azure logo
Azure Classic v5.32.0, Jan 25 23

azure.domainservices.Service

Import

Domain Services can be imported using the resource ID, together with the Replica Set ID that you wish to designate as the initial replica set, e.g.

 $ pulumi import azure:domainservices/service:Service example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/initialReplicaSetId/00000000-0000-0000-0000-000000000000

Example Usage

using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;

return await Deployment.RunAsync(() => 
{
    var deployResourceGroup = new Azure.Core.ResourceGroup("deployResourceGroup", new()
    {
        Location = "West Europe",
    });

    var deployVirtualNetwork = new Azure.Network.VirtualNetwork("deployVirtualNetwork", new()
    {
        Location = deployResourceGroup.Location,
        ResourceGroupName = deployResourceGroup.Name,
        AddressSpaces = new[]
        {
            "10.0.1.0/16",
        },
    });

    var deploySubnet = new Azure.Network.Subnet("deploySubnet", new()
    {
        ResourceGroupName = deployResourceGroup.Name,
        VirtualNetworkName = deployVirtualNetwork.Name,
        AddressPrefixes = new[]
        {
            "10.0.1.0/24",
        },
    });

    var deployNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("deployNetworkSecurityGroup", new()
    {
        Location = deployResourceGroup.Location,
        ResourceGroupName = deployResourceGroup.Name,
        SecurityRules = new[]
        {
            new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
            {
                Name = "AllowSyncWithAzureAD",
                Priority = 101,
                Direction = "Inbound",
                Access = "Allow",
                Protocol = "Tcp",
                SourcePortRange = "*",
                DestinationPortRange = "443",
                SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
                DestinationAddressPrefix = "*",
            },
            new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
            {
                Name = "AllowRD",
                Priority = 201,
                Direction = "Inbound",
                Access = "Allow",
                Protocol = "Tcp",
                SourcePortRange = "*",
                DestinationPortRange = "3389",
                SourceAddressPrefix = "CorpNetSaw",
                DestinationAddressPrefix = "*",
            },
            new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
            {
                Name = "AllowPSRemoting",
                Priority = 301,
                Direction = "Inbound",
                Access = "Allow",
                Protocol = "Tcp",
                SourcePortRange = "*",
                DestinationPortRange = "5986",
                SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
                DestinationAddressPrefix = "*",
            },
            new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
            {
                Name = "AllowLDAPS",
                Priority = 401,
                Direction = "Inbound",
                Access = "Allow",
                Protocol = "Tcp",
                SourcePortRange = "*",
                DestinationPortRange = "636",
                SourceAddressPrefix = "*",
                DestinationAddressPrefix = "*",
            },
        },
    });

    var deploySubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", new()
    {
        SubnetId = deploySubnet.Id,
        NetworkSecurityGroupId = deployNetworkSecurityGroup.Id,
    });

    var dcAdmins = new AzureAD.Group("dcAdmins", new()
    {
        DisplayName = "AAD DC Administrators",
        SecurityEnabled = true,
    });

    var adminUser = new AzureAD.User("adminUser", new()
    {
        UserPrincipalName = "dc-admin@hashicorp-example.com",
        DisplayName = "DC Administrator",
        Password = "Pa55w0Rd!!1",
    });

    var adminGroupMember = new AzureAD.GroupMember("adminGroupMember", new()
    {
        GroupObjectId = dcAdmins.ObjectId,
        MemberObjectId = adminUser.ObjectId,
    });

    var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new()
    {
        ApplicationId = "2565bd9d-da50-47d4-8b85-4c97f669dc36",
    });

    // published app for domain services
    var aadds = new Azure.Core.ResourceGroup("aadds", new()
    {
        Location = "westeurope",
    });

