Docs
PackagesWe recommend using Azure Native.
azure.domainservices.Service
Explore with Pulumi AI
Import
Domain Services can be imported using the resource ID, together with the Replica Set ID that you wish to designate as the initial replica set, e.g.
$ pulumi import azure:domainservices/service:Service example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/initialReplicaSetId/00000000-0000-0000-0000-000000000000
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var deployResourceGroup = new Azure.Core.ResourceGroup("deployResourceGroup", new()
{
Location = "West Europe",
});
var deployVirtualNetwork = new Azure.Network.VirtualNetwork("deployVirtualNetwork", new()
{
Location = deployResourceGroup.Location,
ResourceGroupName = deployResourceGroup.Name,
AddressSpaces = new[]
{
"10.0.1.0/16",
},
});
var deploySubnet = new Azure.Network.Subnet("deploySubnet", new()
{
ResourceGroupName = deployResourceGroup.Name,
VirtualNetworkName = deployVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.1.0/24",
},
});
var deployNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("deployNetworkSecurityGroup", new()
{
Location = deployResourceGroup.Location,
ResourceGroupName = deployResourceGroup.Name,
SecurityRules = new[]
{
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowSyncWithAzureAD",
Priority = 101,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "443",
SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
DestinationAddressPrefix = "*",
},
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowRD",
Priority = 201,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "3389",
SourceAddressPrefix = "CorpNetSaw",
DestinationAddressPrefix = "*",
},
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowPSRemoting",
Priority = 301,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "5986",
SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
DestinationAddressPrefix = "*",
},
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowLDAPS",
Priority = 401,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "636",
SourceAddressPrefix = "*",
DestinationAddressPrefix = "*",
},
},
});
var deploySubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", new()
{
SubnetId = deploySubnet.Id,
NetworkSecurityGroupId = deployNetworkSecurityGroup.Id,
});
var dcAdmins = new AzureAD.Group("dcAdmins", new()
{
DisplayName = "AAD DC Administrators",
SecurityEnabled = true,
});
var adminUser = new AzureAD.User("adminUser", new()
{
UserPrincipalName = "dc-admin@hashicorp-example.com",
DisplayName = "DC Administrator",
Password = "Pa55w0Rd!!1",
});
var adminGroupMember = new AzureAD.GroupMember("adminGroupMember", new()
{
GroupObjectId = dcAdmins.ObjectId,
MemberObjectId = adminUser.ObjectId,
});
var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new()
{
ApplicationId = "2565bd9d-da50-47d4-8b85-4c97f669dc36",
});
// published app for domain services
var aadds = new Azure.Core.ResourceGroup("aadds", new()
{
Location = "westeurope",
});
var exampleService = new Azure.DomainServices.Service("exampleService", new()
{
Location = aadds.Location,
ResourceGroupName = aadds.Name,
DomainName = "widgetslogin.net",
Sku = "Enterprise",
FilteredSyncEnabled = false,
InitialReplicaSet = new Azure.DomainServices.Inputs.ServiceInitialReplicaSetArgs
{
SubnetId = deploySubnet.Id,
},
Notifications = new Azure.DomainServices.Inputs.ServiceNotificationsArgs
{
AdditionalRecipients = new[]
{
"notifyA@example.net",
"notifyB@example.org",
},
NotifyDcAdmins = true,
NotifyGlobalAdmins = true,
},
Security = new Azure.DomainServices.Inputs.ServiceSecurityArgs
{
SyncKerberosPasswords = true,
SyncNtlmPasswords = true,
SyncOnPremPasswords = true,
},
Tags =
{
{ "Environment", "prod" },
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
exampleServicePrincipal,
deploySubnetNetworkSecurityGroupAssociation,
},
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/domainservices"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
deployResourceGroup, err := core.NewResourceGroup(ctx, "deployResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
deployVirtualNetwork, err := network.NewVirtualNetwork(ctx, "deployVirtualNetwork", &network.VirtualNetworkArgs{
Location: deployResourceGroup.Location,
ResourceGroupName: deployResourceGroup.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.1.0/16"),
},
})
if err != nil {
return err
}
deploySubnet, err := network.NewSubnet(ctx, "deploySubnet", &network.SubnetArgs{
ResourceGroupName: deployResourceGroup.Name,
VirtualNetworkName: deployVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
})
if err != nil {
return err
}
deployNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "deployNetworkSecurityGroup", &network.NetworkSecurityGroupArgs{
Location: deployResourceGroup.Location,
ResourceGroupName: deployResourceGroup.Name,
SecurityRules: network.NetworkSecurityGroupSecurityRuleArray{
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowSyncWithAzureAD"),
Priority: pulumi.Int(101),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("443"),
SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
DestinationAddressPrefix: pulumi.String("*"),
},
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowRD"),
