Connect-DbaInstance doesn't support Entra ID MFA

[reitse]

Verified issue does not already exist?

I have searched and found no existing issue

What error did you receive?

PowerShell credential request
Enter your credentials.
User: fabricuser@.onmicrosoft.com
Password for user fabricuser@.onmicrosoft.com: ********************

WARNING: [19:48:02][Connect-DbaInstance] Failure | Error connecting to [-inl74sr6xmmudbus67vm4dvwhe.database.fabric.microsoft.com]: Failed to authenticate the user fabricuser@*.onmicrosoft.com in Active Directory (Authentication=ActiveDirectoryPassword).
Error code 0xinvalid_grant
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '022907d3-0f1b-48f7-badc-1ba6abab6d66'. Trace ID: 49d46701-3e05-4fa3-a546-84c5d6794900 Correlation ID: 48e3b3b9-9f3f-471f-889e-aa99796a25ef Timestamp: 2024-12-16 18:48:02Z

Steps to Reproduce

$sqlCred = Get-Credential #'fabricuser@****.onmicrosoft.com'
$server = Connect-DbaInstance -SqlInstance ****-inl74sr6xmmudbus67vm4dvwhe.database.fabric.microsoft.com -SqlCredential $sqlCred
-Database "Sql DB TPCH-716712e7-288f-456f-aa81-32bfc5cee8a7" -AzureDomain database.fabric.microsoft.com
-DisableException

Please confirm that you are running the most recent version of dbatools

2.1.27

Other details or mentions

It is trying to connect to a Fabric SQL database which is a far stretch but still.

What PowerShell host was used when producing this error

PowerShell Core (pwsh.exe), Windows PowerShell (powershell.exe), Windows PowerShell ISE (powershell_ise.exe), VS Code (terminal), VS Code (integrated terminal)

PowerShell Host Version

Name Value

---

PSVersion 7.4.6
PSEdition Core
GitCommitId 7.4.6
OS Microsoft Windows 10.0.26100
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

SQL Server Edition and Build number

Microsoft SQL Azure (RTM) - 12.0.2000.8 Nov 6 2024 14:47:11 Copyright (C) 2022 Microsoft Corporation

.NET Framework Version

PSChildName Version

---

v2.0.50727 2.0.50727.4927
v3.0 3.0.30729.4926
Windows Communication Foundation 3.0.4506.4926
Windows Presentation Foundation 3.0.6920.4902
v3.5 3.5.30729.4926
Client 4.8.09032
Full 4.8.09032
Client 4.0.0.0

[andreasjordan]

Hi Reitse!

Not sure how I can help here. How should dbatools handle the MFA?

Generally, it is way to complicated for me to reproduce the situation. So all I can do is help you extract the important lines from Connect-DbaInstance so that you can find a better way to connect to the instance. Then I can help implementing this inside of Connect-DbaInstance. But the main part of work would be on your side,

[reitse]

Hi Andreas, Thanks for reaching out. What I was hoping the connect-DbaInstance would do is open a browser window to handle the MFA, the same way you get a window when authenticating to an Azure SQL server with your MFA Azure account. Met vriendelijke groet / Kind regards, Reitse Eskens https://sqlreitse.com

…

On Thu, 19 Dec 2024 at 11:39, Andreas Jordan ***@***.***> wrote: Hi Reitse! Not sure how I can help here. How should dbatools handle the MFA? Generally, it is way to complicated for me to reproduce the situation. So all I can do is help you extract the important lines from Connect-DbaInstance so that you can find a better way to connect to the instance. Then I can help implementing this inside of Connect-DbaInstance. But the main part of work would be on your side, — Reply to this email directly, view it on GitHub <#9565 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIAYUDPIGTWY2GIIB4GTPS32GKO75AVCNFSM6AAAAABTW2NUBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJTGM4DEMBVGU> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[andreasjordan]

Connect-DbaInstance is currently far away from opening a browser window.

Maybe you can use commands from the Az module to handle the login and MFA and then connect to the database? Have you had a look at examples 15 and 16?

[reitse]

I'll try it again with the examples you provided, I'll get back to you asap, it'll be a nice test to see if that works with a Fabric SQL database. Met vriendelijke groet / Kind regards, Reitse Eskens https://sqlreitse.com

…

On Thu, 19 Dec 2024 at 15:40, Andreas Jordan ***@***.***> wrote: Connect-DbaInstance is currently far away from opening a browser window. Maybe you can use commands from the Az module to handle the login and MFA and then connect to the database? Have you had a look at examples 15 and 16? — Reply to this email directly, view it on GitHub <#9565 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AIAYUDIHW3FJLQ4PNYBYQGD2GLLFHAVCNFSM6AAAAABTW2NUBOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJUGM3DCOJUHA> . You are receiving this because you authored the thread.Message ID: ***@***.***>