    var exampleService = new Azure.DomainServices.Service("exampleService", new()
    {
        Location = aadds.Location,
        ResourceGroupName = aadds.Name,
        DomainName = "widgetslogin.net",
        Sku = "Enterprise",
        FilteredSyncEnabled = false,
        InitialReplicaSet = new Azure.DomainServices.Inputs.ServiceInitialReplicaSetArgs
        {
            SubnetId = deploySubnet.Id,
        },
        Notifications = new Azure.DomainServices.Inputs.ServiceNotificationsArgs
        {
            AdditionalRecipients = new[]
            {
                "notifyA@example.net",
                "notifyB@example.org",
            },
            NotifyDcAdmins = true,
            NotifyGlobalAdmins = true,
        },
        Security = new Azure.DomainServices.Inputs.ServiceSecurityArgs
        {
            SyncKerberosPasswords = true,
            SyncNtlmPasswords = true,
            SyncOnPremPasswords = true,
        },
        Tags = 
        {
            { "Environment", "prod" },
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            exampleServicePrincipal,
            deploySubnetNetworkSecurityGroupAssociation,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/domainservices"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		deployResourceGroup, err := core.NewResourceGroup(ctx, "deployResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		deployVirtualNetwork, err := network.NewVirtualNetwork(ctx, "deployVirtualNetwork", &network.VirtualNetworkArgs{
			Location:          deployResourceGroup.Location,
			ResourceGroupName: deployResourceGroup.Name,
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.1.0/16"),
			},
		})
		if err != nil {
			return err
		}
		deploySubnet, err := network.NewSubnet(ctx, "deploySubnet", &network.SubnetArgs{
			ResourceGroupName:  deployResourceGroup.Name,
			VirtualNetworkName: deployVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
		})
		if err != nil {
			return err
		}
		deployNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "deployNetworkSecurityGroup", &network.NetworkSecurityGroupArgs{
			Location:          deployResourceGroup.Location,
			ResourceGroupName: deployResourceGroup.Name,
			SecurityRules: network.NetworkSecurityGroupSecurityRuleArray{
				&network.NetworkSecurityGroupSecurityRuleArgs{
					Name:                     pulumi.String("AllowSyncWithAzureAD"),
					Priority:                 pulumi.Int(101),
					Direction:                pulumi.String("Inbound"),
					Access:                   pulumi.String("Allow"),
					Protocol:                 pulumi.String("Tcp"),
					SourcePortRange:          pulumi.String("*"),
					DestinationPortRange:     pulumi.String("443"),
					SourceAddressPrefix:      pulumi.String("AzureActiveDirectoryDomainServices"),
					DestinationAddressPrefix: pulumi.String("*"),
				},
				&network.NetworkSecurityGroupSecurityRuleArgs{
					Name:                     pulumi.String("AllowRD"),
					Priority:                 pulumi.Int(201),
					Direction:                pulumi.String("Inbound"),
					Access:                   pulumi.String("Allow"),
					Protocol:                 pulumi.String("Tcp"),
					SourcePortRange:          pulumi.String("*"),
					DestinationPortRange:     pulumi.String("3389"),
					SourceAddressPrefix:      pulumi.String("CorpNetSaw"),
					DestinationAddressPrefix: pulumi.String("*"),
				},
				&network.NetworkSecurityGroupSecurityRuleArgs{
					Name:                     pulumi.String("AllowPSRemoting"),
					Priority:                 pulumi.Int(301),
					Direction:                pulumi.String("Inbound"),
					Access:                   pulumi.String("Allow"),
					Protocol:                 pulumi.String("Tcp"),
					SourcePortRange:          pulumi.String("*"),
					DestinationPortRange:     pulumi.String("5986"),
					SourceAddressPrefix:      pulumi.String("AzureActiveDirectoryDomainServices"),
					DestinationAddressPrefix: pulumi.String("*"),
				},
				&network.NetworkSecurityGroupSecurityRuleArgs{
					Name:                     pulumi.String("AllowLDAPS"),
					Priority:                 pulumi.Int(401),
					Direction:                pulumi.String("Inbound"),
					Access:                   pulumi.String("Allow"),
					Protocol:                 pulumi.String("Tcp"),
					SourcePortRange:          pulumi.String("*"),
					DestinationPortRange:     pulumi.String("636"),
					SourceAddressPrefix:      pulumi.String("*"),
					DestinationAddressPrefix: pulumi.String("*"),
				},
			},
		})
		if err != nil {
			return err
		}
		deploySubnetNetworkSecurityGroupAssociation, err := network.NewSubnetNetworkSecurityGroupAssociation(ctx, "deploySubnetNetworkSecurityGroupAssociation", &network.SubnetNetworkSecurityGroupAssociationArgs{
			SubnetId:               deploySubnet.ID(),
			NetworkSecurityGroupId: deployNetworkSecurityGroup.ID(),
		})
		if err != nil {
			return err
		}
		dcAdmins, err := azuread.NewGroup(ctx, "dcAdmins", &azuread.GroupArgs{
			DisplayName:     pulumi.String("AAD DC Administrators"),
			SecurityEnabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		adminUser, err := azuread.NewUser(ctx, "adminUser", &azuread.UserArgs{
			UserPrincipalName: pulumi.String("dc-admin@hashicorp-example.com"),
			DisplayName:       pulumi.String("DC Administrator"),
			Password:          pulumi.String("Pa55w0Rd!!1"),
		})
		if err != nil {
			return err
		}
		_, err = azuread.NewGroupMember(ctx, "adminGroupMember", &azuread.GroupMemberArgs{
			GroupObjectId:  dcAdmins.ObjectId,
			MemberObjectId: adminUser.ObjectId,
		})
		if err != nil {
			return err
		}
		exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
			ApplicationId: pulumi.String("2565bd9d-da50-47d4-8b85-4c97f669dc36"),
		})
		if err != nil {
			return err
		}
		aadds, err := core.NewResourceGroup(ctx, "aadds", &core.ResourceGroupArgs{
			Location: pulumi.String("westeurope"),
		})
		if err != nil {
			return err
		}
		_, err = domainservices.NewService(ctx, "exampleService", &domainservices.ServiceArgs{
			Location:            aadds.Location,
			ResourceGroupName:   aadds.Name,
			DomainName:          pulumi.String("widgetslogin.net"),
			Sku:                 pulumi.String("Enterprise"),
			FilteredSyncEnabled: pulumi.Bool(false),
			InitialReplicaSet: &domainservices.ServiceInitialReplicaSetArgs{
				SubnetId: deploySubnet.ID(),
			},
			Notifications: &domainservices.ServiceNotificationsArgs{
				AdditionalRecipients: pulumi.StringArray{
					pulumi.String("notifyA@example.net"),
					pulumi.String("notifyB@example.org"),
				},
				NotifyDcAdmins:     pulumi.Bool(true),
				NotifyGlobalAdmins: pulumi.Bool(true),
			},
			Security: &domainservices.ServiceSecurityArgs{
				SyncKerberosPasswords: pulumi.Bool(true),
				SyncNtlmPasswords:     pulumi.Bool(true),
				SyncOnPremPasswords:   pulumi.Bool(true),
			},
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("prod"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleServicePrincipal,
			deploySubnetNetworkSecurityGroupAssociation,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.NetworkSecurityGroup;
import com.pulumi.azure.network.NetworkSecurityGroupArgs;
import com.pulumi.azure.network.inputs.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.GroupMember;
import com.pulumi.azuread.GroupMemberArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azure.domainservices.Service;
import com.pulumi.azure.domainservices.ServiceArgs;
import com.pulumi.azure.domainservices.inputs.ServiceInitialReplicaSetArgs;
import com.pulumi.azure.domainservices.inputs.ServiceNotificationsArgs;
import com.pulumi.azure.domainservices.inputs.ServiceSecurityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var deployResourceGroup = new ResourceGroup("deployResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var deployVirtualNetwork = new VirtualNetwork("deployVirtualNetwork", VirtualNetworkArgs.builder()        
            .location(deployResourceGroup.location())
            .resourceGroupName(deployResourceGroup.name())
            .addressSpaces("10.0.1.0/16")
            .build());

