1. Packages
  2. Azure Classic
  3. API Docs
  4. domainservices
  5. Service

We recommend using Azure Native.

Azure Classic v5.57.0 published on Tuesday, Nov 28, 2023 by Pulumi

azure.domainservices.Service

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v5.57.0 published on Tuesday, Nov 28, 2023 by Pulumi

    Import

    Domain Services can be imported using the resource ID, together with the Replica Set ID that you wish to designate as the initial replica set, e.g.

     $ pulumi import azure:domainservices/service:Service example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/initialReplicaSetId/00000000-0000-0000-0000-000000000000
    

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    using AzureAD = Pulumi.AzureAD;
    
    return await Deployment.RunAsync(() => 
    {
        var deployResourceGroup = new Azure.Core.ResourceGroup("deployResourceGroup", new()
        {
            Location = "West Europe",
        });
    
        var deployVirtualNetwork = new Azure.Network.VirtualNetwork("deployVirtualNetwork", new()
        {
            Location = deployResourceGroup.Location,
            ResourceGroupName = deployResourceGroup.Name,
            AddressSpaces = new[]
            {
                "10.0.1.0/16",
            },
        });
    
        var deploySubnet = new Azure.Network.Subnet("deploySubnet", new()
        {
            ResourceGroupName = deployResourceGroup.Name,
            VirtualNetworkName = deployVirtualNetwork.Name,
            AddressPrefixes = new[]
            {
                "10.0.1.0/24",
            },
        });
    
        var deployNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("deployNetworkSecurityGroup", new()
        {
            Location = deployResourceGroup.Location,
            ResourceGroupName = deployResourceGroup.Name,
            SecurityRules = new[]
            {
                new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
                {
                    Name = "AllowSyncWithAzureAD",
                    Priority = 101,
                    Direction = "Inbound",
                    Access = "Allow",
                    Protocol = "Tcp",
                    SourcePortRange = "*",
                    DestinationPortRange = "443",
                    SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
                    DestinationAddressPrefix = "*",
                },
                new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
                {
                    Name = "AllowRD",
                    Priority = 201,
                    Direction = "Inbound",
                    Access = "Allow",
                    Protocol = "Tcp",
                    SourcePortRange = "*",
                    DestinationPortRange = "3389",
                    SourceAddressPrefix = "CorpNetSaw",
                    DestinationAddressPrefix = "*",
                },
                new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
                {
                    Name = "AllowPSRemoting",
                    Priority = 301,
                    Direction = "Inbound",
                    Access = "Allow",
                    Protocol = "Tcp",
                    SourcePortRange = "*",
                    DestinationPortRange = "5986",
                    SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
                    DestinationAddressPrefix = "*",
                },
                new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
                {
                    Name = "AllowLDAPS",
                    Priority = 401,
                    Direction = "Inbound",
                    Access = "Allow",
                    Protocol = "Tcp",
                    SourcePortRange = "*",
                    DestinationPortRange = "636",
                    SourceAddressPrefix = "*",
                    DestinationAddressPrefix = "*",
                },
            },
        });
    
        var deploySubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", new()
        {
            SubnetId = deploySubnet.Id,
            NetworkSecurityGroupId = deployNetworkSecurityGroup.Id,
        });
    
        var dcAdmins = new AzureAD.Group("dcAdmins", new()
        {
            DisplayName = "AAD DC Administrators",
            SecurityEnabled = true,
        });
    
        var adminUser = new AzureAD.User("adminUser", new()
        {
            UserPrincipalName = "dc-admin@hashicorp-example.com",
            DisplayName = "DC Administrator",
            Password = "Pa55w0Rd!!1",
        });
    
        var adminGroupMember = new AzureAD.GroupMember("adminGroupMember", new()
        {
            GroupObjectId = dcAdmins.ObjectId,
            MemberObjectId = adminUser.ObjectId,
        });
    
        var exampleServicePrincipal = new AzureAD.ServicePrincipal("exampleServicePrincipal", new()
        {
            ApplicationId = "2565bd9d-da50-47d4-8b85-4c97f669dc36",
        });
    