Priority: pulumi.Int(201),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("3389"),
SourceAddressPrefix: pulumi.String("CorpNetSaw"),
DestinationAddressPrefix: pulumi.String("*"),
},
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowPSRemoting"),
Priority: pulumi.Int(301),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("5986"),
SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
DestinationAddressPrefix: pulumi.String("*"),
},
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowLDAPS"),
Priority: pulumi.Int(401),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("636"),
SourceAddressPrefix: pulumi.String("*"),
DestinationAddressPrefix: pulumi.String("*"),
},
},
})
if err != nil {
return err
}
deploySubnetNetworkSecurityGroupAssociation, err := network.NewSubnetNetworkSecurityGroupAssociation(ctx, "deploySubnetNetworkSecurityGroupAssociation", &network.SubnetNetworkSecurityGroupAssociationArgs{
SubnetId: deploySubnet.ID(),
NetworkSecurityGroupId: deployNetworkSecurityGroup.ID(),
})
if err != nil {
return err
}
dcAdmins, err := azuread.NewGroup(ctx, "dcAdmins", &azuread.GroupArgs{
DisplayName: pulumi.String("AAD DC Administrators"),
SecurityEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
adminUser, err := azuread.NewUser(ctx, "adminUser", &azuread.UserArgs{
UserPrincipalName: pulumi.String("dc-admin@hashicorp-example.com"),
DisplayName: pulumi.String("DC Administrator"),
Password: pulumi.String("Pa55w0Rd!!1"),
})
if err != nil {
return err
}
_, err = azuread.NewGroupMember(ctx, "adminGroupMember", &azuread.GroupMemberArgs{
GroupObjectId: dcAdmins.ObjectId,
MemberObjectId: adminUser.ObjectId,
})
if err != nil {
return err
}
exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
ApplicationId: pulumi.String("2565bd9d-da50-47d4-8b85-4c97f669dc36"),
})
if err != nil {
return err
}
aadds, err := core.NewResourceGroup(ctx, "aadds", &core.ResourceGroupArgs{
Location: pulumi.String("westeurope"),
})
if err != nil {
return err
}
_, err = domainservices.NewService(ctx, "exampleService", &domainservices.ServiceArgs{
Location: aadds.Location,
ResourceGroupName: aadds.Name,
DomainName: pulumi.String("widgetslogin.net"),
Sku: pulumi.String("Enterprise"),
FilteredSyncEnabled: pulumi.Bool(false),
InitialReplicaSet: &domainservices.ServiceInitialReplicaSetArgs{
SubnetId: deploySubnet.ID(),
},
Notifications: &domainservices.ServiceNotificationsArgs{
AdditionalRecipients: pulumi.StringArray{
pulumi.String("notifyA@example.net"),
pulumi.String("notifyB@example.org"),
},
NotifyDcAdmins: pulumi.Bool(true),
NotifyGlobalAdmins: pulumi.Bool(true),
},
Security: &domainservices.ServiceSecurityArgs{
SyncKerberosPasswords: pulumi.Bool(true),
SyncNtlmPasswords: pulumi.Bool(true),
SyncOnPremPasswords: pulumi.Bool(true),
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("prod"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleServicePrincipal,
deploySubnetNetworkSecurityGroupAssociation,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.NetworkSecurityGroup;
import com.pulumi.azure.network.NetworkSecurityGroupArgs;
import com.pulumi.azure.network.inputs.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.GroupMember;
import com.pulumi.azuread.GroupMemberArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azure.domainservices.Service;
import com.pulumi.azure.domainservices.ServiceArgs;
import com.pulumi.azure.domainservices.inputs.ServiceInitialReplicaSetArgs;
import com.pulumi.azure.domainservices.inputs.ServiceNotificationsArgs;
import com.pulumi.azure.domainservices.inputs.ServiceSecurityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var deployResourceGroup = new ResourceGroup("deployResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var deployVirtualNetwork = new VirtualNetwork("deployVirtualNetwork", VirtualNetworkArgs.builder()
.location(deployResourceGroup.location())
.resourceGroupName(deployResourceGroup.name())
.addressSpaces("10.0.1.0/16")
.build());
var deploySubnet = new Subnet("deploySubnet", SubnetArgs.builder()
.resourceGroupName(deployResourceGroup.name())
.virtualNetworkName(deployVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var deployNetworkSecurityGroup = new NetworkSecurityGroup("deployNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
.location(deployResourceGroup.location())
.resourceGroupName(deployResourceGroup.name())
.securityRules(
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowSyncWithAzureAD")
.priority(101)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("443")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowRD")
.priority(201)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("3389")
.sourceAddressPrefix("CorpNetSaw")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowPSRemoting")
.priority(301)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("5986")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowLDAPS")
.priority(401)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("636")
.sourceAddressPrefix("*")
.destinationAddressPrefix("*")
.build())
.build());
var deploySubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()
.subnetId(deploySubnet.id())
.networkSecurityGroupId(deployNetworkSecurityGroup.id())
.build());
var dcAdmins = new Group("dcAdmins", GroupArgs.builder()