        var deploySubnet = new Subnet("deploySubnet", SubnetArgs.builder()        
            .resourceGroupName(deployResourceGroup.name())
            .virtualNetworkName(deployVirtualNetwork.name())
            .addressPrefixes("10.0.1.0/24")
            .build());

        var deployNetworkSecurityGroup = new NetworkSecurityGroup("deployNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()        
            .location(deployResourceGroup.location())
            .resourceGroupName(deployResourceGroup.name())
            .securityRules(            
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowSyncWithAzureAD")
                    .priority(101)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("443")
                    .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
                    .destinationAddressPrefix("*")
                    .build(),
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowRD")
                    .priority(201)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("3389")
                    .sourceAddressPrefix("CorpNetSaw")
                    .destinationAddressPrefix("*")
                    .build(),
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowPSRemoting")
                    .priority(301)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("5986")
                    .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
                    .destinationAddressPrefix("*")
                    .build(),
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowLDAPS")
                    .priority(401)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("636")
                    .sourceAddressPrefix("*")
                    .destinationAddressPrefix("*")
                    .build())
            .build());

        var deploySubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()        
            .subnetId(deploySubnet.id())
            .networkSecurityGroupId(deployNetworkSecurityGroup.id())
            .build());

        var dcAdmins = new Group("dcAdmins", GroupArgs.builder()        
            .displayName("AAD DC Administrators")
            .securityEnabled(true)
            .build());

        var adminUser = new User("adminUser", UserArgs.builder()        
            .userPrincipalName("dc-admin@hashicorp-example.com")
            .displayName("DC Administrator")
            .password("Pa55w0Rd!!1")
            .build());

        var adminGroupMember = new GroupMember("adminGroupMember", GroupMemberArgs.builder()        
            .groupObjectId(dcAdmins.objectId())
            .memberObjectId(adminUser.objectId())
            .build());

        var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()        
            .applicationId("2565bd9d-da50-47d4-8b85-4c97f669dc36")
            .build());

        var aadds = new ResourceGroup("aadds", ResourceGroupArgs.builder()        
            .location("westeurope")
            .build());

        var exampleService = new Service("exampleService", ServiceArgs.builder()        
            .location(aadds.location())
            .resourceGroupName(aadds.name())
            .domainName("widgetslogin.net")
            .sku("Enterprise")
            .filteredSyncEnabled(false)
            .initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
                .subnetId(deploySubnet.id())
                .build())
            .notifications(ServiceNotificationsArgs.builder()
                .additionalRecipients(                
                    "notifyA@example.net",
                    "notifyB@example.org")
                .notifyDcAdmins(true)
                .notifyGlobalAdmins(true)
                .build())
            .security(ServiceSecurityArgs.builder()
                .syncKerberosPasswords(true)
                .syncNtlmPasswords(true)
                .syncOnPremPasswords(true)
                .build())
            .tags(Map.of("Environment", "prod"))
            .build(), CustomResourceOptions.builder()
                .dependsOn(                
                    exampleServicePrincipal,
                    deploySubnetNetworkSecurityGroupAssociation)
                .build());