        // published app for domain services
        var aadds = new Azure.Core.ResourceGroup("aadds", new()
        {
            Location = "westeurope",
        });
    
        var exampleService = new Azure.DomainServices.Service("exampleService", new()
        {
            Location = aadds.Location,
            ResourceGroupName = aadds.Name,
            DomainName = "widgetslogin.net",
            Sku = "Enterprise",
            FilteredSyncEnabled = false,
            InitialReplicaSet = new Azure.DomainServices.Inputs.ServiceInitialReplicaSetArgs
            {
                SubnetId = deploySubnet.Id,
            },
            Notifications = new Azure.DomainServices.Inputs.ServiceNotificationsArgs
            {
                AdditionalRecipients = new[]
                {
                    "notifyA@example.net",
                    "notifyB@example.org",
                },
                NotifyDcAdmins = true,
                NotifyGlobalAdmins = true,
            },
            Security = new Azure.DomainServices.Inputs.ServiceSecurityArgs
            {
                SyncKerberosPasswords = true,
                SyncNtlmPasswords = true,
                SyncOnPremPasswords = true,
            },
            Tags = 
            {
                { "Environment", "prod" },
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                exampleServicePrincipal,
                deploySubnetNetworkSecurityGroupAssociation,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/domainservices"
    	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
    	"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		deployResourceGroup, err := core.NewResourceGroup(ctx, "deployResourceGroup", &core.ResourceGroupArgs{
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		deployVirtualNetwork, err := network.NewVirtualNetwork(ctx, "deployVirtualNetwork", &network.VirtualNetworkArgs{
    			Location:          deployResourceGroup.Location,
    			ResourceGroupName: deployResourceGroup.Name,
    			AddressSpaces: pulumi.StringArray{
    				pulumi.String("10.0.1.0/16"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		deploySubnet, err := network.NewSubnet(ctx, "deploySubnet", &network.SubnetArgs{
    			ResourceGroupName:  deployResourceGroup.Name,
    			VirtualNetworkName: deployVirtualNetwork.Name,
    			AddressPrefixes: pulumi.StringArray{
    				pulumi.String("10.0.1.0/24"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		deployNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "deployNetworkSecurityGroup", &network.NetworkSecurityGroupArgs{
    			Location:          deployResourceGroup.Location,
    			ResourceGroupName: deployResourceGroup.Name,
    			SecurityRules: network.NetworkSecurityGroupSecurityRuleArray{
    				&network.NetworkSecurityGroupSecurityRuleArgs{
    					Name:                     pulumi.String("AllowSyncWithAzureAD"),
    					Priority:                 pulumi.Int(101),
    					Direction:                pulumi.String("Inbound"),
    					Access:                   pulumi.String("Allow"),
    					Protocol:                 pulumi.String("Tcp"),
    					SourcePortRange:          pulumi.String("*"),
    					DestinationPortRange:     pulumi.String("443"),
    					SourceAddressPrefix:      pulumi.String("AzureActiveDirectoryDomainServices"),
    					DestinationAddressPrefix: pulumi.String("*"),
    				},
    				&network.NetworkSecurityGroupSecurityRuleArgs{
    					Name:                     pulumi.String("AllowRD"),
    					Priority:                 pulumi.Int(201),
    					Direction:                pulumi.String("Inbound"),
    					Access:                   pulumi.String("Allow"),
    					Protocol:                 pulumi.String("Tcp"),
    					SourcePortRange:          pulumi.String("*"),
    					DestinationPortRange:     pulumi.String("3389"),
    					SourceAddressPrefix:      pulumi.String("CorpNetSaw"),
    					DestinationAddressPrefix: pulumi.String("*"),
    				},
    				&network.NetworkSecurityGroupSecurityRuleArgs{
    					Name:                     pulumi.String("AllowPSRemoting"),
    					Priority:                 pulumi.Int(301),
    					Direction:                pulumi.String("Inbound"),
    					Access:                   pulumi.String("Allow"),
    					Protocol:                 pulumi.String("Tcp"),
    					SourcePortRange:          pulumi.String("*"),
    					DestinationPortRange:     pulumi.String("5986"),
    					SourceAddressPrefix:      pulumi.String("AzureActiveDirectoryDomainServices"),
    					DestinationAddressPrefix: pulumi.String("*"),
    				},
    				&network.NetworkSecurityGroupSecurityRuleArgs{
    					Name:                     pulumi.String("AllowLDAPS"),
