Azure Data Factory (ADF) is a great tool as part of your cloud based ETL tool set. However not all your data is necessarily accessible from the public internet. These instruction go through the steps required to allow ADF access to your internal or VNet data-sets.
The following are instructions for setting up a connection to an Active Directory (AD) Domain secured SQL Server using either SQL Server Management Studio or Visual Studio. This is especially applicable when not using a domain attached PC.
By default a ‘Registered Application’ account is not a member of any Directory Roles and/or group memberships and there is no easy way to make these changes using the portal. You may have an API or back-end application that will be required to perform actions on your AD that requires elevated permissions (e.g. Reset passwords or delete accounts etc..)
Normally for advanced configuration, you will need to start editing the manifest file. Luckily this has been made easy using the Portal. You can now edit the file directly, or download, make changes and then upload.
However, to make a ‘Registered Application’ a member of a ‘Directory Administrative Role’ you need to use PowerShell to add the role member to the ‘Service Principal’ (as I couldn’t find a way to do this in the manifest!).
I have recently been trying to program against the Azure Active Directory (AAD) using the
Microsoft.Azure.ActiveDirectory.GraphClient library. Unfortunately this library literally has no useful comments to assist understanding or clarify parameters etc.. Let alone how best to use or implement objects and methods or what and why exception may occur.
Equally the MSDN documentation seems to be lacking in any examples and really has minimal comments (although I see it’s getting a bit better…I think).
To this end I have created a ‘wrapper / handler’ to simplify all sorts of AAD interactions called AADGraphHandler. It effectively will help manage the creation of the
ActiveDirectoryClient and a bunch of it’s operations. You can find this on GitHub at https://github.com/nrogoff/AADGraphHandler
You can get access to the ActiveDirectoryClient directly, and so any methods not covered yet. (e.g. Adding and removing roles to a user. Just not needed it yet!)
Thanks to Simon J.K. Pedersen (https://github.com/sjkp) there is now a reasonably easy way to get auto-updating “Let’s Encrypt” SSL certificates in you Azure App Services using the “Azure Let’s Encrypt” Extension (https://github.com/sjkp/letsencrypt-siteextension).
There are some very comprehensive install and setup steps here https://github.com/sjkp/letsencrypt-siteextension/wiki/How-to-install
I finally successfully passed the three exams necessary to certify as a Microsoft MCSD: Azure Solution Architect (now becoming the MCSE: Cloud Platform and Infrastructure). \o/
- Exam 70-532: Developing Microsoft Azure Solutions
- Exam 70-533: Implementing Microsoft Azure Infrastructure Solutions
- Exam 70-534: Developing Microsoft Azure Solutions
It was no easy feat, not least because of the absolutely massive number of topics that you need to learn, but also that Microsoft decided to update the syllabus’s of all three exams just as I was ready to take them (Nov/Dec 2016). Continue reading “My Microsoft Azure Certification Revision Sheets”