    }
}
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread

deploy_resource_group = azure.core.ResourceGroup("deployResourceGroup", location="West Europe")
deploy_virtual_network = azure.network.VirtualNetwork("deployVirtualNetwork",
    location=deploy_resource_group.location,
    resource_group_name=deploy_resource_group.name,
    address_spaces=["10.0.1.0/16"])
deploy_subnet = azure.network.Subnet("deploySubnet",
    resource_group_name=deploy_resource_group.name,
    virtual_network_name=deploy_virtual_network.name,
    address_prefixes=["10.0.1.0/24"])
deploy_network_security_group = azure.network.NetworkSecurityGroup("deployNetworkSecurityGroup",
    location=deploy_resource_group.location,
    resource_group_name=deploy_resource_group.name,
    security_rules=[
        azure.network.NetworkSecurityGroupSecurityRuleArgs(
            name="AllowSyncWithAzureAD",
            priority=101,
            direction="Inbound",
            access="Allow",
            protocol="Tcp",
            source_port_range="*",
            destination_port_range="443",
            source_address_prefix="AzureActiveDirectoryDomainServices",
            destination_address_prefix="*",
        ),
        azure.network.NetworkSecurityGroupSecurityRuleArgs(
            name="AllowRD",
            priority=201,
            direction="Inbound",
            access="Allow",
            protocol="Tcp",
            source_port_range="*",
            destination_port_range="3389",
            source_address_prefix="CorpNetSaw",
            destination_address_prefix="*",
        ),
        azure.network.NetworkSecurityGroupSecurityRuleArgs(
            name="AllowPSRemoting",
            priority=301,
            direction="Inbound",
            access="Allow",
            protocol="Tcp",
            source_port_range="*",
            destination_port_range="5986",
            source_address_prefix="AzureActiveDirectoryDomainServices",
            destination_address_prefix="*",
        ),
        azure.network.NetworkSecurityGroupSecurityRuleArgs(
            name="AllowLDAPS",
            priority=401,
            direction="Inbound",
            access="Allow",
            protocol="Tcp",
            source_port_range="*",
            destination_port_range="636",
            source_address_prefix="*",
            destination_address_prefix="*",
        ),
    ])
deploy_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation",
    subnet_id=deploy_subnet.id,
    network_security_group_id=deploy_network_security_group.id)
dc_admins = azuread.Group("dcAdmins",
    display_name="AAD DC Administrators",
    security_enabled=True)
admin_user = azuread.User("adminUser",
    user_principal_name="dc-admin@hashicorp-example.com",
    display_name="DC Administrator",
    password="Pa55w0Rd!!1")
admin_group_member = azuread.GroupMember("adminGroupMember",
    group_object_id=dc_admins.object_id,
    member_object_id=admin_user.object_id)
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", application_id="2565bd9d-da50-47d4-8b85-4c97f669dc36")
# published app for domain services
aadds = azure.core.ResourceGroup("aadds", location="westeurope")
example_service = azure.domainservices.Service("exampleService",
    location=aadds.location,
    resource_group_name=aadds.name,
    domain_name="widgetslogin.net",
    sku="Enterprise",
    filtered_sync_enabled=False,
    initial_replica_set=azure.domainservices.ServiceInitialReplicaSetArgs(
        subnet_id=deploy_subnet.id,
    ),
    notifications=azure.domainservices.ServiceNotificationsArgs(
        additional_recipients=[
            "notifyA@example.net",
            "notifyB@example.org",
        ],
        notify_dc_admins=True,
        notify_global_admins=True,
    ),
    security=azure.domainservices.ServiceSecurityArgs(
        sync_kerberos_passwords=True,
        sync_ntlm_passwords=True,
        sync_on_prem_passwords=True,
    ),
    tags={
        "Environment": "prod",
    },
    opts=pulumi.ResourceOptions(depends_on=[
            example_service_principal,
            deploy_subnet_network_security_group_association,
        ]))
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";

