| title | description | keywords | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.custom | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Powershell: Get started with Azure SQL Database | Microsoft Docs |
Learn how to create a SQL Database logical server, server-level firewall rule, and databases using PowerShell. You also learn to query databases using PowerShell. |
create new sql database,database setup |
sql-database |
stevestein |
jhubbard |
cgronlun |
7d99869b-cec5-4583-8c1c-4c663f4afd4d |
sql-database |
single databases |
NA |
hero-article |
powershell |
data-management |
12/09/2016 |
sstein |
In this getting-started tutorial, you learn how to use PowerShell to:
- Create a new Azure resource group
- Create an Azure SQL logical server
- View Azure SQL server properties
- Create a server-level firewall rule
- Create the AdventureWorksLT sample database as a single database
- View AdventureWorksLT sample database properties
- Create a blank single database
In this tutorial, you also:
- Connect to the logical server and its master database
- View master database properties
- Connect to the sample database
- View user database properties
When you finish this tutorial, you will have a sample database and a blank database running in an Azure resource group and attached to a logical server. You will also have a server-level firewall rule configured to enable the server-level principal to log in to the server from a specified IP address (or IP address range).
Time estimate: This tutorial will take you approximately 30 minutes (assuming you already meet the prerequisites).
Tip
You can perform these same tasks in a getting started tutorial by using the Azure portal.
-
You need an Azure account. You can open a free Azure account or Activate Visual Studio subscriber benefits.
-
You must be signed in using an account that is a member of either the subscription owner or contributor role. For more information on role-based access control (RBAC), see Getting started with access management in the Azure portal.
-
You need the AdventureWorksLT sample database .bacpac file in Azure blob storage
This tutorial creates a new AdventureWorksLT database by importing a .bacpac file from Azure Storage. The first step is to get a copy of the AdventureWorksLT.bacpac, and upload it to blob storage. The following steps get the sample database ready to import:
- Download the AdventureWorksLT.bacpac and save it with a .bacpac file extension.
- Create a storage account - you can create the storage account with the default settings.
- Create a new Container by browsing to the storage account, select Blobs, and then click +Container.
- Upload the .bacpac file to the blob container in your storage account. You can use the Upload button at the top of the container page, or use AzCopy.
- After saving the AdventureWorksLT.bacpac, you need the URL and storage account key for the import code snippet later in this tutorial.
- Select your bacpac file and copy the URL. It will be similar to https://{storage-account-name}.blob.core.windows.net/{container-name}/AdventureWorksLT.bacpac. On the storage account page, click Access keys, and copy key1.
[!INCLUDE Start your PowerShell session]
You need a resource group to contain the server, so the first step is to either create a new resource group and server (New-AzureRmResourceGroup, New-AzureRmSqlServer), or get references to existing ones (Get-AzureRmResourceGroup, Get-AzureRmSqlServer). The following snippets will create a resource group and Azure SQL server if they don't already exist:
For a list of valid Azure locations and string format, see Helper snippets section below.
# Create new, or get existing resource group
############################################
$resourceGroupName = "{resource-group-name}"
$resourceGroupLocation = "{resource-group-location}"
$myResourceGroup = Get-AzureRmResourceGroup -Name $resourceGroupName -ea SilentlyContinue
if(!$myResourceGroup)
{
Write-Output "Creating resource group: $resourceGroupName"
$myResourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $resourceGroupLocation
}
else
{
Write-Output "Resource group $resourceGroupName already exists:"
}
$myResourceGroup
# Create a new, or get existing server
######################################
$serverName = "{server-name}"
$serverVersion = "12.0"
$serverLocation = $resourceGroupLocation
$serverResourceGroupName = $resourceGroupName
$serverAdmin = "{server-admin}"
$serverAdminPassword = "{server-admin-password}"
$securePassword = ConvertTo-SecureString -String $serverAdminPassword -AsPlainText -Force
$serverCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $serverAdmin, $securePassword
$myServer = Get-AzureRmSqlServer -ServerName $serverName -ResourceGroupName $serverResourceGroupName -ea SilentlyContinue
if(!$myServer)
{
Write-Output "Creating SQL server: $serverName"
$myServer = New-AzureRmSqlServer -ResourceGroupName $serverResourceGroupName -ServerName $serverName -Location $serverLocation -ServerVersion $serverVersion -SqlAdministratorCredentials $serverCreds
}
else
{
Write-Output "SQL server $serverName already exists:"
}
$myServer
#$serverResourceGroupName = "{resource-group-name}"
#$serverName = "{server-name}"
$myServer = Get-AzureRmSqlServer -ServerName $serverName -ResourceGroupName $serverResourceGroupName
Write-Host "Server name: " $myServer.ServerName
Write-Host "Fully qualified server name: $serverName.database.windows.net"
Write-Host "Server location: " $myServer.Location
Write-Host "Server version: " $myServer.ServerVersion
Write-Host "Server administrator login: " $myServer.SqlAdministratorLogin
You need to know your public IP address to set the firewall rule. You can get your IP address by using a browser of your choice (ask "what is my IP address). For details, see firewall rules.