    					Priority:                 pulumi.Int(401),
    					Direction:                pulumi.String("Inbound"),
    					Access:                   pulumi.String("Allow"),
    					Protocol:                 pulumi.String("Tcp"),
    					SourcePortRange:          pulumi.String("*"),
    					DestinationPortRange:     pulumi.String("636"),
    					SourceAddressPrefix:      pulumi.String("*"),
    					DestinationAddressPrefix: pulumi.String("*"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		deploySubnetNetworkSecurityGroupAssociation, err := network.NewSubnetNetworkSecurityGroupAssociation(ctx, "deploySubnetNetworkSecurityGroupAssociation", &network.SubnetNetworkSecurityGroupAssociationArgs{
    			SubnetId:               deploySubnet.ID(),
    			NetworkSecurityGroupId: deployNetworkSecurityGroup.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		dcAdmins, err := azuread.NewGroup(ctx, "dcAdmins", &azuread.GroupArgs{
    			DisplayName:     pulumi.String("AAD DC Administrators"),
    			SecurityEnabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		adminUser, err := azuread.NewUser(ctx, "adminUser", &azuread.UserArgs{
    			UserPrincipalName: pulumi.String("dc-admin@hashicorp-example.com"),
    			DisplayName:       pulumi.String("DC Administrator"),
    			Password:          pulumi.String("Pa55w0Rd!!1"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuread.NewGroupMember(ctx, "adminGroupMember", &azuread.GroupMemberArgs{
    			GroupObjectId:  dcAdmins.ObjectId,
    			MemberObjectId: adminUser.ObjectId,
    		})
    		if err != nil {
    			return err
    		}
    		exampleServicePrincipal, err := azuread.NewServicePrincipal(ctx, "exampleServicePrincipal", &azuread.ServicePrincipalArgs{
    			ApplicationId: pulumi.String("2565bd9d-da50-47d4-8b85-4c97f669dc36"),
    		})
    		if err != nil {
    			return err
    		}
    		aadds, err := core.NewResourceGroup(ctx, "aadds", &core.ResourceGroupArgs{
    			Location: pulumi.String("westeurope"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = domainservices.NewService(ctx, "exampleService", &domainservices.ServiceArgs{
    			Location:            aadds.Location,
    			ResourceGroupName:   aadds.Name,
    			DomainName:          pulumi.String("widgetslogin.net"),
    			Sku:                 pulumi.String("Enterprise"),
    			FilteredSyncEnabled: pulumi.Bool(false),
    			InitialReplicaSet: &domainservices.ServiceInitialReplicaSetArgs{
    				SubnetId: deploySubnet.ID(),
    			},
    			Notifications: &domainservices.ServiceNotificationsArgs{
    				AdditionalRecipients: pulumi.StringArray{
    					pulumi.String("notifyA@example.net"),
    					pulumi.String("notifyB@example.org"),
    				},
    				NotifyDcAdmins:     pulumi.Bool(true),
    				NotifyGlobalAdmins: pulumi.Bool(true),
    			},
    			Security: &domainservices.ServiceSecurityArgs{
    				SyncKerberosPasswords: pulumi.Bool(true),
    				SyncNtlmPasswords:     pulumi.Bool(true),
    				SyncOnPremPasswords:   pulumi.Bool(true),
    			},
    			Tags: pulumi.StringMap{
    				"Environment": pulumi.String("prod"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			exampleServicePrincipal,
    			deploySubnetNetworkSecurityGroupAssociation,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.network.VirtualNetwork;
    import com.pulumi.azure.network.VirtualNetworkArgs;
    import com.pulumi.azure.network.Subnet;
    import com.pulumi.azure.network.SubnetArgs;
    import com.pulumi.azure.network.NetworkSecurityGroup;
    import com.pulumi.azure.network.NetworkSecurityGroupArgs;
    import com.pulumi.azure.network.inputs.NetworkSecurityGroupSecurityRuleArgs;
    import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
    import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
    import com.pulumi.azuread.Group;
    import com.pulumi.azuread.GroupArgs;
    import com.pulumi.azuread.User;
    import com.pulumi.azuread.UserArgs;
    import com.pulumi.azuread.GroupMember;
    import com.pulumi.azuread.GroupMemberArgs;
    import com.pulumi.azuread.ServicePrincipal;
    import com.pulumi.azuread.ServicePrincipalArgs;
    import com.pulumi.azure.domainservices.Service;
    import com.pulumi.azure.domainservices.ServiceArgs;
    import com.pulumi.azure.domainservices.inputs.ServiceInitialReplicaSetArgs;
    import com.pulumi.azure.domainservices.inputs.ServiceNotificationsArgs;
    import com.pulumi.azure.domainservices.inputs.ServiceSecurityArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var deployResourceGroup = new ResourceGroup("deployResourceGroup", ResourceGroupArgs.builder()        
                .location("West Europe")
                .build());
    