.displayName("AAD DC Administrators")
.securityEnabled(true)
.build());
var adminUser = new User("adminUser", UserArgs.builder()
.userPrincipalName("dc-admin@hashicorp-example.com")
.displayName("DC Administrator")
.password("Pa55w0Rd!!1")
.build());
var adminGroupMember = new GroupMember("adminGroupMember", GroupMemberArgs.builder()
.groupObjectId(dcAdmins.objectId())
.memberObjectId(adminUser.objectId())
.build());
var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()
.applicationId("2565bd9d-da50-47d4-8b85-4c97f669dc36")
.build());
var aadds = new ResourceGroup("aadds", ResourceGroupArgs.builder()
.location("westeurope")
.build());
var exampleService = new Service("exampleService", ServiceArgs.builder()
.location(aadds.location())
.resourceGroupName(aadds.name())
.domainName("widgetslogin.net")
.sku("Enterprise")
.filteredSyncEnabled(false)
.initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
.subnetId(deploySubnet.id())
.build())
.notifications(ServiceNotificationsArgs.builder()
.additionalRecipients(
"notifyA@example.net",
"notifyB@example.org")
.notifyDcAdmins(true)
.notifyGlobalAdmins(true)
.build())
.security(ServiceSecurityArgs.builder()
.syncKerberosPasswords(true)
.syncNtlmPasswords(true)
.syncOnPremPasswords(true)
.build())
.tags(Map.of("Environment", "prod"))
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleServicePrincipal,
deploySubnetNetworkSecurityGroupAssociation)
.build());
}
}
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
deploy_resource_group = azure.core.ResourceGroup("deployResourceGroup", location="West Europe")
deploy_virtual_network = azure.network.VirtualNetwork("deployVirtualNetwork",
location=deploy_resource_group.location,
resource_group_name=deploy_resource_group.name,
address_spaces=["10.0.1.0/16"])
deploy_subnet = azure.network.Subnet("deploySubnet",
resource_group_name=deploy_resource_group.name,
virtual_network_name=deploy_virtual_network.name,
address_prefixes=["10.0.1.0/24"])
deploy_network_security_group = azure.network.NetworkSecurityGroup("deployNetworkSecurityGroup",
location=deploy_resource_group.location,
resource_group_name=deploy_resource_group.name,
security_rules=[
azure.network.NetworkSecurityGroupSecurityRuleArgs(
name="AllowSyncWithAzureAD",
priority=101,
direction="Inbound",
access="Allow",
protocol="Tcp",
source_port_range="*",
destination_port_range="443",
source_address_prefix="AzureActiveDirectoryDomainServices",
destination_address_prefix="*",
),
azure.network.NetworkSecurityGroupSecurityRuleArgs(
name="AllowRD",
priority=201,
direction="Inbound",
access="Allow",
protocol="Tcp",
source_port_range="*",
destination_port_range="3389",
source_address_prefix="CorpNetSaw",
destination_address_prefix="*",
),
azure.network.NetworkSecurityGroupSecurityRuleArgs(
name="AllowPSRemoting",
priority=301,
direction="Inbound",
access="Allow",
protocol="Tcp",
source_port_range="*",
destination_port_range="5986",
source_address_prefix="AzureActiveDirectoryDomainServices",
destination_address_prefix="*",
),
azure.network.NetworkSecurityGroupSecurityRuleArgs(
name="AllowLDAPS",
priority=401,
direction="Inbound",
access="Allow",
protocol="Tcp",
source_port_range="*",
destination_port_range="636",
source_address_prefix="*",
destination_address_prefix="*",
),
])
deploy_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation",
subnet_id=deploy_subnet.id,
network_security_group_id=deploy_network_security_group.id)
dc_admins = azuread.Group("dcAdmins",
display_name="AAD DC Administrators",
security_enabled=True)
admin_user = azuread.User("adminUser",
user_principal_name="dc-admin@hashicorp-example.com",
display_name="DC Administrator",
password="Pa55w0Rd!!1")
admin_group_member = azuread.GroupMember("adminGroupMember",
group_object_id=dc_admins.object_id,
member_object_id=admin_user.object_id)
example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", application_id="2565bd9d-da50-47d4-8b85-4c97f669dc36")
# published app for domain services
aadds = azure.core.ResourceGroup("aadds", location="westeurope")
example_service = azure.domainservices.Service("exampleService",
location=aadds.location,
resource_group_name=aadds.name,
domain_name="widgetslogin.net",
sku="Enterprise",
filtered_sync_enabled=False,
initial_replica_set=azure.domainservices.ServiceInitialReplicaSetArgs(
subnet_id=deploy_subnet.id,
),
notifications=azure.domainservices.ServiceNotificationsArgs(
additional_recipients=[
"notifyA@example.net",
"notifyB@example.org",
],
notify_dc_admins=True,
notify_global_admins=True,
),
security=azure.domainservices.ServiceSecurityArgs(
sync_kerberos_passwords=True,
sync_ntlm_passwords=True,
sync_on_prem_passwords=True,
),
tags={
"Environment": "prod",
},
opts=pulumi.ResourceOptions(depends_on=[
example_service_principal,
deploy_subnet_network_security_group_association,
]))
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const deployResourceGroup = new azure.core.ResourceGroup("deployResourceGroup", {location: "West Europe"});
const deployVirtualNetwork = new azure.network.VirtualNetwork("deployVirtualNetwork", {
location: deployResourceGroup.location,
resourceGroupName: deployResourceGroup.name,
addressSpaces: ["10.0.1.0/16"],
});
const deploySubnet = new azure.network.Subnet("deploySubnet", {
