New-AzSqlServer

Creates a SQL Database server.

Syntax

New-AzSqlServer
   -ServerName <String>
   [-SqlAdministratorCredentials <PSCredential>]
   -Location <String>
   [-Tags <Hashtable>]
   [-ServerVersion <String>]
   [-AssignIdentity]
   [-PublicNetworkAccess <String>]
   [-RestrictOutboundNetworkAccess <String>]
   [-MinimalTlsVersion <String>]
   [-PrimaryUserAssignedIdentityId <String>]
   [-KeyId <String>]
   [-UserAssignedIdentityId <System.Collections.Generic.List`1[System.String]>]
   [-IdentityType <String>]
   [-AsJob]
   [-EnableActiveDirectoryOnlyAuthentication]
   [-ExternalAdminName <String>]
   [-ExternalAdminSID <Guid>]
   [-FederatedClientId <Guid>]
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzSqlServer cmdlet creates an Azure SQL Database server.

Examples

Example 1: Create a new Azure SQL Database server

New-AzSqlServer -ResourceGroupName "ResourceGroup01" -Location "Central US" -ServerName "server01" -ServerVersion "12.0" -SqlAdministratorCredentials (Get-Credential)

ResourceGroupName        : resourcegroup01
ServerName               : server01
Location                 : Central US
SqlAdministratorLogin    : adminLogin
SqlAdministratorPassword :
ServerVersion            : 12.0
Tags                     :

This command creates a version 12 Azure SQL Database server.

Example 2: Create a new Azure SQL Database server with External (Microsoft Entra ID) Administrator, Microsoft Entra-only Authentication and no SqlAdministratorCredentials

New-AzSqlServer -ResourceGroupName "ResourceGroup01" -Location "Central US" -ServerName "server01" -ServerVersion "12.0" -ExternalAdminName DummyLogin -EnableActiveDirectoryOnlyAuthentication
ResourceGroupName        : resourcegroup01
ServerName               : server01
Location                 : Central US
SqlAdministratorLogin    : adminLogin
SqlAdministratorPassword :
ServerVersion            : 12.0
Tags                     :
Administrators           :

$val = Get-AzSqlServer -ResourceGroupName "ResourceGroup01" -ServerName "server01" -ExpandActiveDirectoryAdministrator
ResourceGroupName        : resourcegroup01
ServerName               : server01
Location                 : Central US
SqlAdministratorLogin    : randomLogin
SqlAdministratorPassword :
ServerVersion            : 12.0
Tags                     :
Administrators           : Microsoft.Azure.Management.Sql.Models.ServerExternalAdministrator

$val.Administrators
AdministratorType         : ActiveDirectory
PrincipalType             : Group
Login                     : DummyLogin
Sid                       : df7667b8-f9fd-4029-a0e3-b43c75ce9538
TenantId                  : f553829b-6d84-481b-86a9-42db57c1dc73
AzureADOnlyAuthentication : True

This command creates a version 12 Azure SQL Database server with external administrator properties and Microsoft Entra-only authentication enabled.

Example 3: Create a new Azure SQL Database server with TDE CMK

New-AzSqlServer -ResourceGroupName "ResourceGroup01" -Location "East US" -ServerName "server01" -ServerVersion "12.0" -SqlAdministratorCredentials (Get-Credential) -AssignIdentity -IdentityType "UserAssigned" -PrimaryUserAssignedIdentityId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourcegroup01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity01" -UserAssignedIdentityId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourcegroup01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity01" -KeyId "https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901"

ResourceGroupName        : resourcegroup01
ServerName               : server01
Location                 : East US
SqlAdministratorLogin    : adminLogin
SqlAdministratorPassword :
ServerVersion            : 12.0
Tags                     :
Identity                 : Microsoft.Azure.Management.Sql.Models.ResourceIdentity
KeyId                    : https://contoso.vault.azure.net/keys/contosokey/01234567890123456789012345678901
PrimaryUserAssignedIdentityId : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourcegroup01/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity01

This command creates a version 12 Azure SQL Database server with TDE CMK enabled.

Parameters

-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-AssignIdentity

Generate and assign a Microsoft Entra identity for this server for use with key management services like Azure KeyVault.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EnableActiveDirectoryOnlyAuthentication

Enable Active Directory Only Authentication on the server.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExternalAdminName

Specifies the display name of the user, group or application which is the Microsoft Entra administrator for the server. This display name must exist in the active directory associated with the current subscription.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ExternalAdminSID

Specifies the object ID of the user, group or application which is the Microsoft Entra administrator.

Type:Nullable<T>[Guid]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FederatedClientId

Specifies the Federated client ID of the server when using Cross-Tenant CMK, Do not set this value if you do not intent to use Cross-Tenant CMK

Type:Nullable<T>[Guid]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-IdentityType

Type of identity to be assigned to the server. Possible values are SystemAsssigned, UserAssigned, 'SystemAssigned,UserAssigned' and None.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyId

The Azure Key Vault URI that is used for encryption.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Location

Specifies the location of the data center where this cmdlet creates the server.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-MinimalTlsVersion

The minimal TLS version to enforce for Sql Server

Type:String
Accepted values:None, 1.0, 1.1, 1.2
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PrimaryUserAssignedIdentityId

The primary User Managed Identity(UMI) id.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PublicNetworkAccess

Takes a flag, enabled/disabled, to specify whether public network access to server is allowed or not. When disabled, only connections made through Private Links can reach this server.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of the resource group to which this cmdlet assigns the server.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RestrictOutboundNetworkAccess

When enabled, only outbound connections allowed by the outbound firewall rules will succeed.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ServerName

Specifies the name of the new server.

Type:String
Aliases:Name
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ServerVersion

Specifies the version of the new server. The acceptable values for this parameter are: 2.0 and 12.0. Specify 2.0 to create a version 11 server, or 12.0 to create a version 12 server.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SqlAdministratorCredentials

Specifies the SQL Database server administrator credentials for the new server. To obtain a PSCredential object, use the Get-Credential cmdlet. For more information, type Get-Help Get-Credential.

Type:PSCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Tags

Key-value pairs in the form of a hash table. For example: @{key0="value0";key1=$null;key2="value2"}

Type:Hashtable
Aliases:Tag
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UserAssignedIdentityId

The list of user assigned identities.

Type:List<T>[String]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Outputs

AzureSqlServerModel