const deployResourceGroup = new azure.core.ResourceGroup("deployResourceGroup", {location: "West Europe"});
const deployVirtualNetwork = new azure.network.VirtualNetwork("deployVirtualNetwork", {
    location: deployResourceGroup.location,
    resourceGroupName: deployResourceGroup.name,
    addressSpaces: ["10.0.1.0/16"],
});
const deploySubnet = new azure.network.Subnet("deploySubnet", {
    resourceGroupName: deployResourceGroup.name,
    virtualNetworkName: deployVirtualNetwork.name,
    addressPrefixes: ["10.0.1.0/24"],
});
const deployNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("deployNetworkSecurityGroup", {
    location: deployResourceGroup.location,
    resourceGroupName: deployResourceGroup.name,
    securityRules: [
        {
            name: "AllowSyncWithAzureAD",
            priority: 101,
            direction: "Inbound",
            access: "Allow",
            protocol: "Tcp",
            sourcePortRange: "*",
            destinationPortRange: "443",
            sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
            destinationAddressPrefix: "*",
        },
        {
            name: "AllowRD",
            priority: 201,
            direction: "Inbound",
            access: "Allow",
            protocol: "Tcp",
            sourcePortRange: "*",
            destinationPortRange: "3389",
            sourceAddressPrefix: "CorpNetSaw",
            destinationAddressPrefix: "*",
        },
        {
            name: "AllowPSRemoting",
            priority: 301,
            direction: "Inbound",
            access: "Allow",
            protocol: "Tcp",
            sourcePortRange: "*",
            destinationPortRange: "5986",
            sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
            destinationAddressPrefix: "*",
        },
        {
            name: "AllowLDAPS",
            priority: 401,
            direction: "Inbound",
            access: "Allow",
            protocol: "Tcp",
            sourcePortRange: "*",
            destinationPortRange: "636",
            sourceAddressPrefix: "*",
            destinationAddressPrefix: "*",
        },
    ],
});
const deploySubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", {
    subnetId: deploySubnet.id,
    networkSecurityGroupId: deployNetworkSecurityGroup.id,
});
const dcAdmins = new azuread.Group("dcAdmins", {
    displayName: "AAD DC Administrators",
    securityEnabled: true,
});
const adminUser = new azuread.User("adminUser", {
    userPrincipalName: "dc-admin@hashicorp-example.com",
    displayName: "DC Administrator",
    password: "Pa55w0Rd!!1",
});
const adminGroupMember = new azuread.GroupMember("adminGroupMember", {
    groupObjectId: dcAdmins.objectId,
    memberObjectId: adminUser.objectId,
});
const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {applicationId: "2565bd9d-da50-47d4-8b85-4c97f669dc36"});
// published app for domain services
const aadds = new azure.core.ResourceGroup("aadds", {location: "westeurope"});
const exampleService = new azure.domainservices.Service("exampleService", {
    location: aadds.location,
    resourceGroupName: aadds.name,
    domainName: "widgetslogin.net",
    sku: "Enterprise",
    filteredSyncEnabled: false,
    initialReplicaSet: {
        subnetId: deploySubnet.id,
    },
    notifications: {
        additionalRecipients: [
            "notifyA@example.net",
            "notifyB@example.org",
        ],
        notifyDcAdmins: true,
        notifyGlobalAdmins: true,
    },
    security: {
        syncKerberosPasswords: true,
        syncNtlmPasswords: true,
        syncOnPremPasswords: true,
    },
    tags: {
        Environment: "prod",
    },
}, {
    dependsOn: [
        exampleServicePrincipal,
        deploySubnetNetworkSecurityGroupAssociation,
    ],
});
resources:
  deployResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  deployVirtualNetwork:
    type: azure:network:VirtualNetwork
    properties:
      location: ${deployResourceGroup.location}
      resourceGroupName: ${deployResourceGroup.name}
      addressSpaces:
        - 10.0.1.0/16
  deploySubnet:
    type: azure:network:Subnet
    properties:
      resourceGroupName: ${deployResourceGroup.name}
      virtualNetworkName: ${deployVirtualNetwork.name}
      addressPrefixes:
        - 10.0.1.0/24
  deployNetworkSecurityGroup:
    type: azure:network:NetworkSecurityGroup
    properties:
      location: ${deployResourceGroup.location}
      resourceGroupName: ${deployResourceGroup.name}
      securityRules:
        - name: AllowSyncWithAzureAD
          priority: 101
          direction: Inbound
          access: Allow
          protocol: Tcp
          sourcePortRange: '*'
          destinationPortRange: '443'
          sourceAddressPrefix: AzureActiveDirectoryDomainServices
          destinationAddressPrefix: '*'
        - name: AllowRD
          priority: 201
          direction: Inbound
          access: Allow
          protocol: Tcp
          sourcePortRange: '*'
          destinationPortRange: '3389'
          sourceAddressPrefix: CorpNetSaw
          destinationAddressPrefix: '*'
        - name: AllowPSRemoting
          priority: 301
          direction: Inbound
          access: Allow
          protocol: Tcp
          sourcePortRange: '*'
          destinationPortRange: '5986'
          sourceAddressPrefix: AzureActiveDirectoryDomainServices
          destinationAddressPrefix: '*'
        - name: AllowLDAPS
          priority: 401
          direction: Inbound
          access: Allow
          protocol: Tcp
          sourcePortRange: '*'
          destinationPortRange: '636'
          sourceAddressPrefix: '*'
          destinationAddressPrefix: '*'
  deploySubnetNetworkSecurityGroupAssociation:
    type: azure:network:SubnetNetworkSecurityGroupAssociation
    properties:
      subnetId: ${deploySubnet.id}
      networkSecurityGroupId: ${deployNetworkSecurityGroup.id}
  dcAdmins:
    type: azuread:Group
    properties:
      displayName: AAD DC Administrators
      securityEnabled: true
  adminUser:
    type: azuread:User
    properties:
      userPrincipalName: dc-admin@hashicorp-example.com
      displayName: DC Administrator
      password: Pa55w0Rd!!1
  adminGroupMember:
    type: azuread:GroupMember
    properties:
      groupObjectId: ${dcAdmins.objectId}
      memberObjectId: ${adminUser.objectId}
  exampleServicePrincipal:
    type: azuread:ServicePrincipal
    properties:
      applicationId: 2565bd9d-da50-47d4-8b85-4c97f669dc36
  aadds:
    type: azure:core:ResourceGroup
    properties:
      location: westeurope
  exampleService:
    type: azure:domainservices:Service
    properties:
      location: ${aadds.location}
      resourceGroupName: ${aadds.name}
      domainName: widgetslogin.net
      sku: Enterprise
      filteredSyncEnabled: false
      initialReplicaSet:
        subnetId: ${deploySubnet.id}
      notifications:
        additionalRecipients:
          - notifyA@example.net
          - notifyB@example.org
        notifyDcAdmins: true
        notifyGlobalAdmins: true
      security:
        syncKerberosPasswords: true
        syncNtlmPasswords: true
        syncOnPremPasswords: true
      tags:
        Environment: prod
    options:
      dependson:
        - ${exampleServicePrincipal}
        - ${deploySubnetNetworkSecurityGroupAssociation}

Create Service Resource

new Service(name: string, args: ServiceArgs, opts?: CustomResourceOptions);
@overload
def Service(resource_name: str,
            opts: Optional[ResourceOptions] = None,
            domain_configuration_type: Optional[str] = None,
            domain_name: Optional[str] = None,
            filtered_sync_enabled: Optional[bool] = None,
            initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            notifications: Optional[ServiceNotificationsArgs] = None,
            resource_group_name: Optional[str] = None,
            secure_ldap: Optional[ServiceSecureLdapArgs] = None,
            security: Optional[ServiceSecurityArgs] = None,
            sku: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None)
@overload
def Service(resource_name: str,
            args: ServiceArgs,
            opts: Optional[ResourceOptions] = None)
func NewService(ctx *Context, name string, args ServiceArgs, opts ...ResourceOption) (*Service, error)
public Service(string name, ServiceArgs args, CustomResourceOptions? opts = null)
public Service(String name, ServiceArgs args)
public Service(String name, ServiceArgs args, CustomResourceOptions options)
type: azure:domainservices:Service
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ServiceArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ServiceArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ServiceArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ServiceArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ServiceArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Service Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Service resource accepts the following input properties:

DomainName string

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

InitialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

ResourceGroupName string

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

Sku string

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

DomainConfigurationType string

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

FilteredSyncEnabled bool

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

Location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

Name string

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

Notifications ServiceNotificationsArgs

A notifications block as defined below.

SecureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

Security ServiceSecurityArgs

A security block as defined below.