resourceGroupName: deployResourceGroup.name,
virtualNetworkName: deployVirtualNetwork.name,
addressPrefixes: ["10.0.1.0/24"],
});
const deployNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("deployNetworkSecurityGroup", {
location: deployResourceGroup.location,
resourceGroupName: deployResourceGroup.name,
securityRules: [
{
name: "AllowSyncWithAzureAD",
priority: 101,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "443",
sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
destinationAddressPrefix: "*",
},
{
name: "AllowRD",
priority: 201,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "3389",
sourceAddressPrefix: "CorpNetSaw",
destinationAddressPrefix: "*",
},
{
name: "AllowPSRemoting",
priority: 301,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "5986",
sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
destinationAddressPrefix: "*",
},
{
name: "AllowLDAPS",
priority: 401,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "636",
sourceAddressPrefix: "*",
destinationAddressPrefix: "*",
},
],
});
const deploySubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", {
subnetId: deploySubnet.id,
networkSecurityGroupId: deployNetworkSecurityGroup.id,
});
const dcAdmins = new azuread.Group("dcAdmins", {
displayName: "AAD DC Administrators",
securityEnabled: true,
});
const adminUser = new azuread.User("adminUser", {
userPrincipalName: "dc-admin@hashicorp-example.com",
displayName: "DC Administrator",
password: "Pa55w0Rd!!1",
});
const adminGroupMember = new azuread.GroupMember("adminGroupMember", {
groupObjectId: dcAdmins.objectId,
memberObjectId: adminUser.objectId,
});
const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {applicationId: "2565bd9d-da50-47d4-8b85-4c97f669dc36"});
// published app for domain services
const aadds = new azure.core.ResourceGroup("aadds", {location: "westeurope"});
const exampleService = new azure.domainservices.Service("exampleService", {
location: aadds.location,
resourceGroupName: aadds.name,
domainName: "widgetslogin.net",
sku: "Enterprise",
filteredSyncEnabled: false,
initialReplicaSet: {
subnetId: deploySubnet.id,
},
notifications: {
additionalRecipients: [
"notifyA@example.net",
"notifyB@example.org",
],
notifyDcAdmins: true,
notifyGlobalAdmins: true,
},
security: {
syncKerberosPasswords: true,
syncNtlmPasswords: true,
syncOnPremPasswords: true,
},
tags: {
Environment: "prod",
},
}, {
dependsOn: [
exampleServicePrincipal,
deploySubnetNetworkSecurityGroupAssociation,
],
});
resources:
deployResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
deployVirtualNetwork:
type: azure:network:VirtualNetwork
properties:
location: ${deployResourceGroup.location}
resourceGroupName: ${deployResourceGroup.name}
addressSpaces:
- 10.0.1.0/16
deploySubnet:
type: azure:network:Subnet
properties:
resourceGroupName: ${deployResourceGroup.name}
virtualNetworkName: ${deployVirtualNetwork.name}
addressPrefixes:
- 10.0.1.0/24
deployNetworkSecurityGroup:
type: azure:network:NetworkSecurityGroup
properties:
location: ${deployResourceGroup.location}
resourceGroupName: ${deployResourceGroup.name}
securityRules:
- name: AllowSyncWithAzureAD
priority: 101
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '443'
sourceAddressPrefix: AzureActiveDirectoryDomainServices
destinationAddressPrefix: '*'
- name: AllowRD
priority: 201
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '3389'
sourceAddressPrefix: CorpNetSaw
destinationAddressPrefix: '*'
- name: AllowPSRemoting
priority: 301
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '5986'
sourceAddressPrefix: AzureActiveDirectoryDomainServices
destinationAddressPrefix: '*'
- name: AllowLDAPS
priority: 401
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '636'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
deploySubnetNetworkSecurityGroupAssociation:
type: azure:network:SubnetNetworkSecurityGroupAssociation
properties:
subnetId: ${deploySubnet.id}
networkSecurityGroupId: ${deployNetworkSecurityGroup.id}
dcAdmins:
type: azuread:Group
properties:
displayName: AAD DC Administrators
securityEnabled: true
adminUser:
type: azuread:User
properties:
userPrincipalName: dc-admin@hashicorp-example.com
displayName: DC Administrator
password: Pa55w0Rd!!1
adminGroupMember:
type: azuread:GroupMember
properties:
groupObjectId: ${dcAdmins.objectId}
memberObjectId: ${adminUser.objectId}
exampleServicePrincipal:
type: azuread:ServicePrincipal
properties:
applicationId: 2565bd9d-da50-47d4-8b85-4c97f669dc36
aadds:
type: azure:core:ResourceGroup
properties:
location: westeurope
exampleService:
type: azure:domainservices:Service
properties:
location: ${aadds.location}
resourceGroupName: ${aadds.name}
domainName: widgetslogin.net
sku: Enterprise
filteredSyncEnabled: false
initialReplicaSet:
subnetId: ${deploySubnet.id}
notifications:
additionalRecipients:
- notifyA@example.net
- notifyB@example.org
notifyDcAdmins: true
notifyGlobalAdmins: true
security:
syncKerberosPasswords: true
syncNtlmPasswords: true
syncOnPremPasswords: true
tags:
Environment: prod
options:
dependson:
- ${exampleServicePrincipal}
- ${deploySubnetNetworkSecurityGroupAssociation}
Create Service Resource
new Service(name: string, args: ServiceArgs, opts?: CustomResourceOptions);@overload