            var deployVirtualNetwork = new VirtualNetwork("deployVirtualNetwork", VirtualNetworkArgs.builder()        
                .location(deployResourceGroup.location())
                .resourceGroupName(deployResourceGroup.name())
                .addressSpaces("10.0.1.0/16")
                .build());
    
            var deploySubnet = new Subnet("deploySubnet", SubnetArgs.builder()        
                .resourceGroupName(deployResourceGroup.name())
                .virtualNetworkName(deployVirtualNetwork.name())
                .addressPrefixes("10.0.1.0/24")
                .build());
    
            var deployNetworkSecurityGroup = new NetworkSecurityGroup("deployNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()        
                .location(deployResourceGroup.location())
                .resourceGroupName(deployResourceGroup.name())
                .securityRules(            
                    NetworkSecurityGroupSecurityRuleArgs.builder()
                        .name("AllowSyncWithAzureAD")
                        .priority(101)
                        .direction("Inbound")
                        .access("Allow")
                        .protocol("Tcp")
                        .sourcePortRange("*")
                        .destinationPortRange("443")
                        .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
                        .destinationAddressPrefix("*")
                        .build(),
                    NetworkSecurityGroupSecurityRuleArgs.builder()
                        .name("AllowRD")
                        .priority(201)
                        .direction("Inbound")
                        .access("Allow")
                        .protocol("Tcp")
                        .sourcePortRange("*")
                        .destinationPortRange("3389")
                        .sourceAddressPrefix("CorpNetSaw")
                        .destinationAddressPrefix("*")
                        .build(),
                    NetworkSecurityGroupSecurityRuleArgs.builder()
                        .name("AllowPSRemoting")
                        .priority(301)
                        .direction("Inbound")
                        .access("Allow")
                        .protocol("Tcp")
                        .sourcePortRange("*")
                        .destinationPortRange("5986")
                        .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
                        .destinationAddressPrefix("*")
                        .build(),
                    NetworkSecurityGroupSecurityRuleArgs.builder()
                        .name("AllowLDAPS")
                        .priority(401)
                        .direction("Inbound")
                        .access("Allow")
                        .protocol("Tcp")
                        .sourcePortRange("*")
                        .destinationPortRange("636")
                        .sourceAddressPrefix("*")
                        .destinationAddressPrefix("*")
                        .build())
                .build());
    
