Merge pull request #37121 from MicrosoftDocs/main

Auto Publish – main to live - 2026-04-22 22:30 UTC

Author: learn-build-service-prod[bot]

.openpublishing.redirection.json

@@ -53937,17 +53937,17 @@
     },
     {
       "source_path": "docs/connect/odbc/connecting-with-bcp.md",
-      "redirect_url": "/sql/tools/bcp-utility",
+      "redirect_url": "/sql/tools/bcp/bcp-utility",
       "redirect_document_id": false
     },
     {
       "source_path": "docs/connect/odbc/linux/connecting-with-bcp.md",
-      "redirect_url": "/sql/tools/bcp-utility",
+      "redirect_url": "/sql/tools/bcp/bcp-utility",
       "redirect_document_id": false
     },
     {
       "source_path": "docs/connect/odbc/linux-mac/connecting-with-bcp.md",
-      "redirect_url": "/sql/tools/bcp-utility",
+      "redirect_url": "/sql/tools/bcp/bcp-utility",
       "redirect_document_id": false
     },
     {
@@ -67630,6 +67630,11 @@
       "redirect_url": "/sql/tools/sqlcmd/sqlcmd-utility",
       "redirect_document_id": true
     },
+    {
+      "source_path": "docs/tools/bcp-utility.md",
+      "redirect_url": "/sql/tools/bcp/bcp-utility",
+      "redirect_document_id": true
+    },
     {
       "source_path": "docs/ssms/scripting/edit-sqlcmd-scripts-with-query-editor.md",
       "redirect_url": "/sql/tools/sqlcmd/edit-sqlcmd-scripts-query-editor",

docs/relational-databases/sql-server-transaction-locking-and-row-versioning-guide.md

@@ -676,7 +676,7 @@ Specifies manual seeding. This method requires you to create a backup of the dat
 Modifies any of the availability group settings of a distributed availability group. The list of availability groups to modify contains the availability group name and a `WITH (...)` clause for each availability group.
 
 > [!IMPORTANT]  
-> You must run this command on both the primary availability group and secondary availability group instances.
+> You must run this command on both the primary availability group and secondary availability group instances as `sysadmin`. 
 
 #### GRANT CREATE ANY DATABASE
 

docs/t-sql/statements/alter-availability-group-transact-sql.md

@@ -4835,7 +4835,7 @@ items:
   - name: SQL Server Integration Services (SSIS) >
     href: ./integration-services/sql-server-integration-services.md
   - name: Bulk Copy Utility (bcp)
-    href: tools/bcp-utility.md
+    href: tools/bcp/bcp-utility.md
   - name: Big data options on the Microsoft SQL Server platform
     href: big-data-cluster/big-data-options.md
   - name: Azure Migration Services >
@@ -8455,9 +8455,19 @@ items:
         href: tools/configuration-manager/viewing-the-sql-server-error-log.md
       - name: Viewing the Windows Application Log
         href: tools/configuration-manager/viewing-the-windows-application-log.md
+  - name: BCP (bulk copy utility)
+    items:
+    - name: Overview
+      href: tools/bcp/bcp-utility.md
+    - name: Download and install
+      href: tools/bcp/bcp-download-install.md
+    - name: Authenticate bcp with Microsoft Entra ID
+      href: tools/bcp/bcp-authentication.md
+    - name: Use the utility
+      href: tools/bcp/bcp-use-utility.md
   - name: SQLCMD
     items:
-    - name: sqlcmd overview
+    - name: Overview
       href: tools/sqlcmd/sqlcmd-utility.md
     - name: Check installed version
       href: tools/sqlcmd/sqlcmd-installed-version.md