def Service(resource_name: str,
opts: Optional[ResourceOptions] = None,
domain_configuration_type: Optional[str] = None,
domain_name: Optional[str] = None,
filtered_sync_enabled: Optional[bool] = None,
initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
location: Optional[str] = None,
name: Optional[str] = None,
notifications: Optional[ServiceNotificationsArgs] = None,
resource_group_name: Optional[str] = None,
secure_ldap: Optional[ServiceSecureLdapArgs] = None,
security: Optional[ServiceSecurityArgs] = None,
sku: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def Service(resource_name: str,
args: ServiceArgs,
opts: Optional[ResourceOptions] = None)func NewService(ctx *Context, name string, args ServiceArgs, opts ...ResourceOption) (*Service, error)public Service(string name, ServiceArgs args, CustomResourceOptions? opts = null)
public Service(String name, ServiceArgs args)
public Service(String name, ServiceArgs args, CustomResourceOptions options)
type: azure:domainservices:Service
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Service Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Service resource accepts the following input properties:
- Domain
Name string The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Initial
Replica ServiceSet Initial Replica Set An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- Resource
Group stringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Sku string
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- Domain
Configuration stringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- Filtered
Sync boolEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- Location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications A
notificationsblock as defined below.- Secure
Ldap ServiceSecure Ldap A
secure_ldapblock as defined below.- Security
Service
Security A
securityblock as defined below.- Dictionary<string, string>
A mapping of tags assigned to the resource.
- Domain
Name string The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Initial
Replica ServiceSet Initial Replica Set Args An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- Resource
Group stringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Sku string
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- Domain
Configuration stringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- Filtered
Sync boolEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- Location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications Args A
notificationsblock as defined below.- Secure
Ldap ServiceSecure Ldap Args A
secure_ldapblock as defined below.- Security
Service
Security Args A
securityblock as defined below.- map[string]string
A mapping of tags assigned to the resource.
- domain
Name String The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial
Replica ServiceSet Initial Replica Set An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- resource
Group StringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku String
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- domain
Configuration StringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- filtered
Sync BooleanEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- location String
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications A
notificationsblock as defined below.- secure
Ldap ServiceSecure Ldap A
secure_ldapblock as defined below.- security
Service
Security A
securityblock as defined below.- Map<String,String>
A mapping of tags assigned to the resource.
- domain
Name string The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial
Replica ServiceSet Initial Replica Set An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- resource
Group stringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku string
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- domain
Configuration stringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- filtered
Sync booleanEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name string
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications A
notificationsblock as defined below.- secure
Ldap ServiceSecure Ldap A
secure_ldapblock as defined below.- security
Service
Security A
securityblock as defined below.- {[key: string]: string}
A mapping of tags assigned to the resource.
- domain_
name str The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial_
replica_ Serviceset Initial Replica Set Args An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- resource_
group_ strname The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku str
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- domain_
configuration_ strtype The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- filtered_
sync_ boolenabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- location str
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name str
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications Args A
notificationsblock as defined below.- secure_
ldap ServiceSecure Ldap Args A
secure_ldapblock as defined below.- security
Service
Security Args A
securityblock as defined below.- Mapping[str, str]
A mapping of tags assigned to the resource.