            var deploySubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()        
                .subnetId(deploySubnet.id())
                .networkSecurityGroupId(deployNetworkSecurityGroup.id())
                .build());
    
            var dcAdmins = new Group("dcAdmins", GroupArgs.builder()        
                .displayName("AAD DC Administrators")
                .securityEnabled(true)
                .build());
    
            var adminUser = new User("adminUser", UserArgs.builder()        
                .userPrincipalName("dc-admin@hashicorp-example.com")
                .displayName("DC Administrator")
                .password("Pa55w0Rd!!1")
                .build());
    
            var adminGroupMember = new GroupMember("adminGroupMember", GroupMemberArgs.builder()        
                .groupObjectId(dcAdmins.objectId())
                .memberObjectId(adminUser.objectId())
                .build());
    
            var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()        
                .applicationId("2565bd9d-da50-47d4-8b85-4c97f669dc36")
                .build());
    
            var aadds = new ResourceGroup("aadds", ResourceGroupArgs.builder()        
                .location("westeurope")
                .build());
    
            var exampleService = new Service("exampleService", ServiceArgs.builder()        
                .location(aadds.location())
                .resourceGroupName(aadds.name())
                .domainName("widgetslogin.net")
                .sku("Enterprise")
                .filteredSyncEnabled(false)
                .initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
                    .subnetId(deploySubnet.id())
                    .build())
                .notifications(ServiceNotificationsArgs.builder()
                    .additionalRecipients(                
                        "notifyA@example.net",
                        "notifyB@example.org")
                    .notifyDcAdmins(true)
                    .notifyGlobalAdmins(true)
                    .build())
                .security(ServiceSecurityArgs.builder()
                    .syncKerberosPasswords(true)
                    .syncNtlmPasswords(true)
                    .syncOnPremPasswords(true)
                    .build())
                .tags(Map.of("Environment", "prod"))
                .build(), CustomResourceOptions.builder()
                    .dependsOn(                
                        exampleServicePrincipal,
                        deploySubnetNetworkSecurityGroupAssociation)
                    .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure as azure
    import pulumi_azuread as azuread
    