docs/toc.yml

@@ -0,0 +1,217 @@
+---
+title: Authenticate with Microsoft Entra ID in bcp
+description: Use Microsoft Entra ID to authenticate the bulk copy program (bcp) utility against Azure SQL, Microsoft Fabric SQL database, or SQL Server 2022 and later versions.
+author: rwestMSFT
+ms.author: randolphwest
+ms.reviewer: davidengel
+ms.date: 04/19/2026
+ms.service: sql
+ms.subservice: tools-other
+ms.topic: how-to
+ms.collection:
+  - data-tools
+ms.custom:
+  - linux-related-content
+  - peer-review-program
+helpviewer_keywords:
+  - "bcp utility [SQL Server], authentication"
+  - "bcp utility [SQL Server], Microsoft Entra ID"
+  - "Microsoft Entra ID, bcp"
+  - "managed identity, bcp"
+monikerRange: ">=azuresqldb-current || =azure-sqldw-latest || >=sql-server-2016 || >=sql-server-linux-2017 || =fabric-sqldb"
+---
+# Authenticate with Microsoft Entra ID in bcp
+
+[!INCLUDE [SQL Server Azure SQL Database Synapse Analytics FabricSQLDB](../../includes/applies-to-version/sql-asdb-asdbmi-asa-fabricsqldb.md)]
+
+The [bulk copy program utility (bcp)](bcp-utility.md) supports several Microsoft Entra ID authentication models when you connect to Azure SQL Database, Azure SQL Managed Instance, [!INCLUDE [fabric-sqldb](../../includes/fabric-sqldb.md)], Azure Synapse Analytics, or [!INCLUDE [sssql22-md](../../includes/sssql22-md.md)] and later versions.
+
+To check whether your installed **bcp** supports Microsoft Entra authentication, run `bcp --help` and verify that `-G` appears in the list of available arguments.
+
+## Platform restrictions
+
+Not all authentication modes are available on every platform:
+
+- Microsoft Entra interactive authentication is supported on Windows only.
+
+- Microsoft Entra integrated authentication on Linux and macOS requires [Microsoft ODBC Driver 18 for SQL Server](../../connect/odbc/download-odbc-driver-for-sql-server.md) (driver 17.6.1 or later if you can't move to driver 18) and a [properly configured Kerberos environment](../../connect/odbc/linux-mac/using-integrated-authentication.md#configure-kerberos).
+
+- Authentication with an access token file (`-P <token_file>`) is supported on Linux and macOS only.
+
+## Microsoft Entra username and password
+
+Provide `-G` together with `-U` (username) and `-P` (password).
+
+The following example exports table `bcptest` from database `testdb` on `contoso.database.windows.net` to file `c:\last\data1.dat`. Replace `<password>` with a valid password.
+
+```console
+bcp bcptest out "c:\last\data1.dat" -c -S contoso.database.windows.net -d testdb -G -U alice@contoso.onmicrosoft.com -P <password>
+```
+
+The following example imports the same data:
+
+```console
+bcp bcptest in "c:\last\data1.dat" -c -S contoso.database.windows.net -d testdb -G -U alice@contoso.onmicrosoft.com -P <password>
+```
+
+## Microsoft Entra integrated
+
+Provide `-G` without `-U` or `-P`. The current Windows account (or Kerberos identity on Linux/macOS) must be federated with Microsoft Entra ID. In the following examples, replace `<server>` with your server name.
+
+Export:
+
+```console
+bcp bcptest out "c:\last\data2.dat" -S <server>.database.windows.net -d testdb -G -c
+```
+
+Import:
+
+```console
+bcp bcptest in "c:\last\data2.dat" -S <server>.database.windows.net -d testdb -G -c
+```
+
+## Microsoft Entra Managed Service Identity
+
+Authenticate as either a system-assigned or user-assigned managed identity through a configured DSN. The same approach works for both `bcp in` and `bcp out`.
+
+> [!IMPORTANT]  
+> **bcp** is tightly coupled to its driver. The major version of **bcp** must match the major version of the driver the DSN is created with. To determine your **bcp** version, run `bcp -v`.
+
+### [Windows](#tab/windows)
+
+Configure a DSN through the **ODBC Data Source Administrator**:
+
+1. Press the Windows key on your keyboard.
+1. Type `ODBC` and select the appropriate version of the **ODBC Data Source Administrator**.
+1. Select either the **User DSN** or **System DSN** tab.
+1. Select **Add** and follow the prompts.
+1. When asked for an authentication type, select **Azure Managed Service Identity authentication**.
+1. For a User Assigned Managed Identity, paste the `Object (principal) ID` of the identity into the **Login ID** box on the authentication tab.
+1. Continue following the prompts to finish configuring the DSN.
+
+For a full walkthrough including screenshots, see [Creating and editing DSNs in the UI](../../connect/odbc/using-azure-active-directory.md#creating-and-editing-dsns-in-the-ui).
+
+Use the `-D` flag to indicate that the value passed to `-S` is a DSN. The `-D` and `-S` switches can appear in any order on the command line.
+
+```console
+bcp bcptest out "c:\last\data1.dat" -c -D -S myDSN -d testdb
+```
+