- domain
Name String The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial
Replica Property MapSet An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- resource
Group StringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku String
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- domain
Configuration StringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- filtered
Sync BooleanEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- location String
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications Property Map
A
notificationsblock as defined below.- secure
Ldap Property Map A
secure_ldapblock as defined below.- security Property Map
A
securityblock as defined below.- Map<String>
A mapping of tags assigned to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Service resource produces the following output properties:
- Deployment
Id string A unique ID for the managed domain deployment.
- Id string
The provider-assigned unique ID for this managed resource.
- Resource
Id string The Azure resource ID for the domain service.
- Sync
Owner string - Tenant
Id string - Version int
- Deployment
Id string A unique ID for the managed domain deployment.
- Id string
The provider-assigned unique ID for this managed resource.
- Resource
Id string The Azure resource ID for the domain service.
- Sync
Owner string - Tenant
Id string - Version int
- deployment
Id String A unique ID for the managed domain deployment.
- id String
The provider-assigned unique ID for this managed resource.
- resource
Id String The Azure resource ID for the domain service.
- sync
Owner String - tenant
Id String - version Integer
- deployment
Id string A unique ID for the managed domain deployment.
- id string
The provider-assigned unique ID for this managed resource.
- resource
Id string The Azure resource ID for the domain service.
- sync
Owner string - tenant
Id string - version number
- deployment_
id str A unique ID for the managed domain deployment.
- id str
The provider-assigned unique ID for this managed resource.
- resource_
id str The Azure resource ID for the domain service.
- sync_
owner str - tenant_
id str - version int
- deployment
Id String A unique ID for the managed domain deployment.
- id String
The provider-assigned unique ID for this managed resource.
- resource
Id String The Azure resource ID for the domain service.
- sync
Owner String - tenant
Id String - version Number
Look up Existing Service Resource
Get an existing Service resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServiceState, opts?: CustomResourceOptions): Service@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
deployment_id: Optional[str] = None,
domain_configuration_type: Optional[str] = None,
domain_name: Optional[str] = None,
filtered_sync_enabled: Optional[bool] = None,
initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
location: Optional[str] = None,
name: Optional[str] = None,
notifications: Optional[ServiceNotificationsArgs] = None,
resource_group_name: Optional[str] = None,
resource_id: Optional[str] = None,
secure_ldap: Optional[ServiceSecureLdapArgs] = None,
security: Optional[ServiceSecurityArgs] = None,
sku: Optional[str] = None,
sync_owner: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tenant_id: Optional[str] = None,
version: Optional[int] = None) -> Servicefunc GetService(ctx *Context, name string, id IDInput, state *ServiceState, opts ...ResourceOption) (*Service, error)public static Service Get(string name, Input<string> id, ServiceState? state, CustomResourceOptions? opts = null)public static Service get(String name, Output<String> id, ServiceState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Deployment
Id string A unique ID for the managed domain deployment.
- Domain
Configuration stringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- Domain
Name string The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Filtered
Sync boolEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- Initial
Replica ServiceSet Initial Replica Set An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- Location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications A
notificationsblock as defined below.- Resource
Group stringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Resource
Id string The Azure resource ID for the domain service.
- Secure
Ldap ServiceSecure Ldap A
secure_ldapblock as defined below.- Security
Service
Security A
securityblock as defined below.- Sku string
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- Sync
Owner string - Dictionary<string, string>
A mapping of tags assigned to the resource.
- Tenant
Id string - Version int
- Deployment
Id string A unique ID for the managed domain deployment.
- Domain
Configuration stringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- Domain
Name string The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Filtered
Sync boolEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- Initial
Replica ServiceSet Initial Replica Set Args An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- Location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications Args A
notificationsblock as defined below.- Resource
Group stringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Resource
Id string The Azure resource ID for the domain service.
- Secure
Ldap ServiceSecure Ldap Args A
secure_ldapblock as defined below.- Security
Service
Security Args A
securityblock as defined below.- Sku string
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- Sync
Owner string - map[string]string
A mapping of tags assigned to the resource.
- Tenant
Id string - Version int
- deployment
Id String A unique ID for the managed domain deployment.
- domain
Configuration StringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- domain
Name String The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered
Sync BooleanEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- initial
Replica ServiceSet Initial Replica Set An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- location String
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications A
notificationsblock as defined below.- resource
Group StringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource
Id String The Azure resource ID for the domain service.
- secure
Ldap ServiceSecure Ldap A
secure_ldapblock as defined below.- security
Service
Security A
securityblock as defined below.- sku String
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- sync
Owner String - Map<String,String>
A mapping of tags assigned to the resource.
- tenant
Id String - version Integer
- deployment
Id string A unique ID for the managed domain deployment.
- domain
Configuration stringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- domain
Name string The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered
Sync booleanEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- initial
Replica ServiceSet Initial Replica Set An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name string
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications A
notificationsblock as defined below.- resource
Group stringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource
Id string The Azure resource ID for the domain service.