    deploy_resource_group = azure.core.ResourceGroup("deployResourceGroup", location="West Europe")
    deploy_virtual_network = azure.network.VirtualNetwork("deployVirtualNetwork",
        location=deploy_resource_group.location,
        resource_group_name=deploy_resource_group.name,
        address_spaces=["10.0.1.0/16"])
    deploy_subnet = azure.network.Subnet("deploySubnet",
        resource_group_name=deploy_resource_group.name,
        virtual_network_name=deploy_virtual_network.name,
        address_prefixes=["10.0.1.0/24"])
    deploy_network_security_group = azure.network.NetworkSecurityGroup("deployNetworkSecurityGroup",
        location=deploy_resource_group.location,
        resource_group_name=deploy_resource_group.name,
        security_rules=[
            azure.network.NetworkSecurityGroupSecurityRuleArgs(
                name="AllowSyncWithAzureAD",
                priority=101,
                direction="Inbound",
                access="Allow",
                protocol="Tcp",
                source_port_range="*",
                destination_port_range="443",
                source_address_prefix="AzureActiveDirectoryDomainServices",
                destination_address_prefix="*",
            ),
            azure.network.NetworkSecurityGroupSecurityRuleArgs(
                name="AllowRD",
                priority=201,
                direction="Inbound",
                access="Allow",
                protocol="Tcp",
                source_port_range="*",
                destination_port_range="3389",
                source_address_prefix="CorpNetSaw",
                destination_address_prefix="*",
            ),
            azure.network.NetworkSecurityGroupSecurityRuleArgs(
                name="AllowPSRemoting",
                priority=301,
                direction="Inbound",
                access="Allow",
                protocol="Tcp",
                source_port_range="*",
                destination_port_range="5986",
                source_address_prefix="AzureActiveDirectoryDomainServices",
                destination_address_prefix="*",
            ),
            azure.network.NetworkSecurityGroupSecurityRuleArgs(
                name="AllowLDAPS",
                priority=401,
                direction="Inbound",
                access="Allow",
                protocol="Tcp",
                source_port_range="*",
                destination_port_range="636",
                source_address_prefix="*",
                destination_address_prefix="*",
            ),
        ])
    deploy_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation",
        subnet_id=deploy_subnet.id,
        network_security_group_id=deploy_network_security_group.id)
    dc_admins = azuread.Group("dcAdmins",
        display_name="AAD DC Administrators",
        security_enabled=True)
    admin_user = azuread.User("adminUser",
        user_principal_name="dc-admin@hashicorp-example.com",
        display_name="DC Administrator",
        password="Pa55w0Rd!!1")
    admin_group_member = azuread.GroupMember("adminGroupMember",
        group_object_id=dc_admins.object_id,
        member_object_id=admin_user.object_id)
    example_service_principal = azuread.ServicePrincipal("exampleServicePrincipal", application_id="2565bd9d-da50-47d4-8b85-4c97f669dc36")
    # published app for domain services
    aadds = azure.core.ResourceGroup("aadds", location="westeurope")
    example_service = azure.domainservices.Service("exampleService",
        location=aadds.location,
        resource_group_name=aadds.name,
        domain_name="widgetslogin.net",
        sku="Enterprise",
        filtered_sync_enabled=False,
        initial_replica_set=azure.domainservices.ServiceInitialReplicaSetArgs(
            subnet_id=deploy_subnet.id,
        ),
        notifications=azure.domainservices.ServiceNotificationsArgs(
            additional_recipients=[
                "notifyA@example.net",
                "notifyB@example.org",
            ],
            notify_dc_admins=True,
            notify_global_admins=True,
        ),
        security=azure.domainservices.ServiceSecurityArgs(
            sync_kerberos_passwords=True,
            sync_ntlm_passwords=True,
            sync_on_prem_passwords=True,
        ),
        tags={
            "Environment": "prod",
        },
        opts=pulumi.ResourceOptions(depends_on=[
                example_service_principal,
                deploy_subnet_network_security_group_association,
            ]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    import * as azuread from "@pulumi/azuread";
    