+### [Linux and macOS](#tab/linux)
+
+Edit the user `.odbc.ini` file (typically at `~/.odbc.ini`). Run `odbcinst -j` to confirm the DSN file location.
+
+```bash
+vi /home/<user>/.odbc.ini
+```
+
+Add an entry like the following. Omit the `LastUser` line for a system-assigned managed identity. Replace `<server>` and `<object_id_of_user_assigned_managed_identity>` with values for your environment.
+
+```ini
+[myDSN]
+Driver = ODBC Driver 18 for SQL Server
+Server = <server>.database.windows.net
+Database = testdb
+Encrypt = yes
+LastUser = <object_id_of_user_assigned_managed_identity>
+Authentication = ActiveDirectoryMSI
+```
+
+Use the `-D` flag to indicate that the value passed to `-S` is a DSN. The `-D` and `-S` switches can appear in any order on the command line.
+
+```bash
+bcp bcptest out data1.dat -c -D -S myDSN -d testdb
+```
+
+---
+
+## Microsoft Entra ID access token
+
+**Applies to**: Linux and macOS only. Windows isn't supported.
+
+**bcp** 17.8 and later versions on Linux and macOS can authenticate with an access token. The following examples use the [Azure CLI](/cli/azure/install-azure-cli-linux) to retrieve the token and write it to a secure temporary file.
+
+> [!IMPORTANT]
+> The token file must be UTF-16LE without a BOM. Restrict file permissions and delete the file when it's no longer needed, as shown in the following examples.
+
+### System-assigned managed identity
+
+Replace `<server>` with your server name.
+
+1. Sign in with your managed identity:
+
+   ```bash
+   az login --identity
+   ```
+
+1. Retrieve the token, write it to a secure temporary file, and run **bcp**:
+
+   ```bash
+   # Create a secure temporary file for the token
+   tokenFile=$(mktemp)
+   chmod 600 "$tokenFile"
+
+   # Retrieve the access token and write it as UTF-16LE without BOM
+   az account get-access-token --resource https://database.windows.net --output tsv | cut -f 1 | tr -d '\n' | iconv -f ascii -t UTF-16LE > "$tokenFile"
+
+   # Run bcp with the token file
+   bcp bcptest out data2.dat -S <server>.database.windows.net -d testdb -G -P "$tokenFile" -c
+
+   # Clean up token file
+   rm -f "$tokenFile"
+   ```
+
+### User-assigned managed identity
+
+1. Sign in with your user-assigned managed identity. Replace `<client_id>` with a valid value for your environment.
+
+   ```bash
+   az login --identity --username <client_id>
+   ```
+
+1. Retrieve the token, write it to a secure temporary file, and run **bcp**. Replace `<server>` with a valid value for your environment.
+
+   ```bash
+   # Create a secure temporary file for the token
+   tokenFile=$(mktemp)
+   chmod 600 "$tokenFile"
+
+   # Retrieve the access token and write it as UTF-16LE without BOM
+   az account get-access-token --resource https://database.windows.net --output tsv | cut -f 1 | tr -d '\n' | iconv -f ascii -t UTF-16LE > "$tokenFile"
+
+   # Run bcp with the token file
+   bcp bcptest out data2.dat -S <server>.database.windows.net -d testdb -G -P "$tokenFile" -c
+
+   # Clean up token file
+   rm -f "$tokenFile"
+   ```
+
+## Microsoft Entra interactive
+
+**Applies to**: Windows only. Linux and macOS aren't supported.
+
+Microsoft Entra interactive authentication uses a dialog to authenticate, and supports multifactor authentication (MFA). Interactive authentication requires **bcp** [version 15.0.1000.34](bcp-download-install.md#download-the-latest-version) or later, and [ODBC Driver 18 for SQL Server](../../connect/odbc/download-odbc-driver-for-sql-server.md) (or driver 17.2 or later).
+
+Provide `-G` with `-U` (username) only. Don't include `-P`. **bcp** prompts for the password (or for accounts with MFA enabled, completes the configured MFA flow).
+
+```console
+bcp bcptest out "c:\last\data1.dat" -c -S contoso.database.windows.net -d testdb -G -U alice@contoso.onmicrosoft.com
+```
+
+For a Microsoft Entra user that's a Windows account from a federated domain, include the domain in the username (for example, `joe@contoso.com`):
+
+```console
+bcp bcptest out "c:\last\data1.dat" -c -S contoso.database.windows.net -d testdb -G -U joe@contoso.com
+```
+
+If guest users in a Microsoft Entra tenant are part of a group that has database permissions in [!INCLUDE [ssazure-sqldb](../../includes/ssazure-sqldb.md)], use the guest user alias (for example, `keith0@adventure-works.com`).
+
+## Related content
+
+- [bcp utility](bcp-utility.md)
+- [Download and install the bcp utility](bcp-download-install.md)
+- [How to use the bcp utility](bcp-use-utility.md)
+- [Microsoft Entra authentication for Azure SQL](/azure/azure-sql/database/authentication-aad-overview)
+- [Authentication in SQL database in Microsoft Fabric](/fabric/database/sql/authentication)
+
+[!INCLUDE [get-help-options](../../includes/paragraph-content/get-help-options.md)]