The following uses the Get-AzureRmSqlServerFirewallRule, and New-AzureRmSqlServerFirewallRule cmdlets to get a reference or create a new rule. For this snippet, if the rule already exists, it only gets a reference to it and doesn't update the start and end IP addresses. You can always modify the else clause to use the Set-AzureRmSqlServerFirewallRule for create or update functionality.
Note
You can open the SQL Database firewall on the server to a single IP address or an entire range of addresses. Opening the firewall enables SQL administrators and users to login to any database on the server to which they have valid credentials.
#$serverName = "{server-name}"
#$serverResourceGroupName = "{resource-group-name}"
$serverFirewallRuleName = "{server-firewall-rule-name}"
$serverFirewallStartIp = "{server-firewall-rule-startIp}"
$serverFirewallEndIp = "{server-firewall-rule-endIp}"
$myFirewallRule = Get-AzureRmSqlServerFirewallRule -FirewallRuleName $serverFirewallRuleName -ServerName $serverName -ResourceGroupName $serverResourceGroupName -ea SilentlyContinue
if(!$myFirewallRule)
{
Write-host "Creating server firewall rule: $serverFirewallRuleName"
$myFirewallRule = New-AzureRmSqlServerFirewallRule -ResourceGroupName $serverResourceGroupName -ServerName $serverName -FirewallRuleName $serverFirewallRuleName -StartIpAddress $serverFirewallStartIp -EndIpAddress $serverFirewallEndIp
}
else
{
Write-host "Server firewall rule $serverFirewallRuleName already exists:"
}
$myFirewallRule
Lets run a quick query against the master database to verify we can connect to the server. The following snippet uses the .NET Framework Provider for SQL Server (System.Data.SqlClient) to connect and query the server's master database. It builds a connection string based on the variables we used in the previous snippets. Replace the placeholders with the SQL server admin and password you used to create the server in the previous steps.
#$serverName = "{server-name}"
#$serverAdmin = "{server-admin}"
#$serverAdminPassword = "{server-admin-password}"
$databaseName = "master"
$connectionString = "Server=tcp:" + $serverName + ".database.windows.net" + ",1433;Initial Catalog=" + $databaseName + ";Persist Security Info=False;User ID=$serverAdmin;Password=$serverAdminPassword" + ";MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$connection = New-Object System.Data.SqlClient.SqlConnection
$connection.ConnectionString = $connectionString
$connection.Open()
$command = New-Object System.Data.SQLClient.SQLCommand("select * from sys.objects", $connection)
$command.Connection = $connection
$reader = $command.ExecuteReader()
$sysObjects = ""
while ($reader.Read()) {
$sysObjects += $reader["name"] + "`n"
}
$sysObjects
$connection.Close()
The following snippet imports a bacpac of the AdventureWorksLT sample database using the New-AzureRmSqlDatabaseImport cmdlet. The bacpac is located in Azure blob storage. After running the import cmdlet, you can monitor the progress of the import operation using the Get-AzureRmSqlDatabaseImportExportStatus cmdlet. The $storageUri is the URL property of the bacpac file you uploaded to the portal earlier, and should be similar to: https://{storage-account}.blob.core.windows.net/{container}/AdventureWorksLT.bacpac
#$resourceGroupName = "{resource-group-name}"
#$serverName = "{server-name}"
$databaseName = "AdventureWorksLT"
$databaseEdition = "Basic"
$databaseServiceLevel = "Basic"
$storageKeyType = "StorageAccessKey"
$storageUri = "{storage-uri}" # URL of bacpac file you uploaded to your storage account
$storageKey = "{storage-key}" # key1 in the Access keys setting of your storage account
$importRequest = New-AzureRmSqlDatabaseImport -ResourceGroupName $resourceGroupName -ServerName $serverName -DatabaseName $databaseName -StorageKeytype $storageKeyType -StorageKey $storageKey -StorageUri $storageUri -AdministratorLogin $serverAdmin -AdministratorLoginPassword $securePassword -Edition $databaseEdition -ServiceObjectiveName $databaseServiceLevel -DatabaseMaxSizeBytes 5000000
Do {
$importStatus = Get-AzureRmSqlDatabaseImportExportStatus -OperationStatusLink $importRequest.OperationStatusLink
Write-host "Importing database..." $importStatus.StatusMessage
Start-Sleep -Seconds 30
$importStatus.Status
}
until ($importStatus.Status -eq "Succeeded")
$importStatus
After creating the database, view some of it's properties.