Tags Dictionary<string, string>

A mapping of tags assigned to the resource.

DomainName string

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

InitialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

ResourceGroupName string

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

Sku string

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

DomainConfigurationType string

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

FilteredSyncEnabled bool

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

Location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

Name string

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

Notifications ServiceNotificationsArgs

A notifications block as defined below.

SecureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

Security ServiceSecurityArgs

A security block as defined below.

Tags map[string]string

A mapping of tags assigned to the resource.

domainName String

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

initialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

resourceGroupName String

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

sku String

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

domainConfigurationType String

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

filteredSyncEnabled Boolean

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

location String

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name String

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications ServiceNotificationsArgs

A notifications block as defined below.

secureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

security ServiceSecurityArgs

A security block as defined below.

tags Map<String,String>

A mapping of tags assigned to the resource.

domainName string

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

initialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

resourceGroupName string

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

sku string

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

domainConfigurationType string

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

filteredSyncEnabled boolean

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name string

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications ServiceNotificationsArgs

A notifications block as defined below.

secureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

security ServiceSecurityArgs

A security block as defined below.

tags {[key: string]: string}

A mapping of tags assigned to the resource.

domain_name str

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

initial_replica_set ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

resource_group_name str

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

sku str

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

domain_configuration_type str

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

filtered_sync_enabled bool

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

location str

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name str

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications ServiceNotificationsArgs

A notifications block as defined below.

secure_ldap ServiceSecureLdapArgs

A secure_ldap block as defined below.

security ServiceSecurityArgs

A security block as defined below.

tags Mapping[str, str]

A mapping of tags assigned to the resource.

domainName String

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

initialReplicaSet Property Map

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

resourceGroupName String

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

sku String

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

domainConfigurationType String

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

filteredSyncEnabled Boolean

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

location String

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name String

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications Property Map

A notifications block as defined below.

secureLdap Property Map

A secure_ldap block as defined below.

security Property Map

A security block as defined below.

tags Map<String>

A mapping of tags assigned to the resource.

Outputs

All input properties are implicitly available as output properties. Additionally, the Service resource produces the following output properties:

DeploymentId string

A unique ID for the managed domain deployment.

Id string

The provider-assigned unique ID for this managed resource.

ResourceId string

The Azure resource ID for the domain service.

SyncOwner string
TenantId string
Version int
DeploymentId string

A unique ID for the managed domain deployment.

Id string

The provider-assigned unique ID for this managed resource.

ResourceId string

The Azure resource ID for the domain service.

SyncOwner string
TenantId string
Version int
deploymentId String

A unique ID for the managed domain deployment.

id String

The provider-assigned unique ID for this managed resource.

resourceId String

The Azure resource ID for the domain service.

syncOwner String
tenantId String
version Integer
deploymentId string

A unique ID for the managed domain deployment.

id string

The provider-assigned unique ID for this managed resource.

resourceId string

The Azure resource ID for the domain service.

syncOwner string
tenantId string
version number
deployment_id str

A unique ID for the managed domain deployment.

id str

The provider-assigned unique ID for this managed resource.

resource_id str

The Azure resource ID for the domain service.

sync_owner str
tenant_id str
version int
deploymentId String

A unique ID for the managed domain deployment.

id String

The provider-assigned unique ID for this managed resource.

resourceId String

The Azure resource ID for the domain service.

syncOwner String
tenantId String
version Number

Look up Existing Service Resource

Get an existing Service resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServiceState, opts?: CustomResourceOptions): Service
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        deployment_id: Optional[str] = None,
        domain_configuration_type: Optional[str] = None,
        domain_name: Optional[str] = None,
        filtered_sync_enabled: Optional[bool] = None,
        initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        notifications: Optional[ServiceNotificationsArgs] = None,
        resource_group_name: Optional[str] = None,
        resource_id: Optional[str] = None,
        secure_ldap: Optional[ServiceSecureLdapArgs] = None,
        security: Optional[ServiceSecurityArgs] = None,
        sku: Optional[str] = None,
        sync_owner: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tenant_id: Optional[str] = None,
        version: Optional[int] = None) -> Service
func GetService(ctx *Context, name string, id IDInput, state *ServiceState, opts ...ResourceOption) (*Service, error)
public static Service Get(string name, Input<string> id, ServiceState? state, CustomResourceOptions? opts = null)
public static Service get(String name, Output<String> id, ServiceState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DeploymentId string

A unique ID for the managed domain deployment.

DomainConfigurationType string

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

DomainName string

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

FilteredSyncEnabled bool

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

InitialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

Location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

Name string

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

Notifications ServiceNotificationsArgs

A notifications block as defined below.

ResourceGroupName string

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

ResourceId string

The Azure resource ID for the domain service.

SecureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

Security ServiceSecurityArgs

A security block as defined below.

Sku string

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

SyncOwner string
Tags Dictionary<string, string>

A mapping of tags assigned to the resource.

TenantId string
Version int
DeploymentId string

A unique ID for the managed domain deployment.

DomainConfigurationType string

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

DomainName string

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

FilteredSyncEnabled bool

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

InitialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

Location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

Name string

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

Notifications ServiceNotificationsArgs

A notifications block as defined below.

ResourceGroupName string

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

ResourceId string

The Azure resource ID for the domain service.

SecureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

Security ServiceSecurityArgs

A security block as defined below.

Sku string

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

SyncOwner string
Tags map[string]string

A mapping of tags assigned to the resource.