    const deployResourceGroup = new azure.core.ResourceGroup("deployResourceGroup", {location: "West Europe"});
    const deployVirtualNetwork = new azure.network.VirtualNetwork("deployVirtualNetwork", {
        location: deployResourceGroup.location,
        resourceGroupName: deployResourceGroup.name,
        addressSpaces: ["10.0.1.0/16"],
    });
    const deploySubnet = new azure.network.Subnet("deploySubnet", {
        resourceGroupName: deployResourceGroup.name,
        virtualNetworkName: deployVirtualNetwork.name,
        addressPrefixes: ["10.0.1.0/24"],
    });
    const deployNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("deployNetworkSecurityGroup", {
        location: deployResourceGroup.location,
        resourceGroupName: deployResourceGroup.name,
        securityRules: [
            {
                name: "AllowSyncWithAzureAD",
                priority: 101,
                direction: "Inbound",
                access: "Allow",
                protocol: "Tcp",
                sourcePortRange: "*",
                destinationPortRange: "443",
                sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
                destinationAddressPrefix: "*",
            },
            {
                name: "AllowRD",
                priority: 201,
                direction: "Inbound",
                access: "Allow",
                protocol: "Tcp",
                sourcePortRange: "*",
                destinationPortRange: "3389",
                sourceAddressPrefix: "CorpNetSaw",
                destinationAddressPrefix: "*",
            },
            {
                name: "AllowPSRemoting",
                priority: 301,
                direction: "Inbound",
                access: "Allow",
                protocol: "Tcp",
                sourcePortRange: "*",
                destinationPortRange: "5986",
                sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
                destinationAddressPrefix: "*",
            },
            {
                name: "AllowLDAPS",
                priority: 401,
                direction: "Inbound",
                access: "Allow",
                protocol: "Tcp",
                sourcePortRange: "*",
                destinationPortRange: "636",
                sourceAddressPrefix: "*",
                destinationAddressPrefix: "*",
            },
        ],
    });
    const deploySubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", {
        subnetId: deploySubnet.id,
        networkSecurityGroupId: deployNetworkSecurityGroup.id,
    });
    const dcAdmins = new azuread.Group("dcAdmins", {
        displayName: "AAD DC Administrators",
        securityEnabled: true,
    });
    const adminUser = new azuread.User("adminUser", {
        userPrincipalName: "dc-admin@hashicorp-example.com",
        displayName: "DC Administrator",
        password: "Pa55w0Rd!!1",
    });
    const adminGroupMember = new azuread.GroupMember("adminGroupMember", {
        groupObjectId: dcAdmins.objectId,
        memberObjectId: adminUser.objectId,
    });
    const exampleServicePrincipal = new azuread.ServicePrincipal("exampleServicePrincipal", {applicationId: "2565bd9d-da50-47d4-8b85-4c97f669dc36"});
    // published app for domain services
    const aadds = new azure.core.ResourceGroup("aadds", {location: "westeurope"});
    const exampleService = new azure.domainservices.Service("exampleService", {
        location: aadds.location,
        resourceGroupName: aadds.name,
        domainName: "widgetslogin.net",
        sku: "Enterprise",
        filteredSyncEnabled: false,
        initialReplicaSet: {
            subnetId: deploySubnet.id,
        },
        notifications: {
            additionalRecipients: [
                "notifyA@example.net",
                "notifyB@example.org",
            ],
            notifyDcAdmins: true,
            notifyGlobalAdmins: true,
        },
        security: {
            syncKerberosPasswords: true,
            syncNtlmPasswords: true,
            syncOnPremPasswords: true,
        },
        tags: {
            Environment: "prod",
        },
    }, {
        dependsOn: [
            exampleServicePrincipal,
            deploySubnetNetworkSecurityGroupAssociation,
        ],
    });
    
    resources:
      deployResourceGroup:
        type: azure:core:ResourceGroup
        properties:
          location: West Europe
      deployVirtualNetwork:
        type: azure:network:VirtualNetwork
        properties:
          location: ${deployResourceGroup.location}
          resourceGroupName: ${deployResourceGroup.name}
          addressSpaces:
            - 10.0.1.0/16
      deploySubnet:
        type: azure:network:Subnet
        properties:
          resourceGroupName: ${deployResourceGroup.name}
          virtualNetworkName: ${deployVirtualNetwork.name}
          addressPrefixes:
            - 10.0.1.0/24
      deployNetworkSecurityGroup:
        type: azure:network:NetworkSecurityGroup
        properties:
          location: ${deployResourceGroup.location}
          resourceGroupName: ${deployResourceGroup.name}
          securityRules:
            - name: AllowSyncWithAzureAD
              priority: 101
              direction: Inbound
              access: Allow
              protocol: Tcp
              sourcePortRange: '*'
              destinationPortRange: '443'
              sourceAddressPrefix: AzureActiveDirectoryDomainServices
              destinationAddressPrefix: '*'
            - name: AllowRD
              priority: 201
              direction: Inbound
              access: Allow
              protocol: Tcp
              sourcePortRange: '*'
              destinationPortRange: '3389'
              sourceAddressPrefix: CorpNetSaw
              destinationAddressPrefix: '*'
            - name: AllowPSRemoting
              priority: 301
              direction: Inbound
              access: Allow
              protocol: Tcp
              sourcePortRange: '*'
              destinationPortRange: '5986'
              sourceAddressPrefix: AzureActiveDirectoryDomainServices
              destinationAddressPrefix: '*'
            - name: AllowLDAPS
              priority: 401
              direction: Inbound
              access: Allow
              protocol: Tcp
              sourcePortRange: '*'
              destinationPortRange: '636'
              sourceAddressPrefix: '*'
              destinationAddressPrefix: '*'
      deploySubnetNetworkSecurityGroupAssociation:
        type: azure:network:SubnetNetworkSecurityGroupAssociation
        properties:
          subnetId: ${deploySubnet.id}
          networkSecurityGroupId: ${deployNetworkSecurityGroup.id}
      dcAdmins:
        type: azuread:Group
        properties:
          displayName: AAD DC Administrators
          securityEnabled: true
      adminUser:
        type: azuread:User
        properties:
          userPrincipalName: dc-admin@hashicorp-example.com
          displayName: DC Administrator
          password: Pa55w0Rd!!1
      adminGroupMember:
        type: azuread:GroupMember
        properties:
          groupObjectId: ${dcAdmins.objectId}
          memberObjectId: ${adminUser.objectId}
      exampleServicePrincipal:
        type: azuread:ServicePrincipal
        properties:
          applicationId: 2565bd9d-da50-47d4-8b85-4c97f669dc36
      aadds:
        type: azure:core:ResourceGroup
        properties:
          location: westeurope
      exampleService:
        type: azure:domainservices:Service
        properties:
          location: ${aadds.location}
          resourceGroupName: ${aadds.name}
          domainName: widgetslogin.net
          sku: Enterprise
          filteredSyncEnabled: false
          initialReplicaSet:
            subnetId: ${deploySubnet.id}
          notifications:
            additionalRecipients:
              - notifyA@example.net
              - notifyB@example.org
            notifyDcAdmins: true
            notifyGlobalAdmins: true
          security:
            syncKerberosPasswords: true
            syncNtlmPasswords: true
            syncOnPremPasswords: true
          tags:
            Environment: prod
        options:
          dependson:
            - ${exampleServicePrincipal}
            - ${deploySubnetNetworkSecurityGroupAssociation}
    