#$resourceGroupName = "{resource-group-name}"
#$serverName = "{server-name}"
#$databaseName = "{database-name}"
$myDatabase = Get-AzureRmSqlDatabase -ResourceGroupName $resourceGroupName -ServerName $serverName -DatabaseName $databaseName
Write-Host "Database name: " $myDatabase.DatabaseName
Write-Host "Server name: " $myDatabase.ServerName
Write-Host "Creation date: " $myDatabase.CreationDate
Write-Host "Database edition: " $myDatabase.Edition
Write-Host "Database performance level: " $myDatabase.CurrentServiceObjectiveName
Write-Host "Database status: " $myDatabase.Status
Lets run a quick query against the AdventureWorksLT database to verify we can connect. The following snippet uses the .NET Framework Provider for SQL Server (System.Data.SqlClient) to connect and query the database. It builds a connection string based on the variables we used in the previous snippets. Replace the placeholder with the SQL server admin password.
#$serverName = {server-name}
#$serverAdmin = "{server-admin}"
#$serverAdminPassword = "{server-admin-password}"
#$databaseName = {database-name}
$connectionString = "Server=tcp:" + $serverName + ".database.windows.net" + ",1433;Initial Catalog=" + $databaseName + ";Persist Security Info=False;User ID=$serverAdmin;Password=$serverAdminPassword" + ";MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$connection = New-Object System.Data.SqlClient.SqlConnection
$connection.ConnectionString = $connectionString
$connection.Open()
$command = New-Object System.Data.SQLClient.SQLCommand("select * from sys.objects", $connection)
$command.Connection = $connection
$reader = $command.ExecuteReader()
$sysObjects = ""
while ($reader.Read()) {
$sysObjects += $reader["name"] + "`n"
}
$sysObjects
$connection.Close()
#$resourceGroupName = {resource-group-name}
#$serverName = {server-name}
$blankDatabaseName = "blankdb"
$blankDatabaseEdition = "Basic"
$blankDatabaseServiceLevel = "Basic"
$myBlankDatabase = New-AzureRmSqlDatabase -DatabaseName $blankDatabaseName -ServerName $serverName -ResourceGroupName $resourceGroupName -Edition $blankDatabaseEdition -RequestedServiceObjectiveName $blankDatabaseServiceLevel
$myBlankDatabase
# Sign in to Azure and set the subscription to work with
########################################################
$SubscriptionId = "{subscription-id}"
Add-AzureRmAccount
Set-AzureRmContext -SubscriptionId $SubscriptionId
# User variables
################
$myResourceGroupName = "{resource-group-name}"
$myResourceGroupLocation = "{resource-group-location}"
$myServerName = "{server-name}"
$myServerVersion = "12.0"
$myServerLocation = $myResourceGroupLocation
$myServerResourceGroupName = $myResourceGroupName
$myServerAdmin = "{server-admin}"
$myServerAdminPassword = "{server-admin-password}"
$myServerFirewallRuleName = "{server-firewall-rule-name}"
$myServerFirewallStartIp = "{start-ip}"
$myServerFirewallEndIp = "{end-ip}"
$myDatabaseName = "AdventureWorksLT"
$myDatabaseEdition = "Basic"
$myDatabaseServiceLevel = "Basic"
$myStorageKeyType = "StorageAccessKey"
# Get these values from your Azure storage account:
$myStorageUri = "{http://your-storage-account.blob.core.windows.net/your-container/AdventureWorksLT.bacpac}"
$myStorageKey = "{your-storage-key}"
# Create new, or get existing resource group
############################################
$resourceGroupName = $myResourceGroupName
$resourceGroupLocation = $myResourceGroupLocation
$myResourceGroup = Get-AzureRmResourceGroup -Name $resourceGroupName -ea SilentlyContinue
if(!$myResourceGroup)
{
Write-host "Creating resource group: $resourceGroupName"
$myResourceGroup = New-AzureRmResourceGroup -Name $resourceGroupName -Location $resourceGroupLocation
}
else
{
Write-host "Resource group $resourceGroupName already exists:"
}
$myResourceGroup
# Create a new, or get existing server
######################################
$serverName = $myServerName
$serverVersion = $myServerVersion