TenantId string
Version int
deploymentId String

A unique ID for the managed domain deployment.

domainConfigurationType String

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

domainName String

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

filteredSyncEnabled Boolean

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

initialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

location String

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name String

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications ServiceNotificationsArgs

A notifications block as defined below.

resourceGroupName String

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

resourceId String

The Azure resource ID for the domain service.

secureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

security ServiceSecurityArgs

A security block as defined below.

sku String

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

syncOwner String
tags Map<String,String>

A mapping of tags assigned to the resource.

tenantId String
version Integer
deploymentId string

A unique ID for the managed domain deployment.

domainConfigurationType string

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

domainName string

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

filteredSyncEnabled boolean

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

initialReplicaSet ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name string

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications ServiceNotificationsArgs

A notifications block as defined below.

resourceGroupName string

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

resourceId string

The Azure resource ID for the domain service.

secureLdap ServiceSecureLdapArgs

A secure_ldap block as defined below.

security ServiceSecurityArgs

A security block as defined below.

sku string

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

syncOwner string
tags {[key: string]: string}

A mapping of tags assigned to the resource.

tenantId string
version number
deployment_id str

A unique ID for the managed domain deployment.

domain_configuration_type str

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

domain_name str

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

filtered_sync_enabled bool

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

initial_replica_set ServiceInitialReplicaSetArgs

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

location str

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name str

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications ServiceNotificationsArgs

A notifications block as defined below.

resource_group_name str

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

resource_id str

The Azure resource ID for the domain service.

secure_ldap ServiceSecureLdapArgs

A secure_ldap block as defined below.

security ServiceSecurityArgs

A security block as defined below.

sku str

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

sync_owner str
tags Mapping[str, str]

A mapping of tags assigned to the resource.

tenant_id str
version int
deploymentId String

A unique ID for the managed domain deployment.

domainConfigurationType String

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

domainName String

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

filteredSyncEnabled Boolean

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

initialReplicaSet Property Map

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

location String

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

name String

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

notifications Property Map

A notifications block as defined below.

resourceGroupName String

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

resourceId String

The Azure resource ID for the domain service.

secureLdap Property Map

A secure_ldap block as defined below.

security Property Map

A security block as defined below.

sku String

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

syncOwner String
tags Map<String>

A mapping of tags assigned to the resource.

tenantId String
version Number

Supporting Types

ServiceInitialReplicaSet

SubnetId string

The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

DomainControllerIpAddresses List<string>

A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

ExternalAccessIpAddress string

The publicly routable IP address for the domain controllers in the initial replica set.

Id string

A unique ID for the replica set.

Location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

ServiceStatus string

The current service status for the initial replica set.

SubnetId string

The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

DomainControllerIpAddresses []string

A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

ExternalAccessIpAddress string

The publicly routable IP address for the domain controllers in the initial replica set.

Id string

A unique ID for the replica set.

Location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

ServiceStatus string

The current service status for the initial replica set.

subnetId String

The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

domainControllerIpAddresses List<String>

A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

externalAccessIpAddress String

The publicly routable IP address for the domain controllers in the initial replica set.

id String

A unique ID for the replica set.

location String

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

serviceStatus String

The current service status for the initial replica set.

subnetId string

The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

domainControllerIpAddresses string[]

A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

externalAccessIpAddress string

The publicly routable IP address for the domain controllers in the initial replica set.

id string

A unique ID for the replica set.

location string

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

serviceStatus string

The current service status for the initial replica set.

subnet_id str

The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

domain_controller_ip_addresses Sequence[str]

A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

external_access_ip_address str

The publicly routable IP address for the domain controllers in the initial replica set.

id str

A unique ID for the replica set.

location str

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

service_status str

The current service status for the initial replica set.

subnetId String

The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

domainControllerIpAddresses List<String>

A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

externalAccessIpAddress String

The publicly routable IP address for the domain controllers in the initial replica set.

id String

A unique ID for the replica set.

location String

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

serviceStatus String

The current service status for the initial replica set.

ServiceNotifications

AdditionalRecipients List<string>

A list of additional email addresses to notify when there are alerts in the managed domain.

NotifyDcAdmins bool

Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

NotifyGlobalAdmins bool

Whether to notify all Global Administrators when there are alerts in the managed domain.

AdditionalRecipients []string

A list of additional email addresses to notify when there are alerts in the managed domain.

NotifyDcAdmins bool

Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

NotifyGlobalAdmins bool

Whether to notify all Global Administrators when there are alerts in the managed domain.

additionalRecipients List<String>

A list of additional email addresses to notify when there are alerts in the managed domain.

notifyDcAdmins Boolean

Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

notifyGlobalAdmins Boolean

Whether to notify all Global Administrators when there are alerts in the managed domain.

additionalRecipients string[]

A list of additional email addresses to notify when there are alerts in the managed domain.

notifyDcAdmins boolean

Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

notifyGlobalAdmins boolean

Whether to notify all Global Administrators when there are alerts in the managed domain.

additional_recipients Sequence[str]

A list of additional email addresses to notify when there are alerts in the managed domain.

notify_dc_admins bool

Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

notify_global_admins bool

Whether to notify all Global Administrators when there are alerts in the managed domain.

additionalRecipients List<String>

A list of additional email addresses to notify when there are alerts in the managed domain.

notifyDcAdmins Boolean

Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

notifyGlobalAdmins Boolean

Whether to notify all Global Administrators when there are alerts in the managed domain.

ServiceSecureLdap

Enabled bool

Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

PfxCertificate string

The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

PfxCertificatePassword string

The password to use for decrypting the PKCS#12 bundle (PFX file).