- secure
Ldap ServiceSecure Ldap A
secure_ldapblock as defined below.- security
Service
Security A
securityblock as defined below.- sku string
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- sync
Owner string - {[key: string]: string}
A mapping of tags assigned to the resource.
- tenant
Id string - version number
- deployment_
id str A unique ID for the managed domain deployment.
- domain_
configuration_ strtype The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- domain_
name str The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered_
sync_ boolenabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- initial_
replica_ Serviceset Initial Replica Set Args An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- location str
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name str
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications Args A
notificationsblock as defined below.- resource_
group_ strname The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource_
id str The Azure resource ID for the domain service.
- secure_
ldap ServiceSecure Ldap Args A
secure_ldapblock as defined below.- security
Service
Security Args A
securityblock as defined below.- sku str
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- sync_
owner str - Mapping[str, str]
A mapping of tags assigned to the resource.
- tenant_
id str - version int
- deployment
Id String A unique ID for the managed domain deployment.
- domain
Configuration StringType The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created.- domain
Name String The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered
Sync BooleanEnabled Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false.- initial
Replica Property MapSet An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource.- location String
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications Property Map
A
notificationsblock as defined below.- resource
Group StringName The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource
Id String The Azure resource ID for the domain service.
- secure
Ldap Property Map A
secure_ldapblock as defined below.- security Property Map
A
securityblock as defined below.- sku String
The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium.- sync
Owner String - Map<String>
A mapping of tags assigned to the resource.
- tenant
Id String - version Number
Supporting Types
ServiceInitialReplicaSet, ServiceInitialReplicaSetArgs
- Subnet
Id string The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- Domain
Controller List<string>Ip Addresses A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- External
Access stringIp Address The publicly routable IP address for the domain controllers in the initial replica set.
- Id string
A unique ID for the replica set.
- Location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Service
Status string The current service status for the initial replica set.
- Subnet
Id string The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- Domain
Controller []stringIp Addresses A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- External
Access stringIp Address The publicly routable IP address for the domain controllers in the initial replica set.
- Id string
A unique ID for the replica set.
- Location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Service
Status string The current service status for the initial replica set.
- subnet
Id String The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain
Controller List<String>Ip Addresses A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external
Access StringIp Address The publicly routable IP address for the domain controllers in the initial replica set.
- id String
A unique ID for the replica set.
- location String
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service
Status String The current service status for the initial replica set.
- subnet
Id string The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain
Controller string[]Ip Addresses A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external
Access stringIp Address The publicly routable IP address for the domain controllers in the initial replica set.
- id string
A unique ID for the replica set.
- location string
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service
Status string The current service status for the initial replica set.
- subnet_
id str The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain_
controller_ Sequence[str]ip_ addresses A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external_
access_ strip_ address The publicly routable IP address for the domain controllers in the initial replica set.
- id str
A unique ID for the replica set.
- location str
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service_
status str The current service status for the initial replica set.
- subnet
Id String The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain
Controller List<String>Ip Addresses A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external
Access StringIp Address The publicly routable IP address for the domain controllers in the initial replica set.
- id String
A unique ID for the replica set.
- location String
The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service
Status String The current service status for the initial replica set.
ServiceNotifications, ServiceNotificationsArgs
- Additional
Recipients List<string> A list of additional email addresses to notify when there are alerts in the managed domain.
- Notify
Dc boolAdmins Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- Notify
Global boolAdmins Whether to notify all Global Administrators when there are alerts in the managed domain.
- Additional
Recipients []string A list of additional email addresses to notify when there are alerts in the managed domain.
- Notify
Dc boolAdmins Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- Notify
Global boolAdmins Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional
Recipients List<String> A list of additional email addresses to notify when there are alerts in the managed domain.
- notify
Dc BooleanAdmins Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify
Global BooleanAdmins Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional
Recipients string[] A list of additional email addresses to notify when there are alerts in the managed domain.
- notify
Dc booleanAdmins Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify
Global booleanAdmins Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional_
recipients Sequence[str] A list of additional email addresses to notify when there are alerts in the managed domain.
- notify_
dc_ booladmins Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify_
global_ booladmins Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional
Recipients List<String> A list of additional email addresses to notify when there are alerts in the managed domain.
- notify
Dc BooleanAdmins Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify
Global BooleanAdmins Whether to notify all Global Administrators when there are alerts in the managed domain.
ServiceSecureLdap, ServiceSecureLdapArgs
- Enabled bool
Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- Pfx
Certificate string The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- Pfx
Certificate stringPassword The password to use for decrypting the PKCS#12 bundle (PFX file).
- Certificate
Expiry string The expiry time of the certificate.
- Certificate
Thumbprint string The thumbprint of the certificate.
- External
Access boolEnabled Whether to enable external access to LDAPS over the Internet. Defaults to
false.- Public
Certificate string The public certificate.
- Enabled bool
Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- Pfx
Certificate string The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- Pfx
Certificate stringPassword The password to use for decrypting the PKCS#12 bundle (PFX file).