docs/tools/bcp-utility.md

@@ -0,0 +1,87 @@
+---
+title: Download and Install the bcp Utility
+description: Learn how to download and install the bulk copy program (bcp) utility on Windows, Linux, and macOS.
+author: rwestMSFT
+ms.author: randolphwest
+ms.reviewer: davidengel
+ms.date: 04/19/2026
+ms.service: sql
+ms.subservice: tools-other
+ms.topic: how-to
+ms.collection:
+  - data-tools
+ms.custom:
+  - linux-related-content
+  - peer-review-program
+helpviewer_keywords:
+  - "bcp utility [SQL Server], download"
+  - "bcp utility [SQL Server], install"
+  - "command prompt utilities [SQL Server], bcp"
+  - "Microsoft Command Line Utilities for SQL Server"
+monikerRange: ">=aps-pdw-2016 || =azuresqldb-current || =azure-sqldw-latest || >=sql-server-2016 || >=sql-server-linux-2017 || =fabric-sqldb"
+---
+# Download and install the bcp utility
+
+[!INCLUDE [SQL Server Azure SQL Database Synapse Analytics PDW FabricSQLDB](../../includes/applies-to-version/sql-asdb-asdbmi-asa-pdw-fabricsqldb.md)]
+
+The [bulk copy program utility (bcp)](bcp-utility.md) bulk copies data between an instance of [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] and a data file in a user-specified format.
+
+For detailed information about using **bcp** with Azure Synapse Analytics, see [Load data with bcp](/azure/sql-data-warehouse/sql-data-warehouse-load-with-bcp).
+
+## Identify installed version
+
+To determine the installed version of **bcp**, run the following command:
+
+```console
+bcp -v
+```
+
+If multiple versions of **bcp** are installed on Windows, the `PATH` environment variable determines which one runs. To list every copy of `bcp.exe` on the search path, use the following command:
+
+```console
+where bcp.exe
+```
+
+For information about how to set the command path in the `PATH` environment variable, see [Environment variables](/windows/win32/shell/user-environment-variables).
+
+## bcp versioning
+
+The **bcp** utility is versioned independently of the [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] release it ships with:
+
+| **bcp** major version | Distribution |
+| --- | --- |
+| 18 | Ships with [!INCLUDE [sssql25-md](../../includes/sssql25-md.md)]. Adds `-Y` (TLS encryption mode) and `-u` (trust server certificate) switches. |
+| 15 | Distributed as Microsoft Command Line Utilities 15 for SQL Server, and bundled with [!INCLUDE [sssql19-md](../../includes/sssql19-md.md)] and [!INCLUDE [sssql22-md](../../includes/sssql22-md.md)] tools. |
+
+## Download the latest version
+
+The following instructions are for **bcp** running on Windows. For instructions on installing **bcp** on Linux and macOS, as well as system requirements, see [Install the sqlcmd and bcp SQL Server command-line tools on Linux](../../linux/sql-server-linux-setup-tools.md).
+
+| Package | Platform |
+| --- | --- |
+| Microsoft Command Line Utilities 15 for SQL Server | [x64](https://go.microsoft.com/fwlink/?linkid=2230791) [x86](https://go.microsoft.com/fwlink/?linkid=2231320) |
+
+The Microsoft Command Line Utilities package contains both **bcp** and **sqlcmd** (ODBC). It also installs (or requires) the [Microsoft ODBC Driver for SQL Server](../../connect/odbc/download-odbc-driver-for-sql-server.md).
+
+> [!NOTE]  
+> The standalone **bcp** download might not have the same release and build number as the **bcp** that ships with the latest [!INCLUDE [ssNoVersion](../../includes/ssnoversion-md.md)] cumulative update (CU). This behavior is expected. The standalone download still contains all fixes included in the latest CU.
+
+## System requirements
+
+The following system requirements are for **bcp** running on Windows.
+
+- Windows 10 and later versions
+- Windows Server 2016 and later versions
+- [Microsoft ODBC Driver for SQL Server](../../connect/odbc/download-odbc-driver-for-sql-server.md) (driver 18 is recommended)
+
+## Related content
+
+- [bcp utility](bcp-utility.md)
+- [How to use the bcp utility](bcp-use-utility.md)
+- [Authenticate with Microsoft Entra ID in bcp](bcp-authentication.md)
+- [Prepare data for bulk export or import](../../relational-databases/import-export/prepare-data-for-bulk-export-or-import-sql-server.md)
+- [BULK INSERT (Transact-SQL)](../../t-sql/statements/bulk-insert-transact-sql.md)
+- [OPENROWSET (Transact-SQL)](../../t-sql/functions/openrowset-transact-sql.md)
+- [Format files to import or export data (SQL Server)](../../relational-databases/import-export/format-files-for-importing-or-exporting-data-sql-server.md)
+
+[!INCLUDE [get-help-options](../../includes/paragraph-content/get-help-options.md)]