CertificateExpiry string

The expiry time of the certificate.

CertificateThumbprint string

The thumbprint of the certificate.

ExternalAccessEnabled bool

Whether to enable external access to LDAPS over the Internet. Defaults to false.

PublicCertificate string

The public certificate.

Enabled bool

Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

PfxCertificate string

The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

PfxCertificatePassword string

The password to use for decrypting the PKCS#12 bundle (PFX file).

CertificateExpiry string

The expiry time of the certificate.

CertificateThumbprint string

The thumbprint of the certificate.

ExternalAccessEnabled bool

Whether to enable external access to LDAPS over the Internet. Defaults to false.

PublicCertificate string

The public certificate.

enabled Boolean

Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

pfxCertificate String

The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

pfxCertificatePassword String

The password to use for decrypting the PKCS#12 bundle (PFX file).

certificateExpiry String

The expiry time of the certificate.

certificateThumbprint String

The thumbprint of the certificate.

externalAccessEnabled Boolean

Whether to enable external access to LDAPS over the Internet. Defaults to false.

publicCertificate String

The public certificate.

enabled boolean

Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

pfxCertificate string

The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

pfxCertificatePassword string

The password to use for decrypting the PKCS#12 bundle (PFX file).

certificateExpiry string

The expiry time of the certificate.

certificateThumbprint string

The thumbprint of the certificate.

externalAccessEnabled boolean

Whether to enable external access to LDAPS over the Internet. Defaults to false.

publicCertificate string

The public certificate.

enabled bool

Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

pfx_certificate str

The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

pfx_certificate_password str

The password to use for decrypting the PKCS#12 bundle (PFX file).

certificate_expiry str

The expiry time of the certificate.

certificate_thumbprint str

The thumbprint of the certificate.

external_access_enabled bool

Whether to enable external access to LDAPS over the Internet. Defaults to false.

public_certificate str

The public certificate.

enabled Boolean

Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

pfxCertificate String

The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

pfxCertificatePassword String

The password to use for decrypting the PKCS#12 bundle (PFX file).

certificateExpiry String

The expiry time of the certificate.

certificateThumbprint String

The thumbprint of the certificate.

externalAccessEnabled Boolean

Whether to enable external access to LDAPS over the Internet. Defaults to false.

publicCertificate String

The public certificate.

ServiceSecurity

KerberosArmoringEnabled bool

Whether to enable Kerberos Armoring. Defaults to false.

KerberosRc4EncryptionEnabled bool

Whether to enable Kerberos RC4 Encryption. Defaults to false.

NtlmV1Enabled bool

Whether to enable legacy NTLM v1 support. Defaults to false.

SyncKerberosPasswords bool

Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

SyncNtlmPasswords bool

Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

SyncOnPremPasswords bool

Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

TlsV1Enabled bool

Whether to enable legacy TLS v1 support. Defaults to false.

KerberosArmoringEnabled bool

Whether to enable Kerberos Armoring. Defaults to false.

KerberosRc4EncryptionEnabled bool

Whether to enable Kerberos RC4 Encryption. Defaults to false.

NtlmV1Enabled bool

Whether to enable legacy NTLM v1 support. Defaults to false.

SyncKerberosPasswords bool

Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

SyncNtlmPasswords bool

Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

SyncOnPremPasswords bool

Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

TlsV1Enabled bool

Whether to enable legacy TLS v1 support. Defaults to false.

kerberosArmoringEnabled Boolean

Whether to enable Kerberos Armoring. Defaults to false.

kerberosRc4EncryptionEnabled Boolean

Whether to enable Kerberos RC4 Encryption. Defaults to false.

ntlmV1Enabled Boolean

Whether to enable legacy NTLM v1 support. Defaults to false.

syncKerberosPasswords Boolean

Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

syncNtlmPasswords Boolean

Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

syncOnPremPasswords Boolean

Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

tlsV1Enabled Boolean

Whether to enable legacy TLS v1 support. Defaults to false.

kerberosArmoringEnabled boolean

Whether to enable Kerberos Armoring. Defaults to false.

kerberosRc4EncryptionEnabled boolean

Whether to enable Kerberos RC4 Encryption. Defaults to false.

ntlmV1Enabled boolean

Whether to enable legacy NTLM v1 support. Defaults to false.

syncKerberosPasswords boolean

Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

syncNtlmPasswords boolean

Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

syncOnPremPasswords boolean

Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

tlsV1Enabled boolean

Whether to enable legacy TLS v1 support. Defaults to false.

kerberos_armoring_enabled bool

Whether to enable Kerberos Armoring. Defaults to false.

kerberos_rc4_encryption_enabled bool

Whether to enable Kerberos RC4 Encryption. Defaults to false.

ntlm_v1_enabled bool

Whether to enable legacy NTLM v1 support. Defaults to false.

sync_kerberos_passwords bool

Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

sync_ntlm_passwords bool

Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

sync_on_prem_passwords bool

Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

tls_v1_enabled bool

Whether to enable legacy TLS v1 support. Defaults to false.

kerberosArmoringEnabled Boolean

Whether to enable Kerberos Armoring. Defaults to false.

kerberosRc4EncryptionEnabled Boolean

Whether to enable Kerberos RC4 Encryption. Defaults to false.

ntlmV1Enabled Boolean

Whether to enable legacy NTLM v1 support. Defaults to false.

syncKerberosPasswords Boolean

Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

syncNtlmPasswords Boolean

Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

syncOnPremPasswords Boolean

Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

tlsV1Enabled Boolean

Whether to enable legacy TLS v1 support. Defaults to false.

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.