英文:
What happens when my Azure subscription is assigned to a different AAD?
问题
我有一个与我的AAD目录(AAD 'Dev')关联的Azure订阅,并且我有与该目录关联的资源。然而,我有一个单独的AAD测试租户(让我们称之为AAD 'Test'),某些Visual Studio Teams SDK模板假定'Test'目录和'Dev'资源目录是相同的,或者与Test目录关联有一个订阅。在我的情况下,这不是这样的。
我理解AAD和Azure订阅之间的关系是1-M或1-1的关系,但不支持M-1。这意味着我不能将同一个订阅用于两个AAD。
如果我将订阅分配给测试租户(Test),那么在'Dev'目录中运行的资源会发生什么情况?它们会被中断吗?任何建议都将不胜感激。
英文:
I have an Azure Subscription linked to my AAD directory (AAD 'Dev'), and I have resources associated with this directory. However, I have a separate AAD test tenant (let's call it AAD 'Test') which some Visual Studio Teams SDK templates assume that the 'Test' directory and the 'Dev' resource directory are the same, or there is a subscription associated with the Test directory. In my case, it is not.
My understanding is that the relation between AAD and Azure Subscription is a 1-M or 1-1 relationship, but M-1 is not supported. This means I cannot use the same subscription for two AADs.
If I assign the subscription to the test tenant (Test), what will happen to the resources running in the 'Dev' directory? Will they be interrupted? Any suggestions are appreciated.
答案1
得分: 1
我同意你的观点,Azure 订阅和 AAD 之间存在一对多或一对一的连接,不支持多对一,这意味着可以将多个 AAD 目录链接到单个 Azure 订阅,但只能将一个 AAD 目录链接到单个 Azure 订阅。
在我的环境中,我创建了两个 Azure AD 租户,如下所示:
当我检查时,订阅仅链接到一个目录:
另一个 AAD 目录没有链接到任何订阅:
如果我将订阅分配给测试租户(Test),那么运行在“Dev”目录中的资源会发生什么?它们会中断吗?
不,Dev 目录中的资源不会自动中断或受到影响,但你将无法再访问这些资源。
- 如果你在链接到 AAD 目录 "Dev" 的 Azure 订阅中部署虚拟机,你将能够从 "Dev" AAD 目录访问该虚拟机。
- 但如果你将该 Azure 订阅分配给名为 "Test" 的新 AAD 目录,你将无法再从 "Dev" AAD 目录访问该虚拟机。
- 在将虚拟机部署到 "Test" AAD 目录之前,你必须首先在 "Test" AAD 目录中创建一个新的资源组,以便从 "Test" AAD 目录访问虚拟机。
你可以参考下面的 MsDoc 以了解更多详细信息:
英文:
I agree with you, Azure Subscription and AAD have a 1-M or 1-1 connection, and M-1 is not supported which means several AAD directories can be linked to a single Azure subscription, but only one AAD directory can be linked to a single Azure subscription.
In my environment, I created two Azure AD Tenants like below:
When I checked, the subscription is only linked to one directory:
The other AAD Directory doesn't have any subscription linked:
> If I assign the subscription to the test tenant (Test), what will happen to the resources running in the 'Dev' directory? Will they be interrupted?
No, the resources in the Dev directory will not be interrupted or affected automatically but you won't be able to access the resources anymore.
- If you deploy a virtual machine in an Azure subscription that is linked to the AAD directory "Dev," you will be able to access that virtual machine from the "Dev" AAD directory.
- But if you assign that Azure subscription to a new AAD directory called "Test," you won't be able to access that virtual machine from the "Dev" AAD directory anymore.
- You must first create a new resource group in the "Test" AAD directory before deploying the virtual machine to that group in order to access the virtual machine from the "Test" AAD directory.
You can refer the below MsDoc to know more in detail about the impacts:
Transfer an Azure subscription to a different Azure AD directory
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论