- Certificate
Expiry string The expiry time of the certificate.
- Certificate
Thumbprint string The thumbprint of the certificate.
- External
Access boolEnabled Whether to enable external access to LDAPS over the Internet. Defaults to
false.- Public
Certificate string The public certificate.
- enabled Boolean
Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx
Certificate String The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx
Certificate StringPassword The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate
Expiry String The expiry time of the certificate.
- certificate
Thumbprint String The thumbprint of the certificate.
- external
Access BooleanEnabled Whether to enable external access to LDAPS over the Internet. Defaults to
false.- public
Certificate String The public certificate.
- enabled boolean
Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx
Certificate string The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx
Certificate stringPassword The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate
Expiry string The expiry time of the certificate.
- certificate
Thumbprint string The thumbprint of the certificate.
- external
Access booleanEnabled Whether to enable external access to LDAPS over the Internet. Defaults to
false.- public
Certificate string The public certificate.
- enabled bool
Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx_
certificate str The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx_
certificate_ strpassword The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate_
expiry str The expiry time of the certificate.
- certificate_
thumbprint str The thumbprint of the certificate.
- external_
access_ boolenabled Whether to enable external access to LDAPS over the Internet. Defaults to
false.- public_
certificate str The public certificate.
- enabled Boolean
Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx
Certificate String The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx
Certificate StringPassword The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate
Expiry String The expiry time of the certificate.
- certificate
Thumbprint String The thumbprint of the certificate.
- external
Access BooleanEnabled Whether to enable external access to LDAPS over the Internet. Defaults to
false.- public
Certificate String The public certificate.
ServiceSecurity, ServiceSecurityArgs
- Kerberos
Armoring boolEnabled Whether to enable Kerberos Armoring. Defaults to
false.- Kerberos
Rc4Encryption boolEnabled Whether to enable Kerberos RC4 Encryption. Defaults to
false.- Ntlm
V1Enabled bool Whether to enable legacy NTLM v1 support. Defaults to
false.- Sync
Kerberos boolPasswords Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false.- Sync
Ntlm boolPasswords Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false.- Sync
On boolPrem Passwords Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false.- Tls
V1Enabled bool Whether to enable legacy TLS v1 support. Defaults to
false.
- Kerberos
Armoring boolEnabled Whether to enable Kerberos Armoring. Defaults to
false.- Kerberos
Rc4Encryption boolEnabled Whether to enable Kerberos RC4 Encryption. Defaults to
false.- Ntlm
V1Enabled bool Whether to enable legacy NTLM v1 support. Defaults to
false.- Sync
Kerberos boolPasswords Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false.- Sync
Ntlm boolPasswords Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false.- Sync
On boolPrem Passwords Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false.- Tls
V1Enabled bool Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos
Armoring BooleanEnabled Whether to enable Kerberos Armoring. Defaults to
false.- kerberos
Rc4Encryption BooleanEnabled Whether to enable Kerberos RC4 Encryption. Defaults to
false.- ntlm
V1Enabled Boolean Whether to enable legacy NTLM v1 support. Defaults to
false.- sync
Kerberos BooleanPasswords Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false.- sync
Ntlm BooleanPasswords Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false.- sync
On BooleanPrem Passwords Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false.- tls
V1Enabled Boolean Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos
Armoring booleanEnabled Whether to enable Kerberos Armoring. Defaults to
false.- kerberos
Rc4Encryption booleanEnabled Whether to enable Kerberos RC4 Encryption. Defaults to
false.- ntlm
V1Enabled boolean Whether to enable legacy NTLM v1 support. Defaults to
false.- sync
Kerberos booleanPasswords Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false.- sync
Ntlm booleanPasswords Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false.- sync
On booleanPrem Passwords Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false.- tls
V1Enabled boolean Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos_
armoring_ boolenabled Whether to enable Kerberos Armoring. Defaults to
false.- kerberos_
rc4_ boolencryption_ enabled Whether to enable Kerberos RC4 Encryption. Defaults to
false.- ntlm_
v1_ boolenabled Whether to enable legacy NTLM v1 support. Defaults to
false.- sync_
kerberos_ boolpasswords Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false.- sync_
ntlm_ boolpasswords Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false.- sync_
on_ boolprem_ passwords Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false.- tls_
v1_ boolenabled Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos
Armoring BooleanEnabled Whether to enable Kerberos Armoring. Defaults to
false.- kerberos
Rc4Encryption BooleanEnabled Whether to enable Kerberos RC4 Encryption. Defaults to
false.- ntlm
V1Enabled Boolean Whether to enable legacy NTLM v1 support. Defaults to
false.- sync
Kerberos BooleanPasswords Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false.- sync
Ntlm BooleanPasswords Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false.- sync
On BooleanPrem Passwords Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false.- tls
V1Enabled Boolean Whether to enable legacy TLS v1 support. Defaults to
false.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurermTerraform Provider.