$serverLocation = $myServerLocation
$serverResourceGroupName = $myServerResourceGroupName
$serverAdmin = $myServerAdmin
$serverAdminPassword = $myServerAdminPassword
$securePassword = ConvertTo-SecureString -String $serverAdminPassword -AsPlainText -Force
$serverCreds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $serverAdmin, $securePassword
$myServer = Get-AzureRmSqlServer -ServerName $serverName -ResourceGroupName $serverResourceGroupName -ea SilentlyContinue
if(!$myServer)
{
Write-host "Creating SQL server: $serverName"
$myServer = New-AzureRmSqlServer -ResourceGroupName $serverResourceGroupName -ServerName $serverName -Location $serverLocation -ServerVersion $serverVersion -SqlAdministratorCredentials $serverCreds
}
else
{
Write-host "SQL server $serverName already exists:"
}
$myServer
# View server properties
##########################
$resourceGroupName = $myResourceGroupName
$serverName = $myServerName
$myServer = Get-AzureRmSqlServer -ServerName $serverName -ResourceGroupName $serverResourceGroupName
Write-Host "Server name: " $myServer.ServerName
Write-Host "Fully qualified server name: $serverName.database.windows.net"
Write-Host "Server location: " $myServer.Location
Write-Host "Server version: " $myServer.ServerVersion
Write-Host "Server administrator login: " $myServer.SqlAdministratorLogin
# Create or update server firewall rule
#######################################
$serverFirewallRuleName = $myServerFirewallRuleName
$serverFirewallStartIp = $myServerFirewallStartIp
$serverFirewallEndIp = $myServerFirewallEndIp
$myFirewallRule = Get-AzureRmSqlServerFirewallRule -FirewallRuleName $serverFirewallRuleName -ServerName $serverName -ResourceGroupName $serverResourceGroupName -ea SilentlyContinue
if(!$myFirewallRule)
{
Write-host "Creating server firewall rule: $serverFirewallRuleName"
$myFirewallRule = New-AzureRmSqlServerFirewallRule -ResourceGroupName $serverResourceGroupName -ServerName $serverName -FirewallRuleName $serverFirewallRuleName -StartIpAddress $serverFirewallStartIp -EndIpAddress $serverFirewallEndIp
}
else
{
Write-host "Server firewall rule $serverFirewallRuleName already exists:"
}
$myFirewallRule
# Connect to the server and master database
###########################################
$databaseName = "master"
$connectionString = "Server=tcp:" + $serverName + ".database.windows.net" + ",1433;Initial Catalog=" + $databaseName + ";Persist Security Info=False;User ID=" + $myServer.SqlAdministratorLogin + ";Password=" + $myServerAdminPassword + ";MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$connection = New-Object System.Data.SqlClient.SqlConnection
$connection.ConnectionString = $connectionString
$connection.Open()
$command = New-Object System.Data.SQLClient.SQLCommand("select * from sys.objects", $connection)
$command.Connection = $connection
$reader = $command.ExecuteReader()
$sysObjects = ""
while ($reader.Read()) {
$sysObjects += $reader["name"] + "`n"
}
$sysObjects
$connection.Close()
# Create the AdventureWorksLT database from a bacpac
####################################################
$resourceGroupName = $myResourceGroupName
$serverName = $myServerName
$databaseName = $myDatabaseName
$databaseEdition = $myDatabaseEdition
$databaseServiceLevel = $myDatabaseServiceLevel
$storageKeyType = $myStorageKeyType
$storageUri = $myStorageUri
$storageKey = $myStorageKey
$importRequest = New-AzureRmSqlDatabaseImport -ResourceGroupName $resourceGroupName -ServerName $serverName -DatabaseName $databaseName -StorageKeytype $storageKeyType -StorageKey $storageKey -StorageUri $storageUri -AdministratorLogin $serverAdmin -AdministratorLoginPassword $securePassword -Edition $databaseEdition -ServiceObjectiveName $databaseServiceLevel -DatabaseMaxSizeBytes 5000000
Do {
$importStatus = Get-AzureRmSqlDatabaseImportExportStatus -OperationStatusLink $importRequest.OperationStatusLink
Write-host "Importing database..." $importStatus.StatusMessage
