -UserPrincipalName $cloudUserName ` -SetupCloudTrust Error message: Set-AzureADKerberosServer : LsaCreateTrustedDomainEx 0x549 This can happen when running this command on a Child Domain when on a multidomain forest scenario. The solution is running this command on Root Domain. On Child Domain, it is necessary to run same command without the -SetupCloudTrust parameter. As a summary, this is the procedure to create TDO on a multidomain forest : ROOT Domain (include -SetupCloudTrust parameter) Set-AzureAdKerberosServer -Domain $domain ` -DomainCredential $domainCred ` -UserPrincipalName $cloudUserName ` -SetupCloudTrust CHILD domain (don’t include -SetupCloudTrust parameter) Set-AzureAdKerberosServer -Domain $domain ` -DomainCredential $domainCred ` -UserPrincipalName $cloudUserName Thank you! Continue reading...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.