Sunday, April 17, 2022

Create Azure SQL Server and DTU based SQL Database with TDE State Enabled using PowerShell script

Create Azure SQL Server and DTU based SQL Database with TDE State Enabled using PowerShell script

This article is focused on creating an Azure SQL Server to a newly created Resource Group and then creating a SQL Database of Basic Edition with DTU capacity with its TDE (Transparent Data Encryption) state as Enabled using PowerShell commands

This article is divided into following 5 sections.

  1. Connecting to Azure
  2. Creating a new Resource Group
  3. Creating SQL Server to the Resource Group created from the Step 3
  4. Creating Basic Edition SQL Database
  5. Checking if TDE State is already enabled, if not, setting the TDE State to Enabled

For running the PowerShell commands, make sure you have AzResources Module installed, if not then run the following command to Install it to your local system

PS Script: Install-Module -Name Az.Resources

Once the Module is installed, now it’s the time to follow the 5 steps mentioned above,

Below mentioned all the 5 steps in detail with the PowerShell scripts,

 

##Step 1 - Creating an Azure Connection with username and password

## Connection to Azure

Write-Host "Connecting to Azure"

Connect-AzAccount

 

## Connected to Azure

Write-Host "Connected to Azure"

 

## -------------------------------------------------------------------------------------------------------------------------------------------------

 

#Step2 - Creating New Resource Group, if you already have a resource group you can use the existing one

##Creating new Resource Group  at West Europe Location

$rg = New-AzResourceGroup -Name 'rg-sqlserverautomation' -Location "West Europe"

 

## -------------------------------------------------------------------------------------------------------------------------------------------------

 

##Step 3 - Provisioning Azure SQL Server in the Resource Group

## Creating the Azure SQL Server

$azSqlServer = New-AzSqlServer `

    -ServerName 'sqlshrushti123' `

    -ResourceGroupName $rg.ResourceGroupName `

    -Location $rg.Location `

    -SqlAdministratorCredentials (Get-Credential)

 

##Print Output - Azure SQL Server Name

Write-Host "Azure SQL Server $($azSqlServer.ServerName) in the $($rg.ResourceGroupName) is Created"

Write-Host $azSqlServer.ServerName

 

##-------------------------------------------------------------------------------------------------------------------------------------------------

 

##Step 4 - Creating Basic Edition SQL Database with DTU Capacity

##Create a Basic Edition DTU based SQL Database in newly provisioned SQL Server

$sqlDatabase = New-AzSqlDatabase -ResourceGroupName $rg.ResourceGroupName -ServerName $azSqlServer.ServerName -DatabaseName 'ShrushtiTestDatabase' -Edition 'Basic'

Write-Host "Azure SQL Server $($azSqlServer.ServerName) in the $($rg.ResourceGroupName) is Created"

 

Write-Host $sqlDatabase.DatabaseName

 

##-------------------------------------------------------------------------------------------------------------------------------------------------

 

## Print the DTU Capacity of the SQL Database

##Check the SQL Database Capacity

$fetchDatabase = Get-AzSqlDatabase -ResourceGroupName $rg.ResourceGroupName -ServerName $azSqlServer.ServerName

 

Write-Host "For Selected SQL Serve $($azSqlServer.ServerName) the DTU Capacity is  $($fetchDatabase.Capacity)"

 

##-------------------------------------------------------------------------------------------------------------------------------------------------

 

##Step 5 - Checking if TDE state is Enabled if not, then setting the TDE State as Enabled

##Check if the TDE State is already Enabled

$validateTDE = Get-AzSqlDatabaseTransparentDataEncryption -ServerName $azSqlServer.ServerName  -ResourceGroupName $rg.ResourceGroupName  -DatabaseName $fetchDatabase.DatabaseName -State "Enabled"

 

if ($validateTDE.State -eq "Enabled" ) {

    Write-Host "TDE State for SQL Database is already Enabled"

}

else {

    ## Set the Transparent Data Encryption as Enabled to SQL database

    $setTDEState = Set-AzSqlDatabaseTransparentDataEncryption -ResourceGroupName $rg.ResourceGroupName --ServerName $azSqlServer.ServerName -DatabaseName $fetchDatabase.DatabaseName -State "Enabled"

    Write-Host "TDE State for SQL Database is set to Enabled"

}

 

##-------------------------------------------------------------------------------------------------------------------------------------------------





Now, lets verify if the script has run perfectly or not by checking it

Navigate to https://portal.azure.com -> Resource Group -> Created Resource Group -> You will find the created SQL Server -> In the SQL Server -> SQL Database -> Transparent Data Encryption -> It should be set as Enabled

 

 

ShrushtiShah_1-1649001454709.png

Fig 1.1 – SQL Server Provisioned

 

ShrushtiShah_2-1649001454713.png

Fig 1.2 – SQL Database of Basic Edition provisioned In the SQL Server

 

ShrushtiShah_3-1649001454718.png

Fig 1.3 – TDE state is Enabled in the SQL Database

 

I hope this article seems useful for all the Azure enthusiasts on how they can provision SQL Server and SQL Database using PowerShell scripts.

Keep Learning!

Keep Sharing!

 

 

 

 

 

 

 

Posted at https://sl.advdat.com/3M5aUQkhttps://sl.advdat.com/3M5aUQk
Labels: ,