Start-Sleep -Seconds 30
$importStatus.Status
}
until ($importStatus.Status -eq "Succeeded")
$importStatus
# View database properties
##########################
$resourceGroupName = $myResourceGroupName
$serverName = $myServerName
$databaseName = $myDatabaseName
$myDatabase = Get-AzureRmSqlDatabase -ResourceGroupName $resourceGroupName -ServerName $serverName -DatabaseName $databaseName
Write-Host "Database name: " $myDatabase.DatabaseName
Write-Host "Server name: " $myDatabase.ServerName
Write-Host "Creation date: " $myDatabase.CreationDate
Write-Host "Database edition: " $myDatabase.Edition
Write-Host "Database performance level: " $myDatabase.CurrentServiceObjectiveName
Write-Host "Database status: " $myDatabase.Status
# Query the database
####################
$connectionString = "Server=tcp:" + $serverName + ".database.windows.net" + ",1433;Initial Catalog=" + $databaseName + ";Persist Security Info=False;User ID=" + $myServer.SqlAdministratorLogin + ";Password=" + $myServerAdminPassword + ";MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
$connection = New-Object System.Data.SqlClient.SqlConnection
$connection.ConnectionString = $connectionString
$connection.Open()
$command = New-Object System.Data.SQLClient.SQLCommand("select * from sys.objects", $connection)
$command.Connection = $connection
$reader = $command.ExecuteReader()
$sysObjects = ""
while ($reader.Read()) {
$sysObjects += $reader["name"] + "`n"
}
$sysObjects
$connection.Close()
# Create a blank database
#########################
$blankDatabaseName = "blankdb"
$blankDatabaseEdition = "Basic"
$blankDatabaseServiceLevel = "Basic"
$myBlankDatabase = New-AzureRmSqlDatabase -DatabaseName $blankDatabaseName -ServerName $serverName -ResourceGroupName $resourceGroupName -Edition $blankDatabaseEdition -RequestedServiceObjectiveName $blankDatabaseServiceLevel
$myBlankDatabase
Tip
You can save some money while you are learning by deleting databases that you are not using. For Basic edition databases, you can restore them within 7 days. However, do not delete a server. If you do so, you cannot recover the server or any of its deleted databases.
# Get a list of Azure regions where you can create SQL resources
$sqlRegions = (Get-AzureRmLocation | Where-Object { $_.Providers -eq "Microsoft.Sql" })
foreach ($region in $sqlRegions)
{
$region.Location
}
# Clean up
# Delete a resource group (and all contained resources)
Remove-AzureRmResourceGroup -Name {resource-group-name}
Tip
You can save some money while you are learning by deleting databases that you are not using. For Basic edition databases, you can restore them within seven days. However, do not delete the server. If you do so, you cannot recover the server or any of its deleted databases.
Now that you've completed this first getting started tutorial and created a database with some sample data, there are number of additional tutorials that you may wish to explore that build what you have learned in this tutorial.
- For a getting started with SQL Server authentication tutorial, see SQL authentication and authorization
- For a getting started with Azure Active Directory authentication tutorial, see Azure AD authentication and authorization
- If you want to query the sample database in the Azure portal, see Public preview: Interactive query experience for SQL databases
- If you know Excel, learn how to Connect to a SQL database in Azure with Excel.
- If you're ready to start coding, choose your programming language at Connection libraries for SQL Database and SQL Server.
- If you want to move your on-premises SQL Server databases to Azure, see Migrating a database to SQL Database.
- If you want to load some data into a new table from a CSV file by using the BCP command-line tool, see Loading data into SQL Database from a CSV file using BCP.
- If you want to start creating tables and other objects, see the "To create a table" topic in Creating a table.