    Create Service Resource

    new Service(name: string, args: ServiceArgs, opts?: CustomResourceOptions);
    @overload
    def Service(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                domain_configuration_type: Optional[str] = None,
                domain_name: Optional[str] = None,
                filtered_sync_enabled: Optional[bool] = None,
                initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
                location: Optional[str] = None,
                name: Optional[str] = None,
                notifications: Optional[ServiceNotificationsArgs] = None,
                resource_group_name: Optional[str] = None,
                secure_ldap: Optional[ServiceSecureLdapArgs] = None,
                security: Optional[ServiceSecurityArgs] = None,
                sku: Optional[str] = None,
                tags: Optional[Mapping[str, str]] = None)
    @overload
    def Service(resource_name: str,
                args: ServiceArgs,
                opts: Optional[ResourceOptions] = None)
    func NewService(ctx *Context, name string, args ServiceArgs, opts ...ResourceOption) (*Service, error)
    public Service(string name, ServiceArgs args, CustomResourceOptions? opts = null)
    public Service(String name, ServiceArgs args)
    public Service(String name, ServiceArgs args, CustomResourceOptions options)
    
    type: azure:domainservices:Service
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ServiceArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ServiceArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ServiceArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ServiceArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ServiceArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Service Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Service resource accepts the following input properties:

    DomainName string

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    InitialReplicaSet ServiceInitialReplicaSet

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    ResourceGroupName string

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    Sku string

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    DomainConfigurationType string

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    FilteredSyncEnabled bool

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    Location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    Name string

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    Notifications ServiceNotifications

    A notifications block as defined below.

    SecureLdap ServiceSecureLdap

    A secure_ldap block as defined below.

    Security ServiceSecurity

    A security block as defined below.

    Tags Dictionary<string, string>

    A mapping of tags assigned to the resource.

    DomainName string

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    InitialReplicaSet ServiceInitialReplicaSetArgs

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    ResourceGroupName string

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    Sku string

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    DomainConfigurationType string

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    FilteredSyncEnabled bool

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    Location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    Name string

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    Notifications ServiceNotificationsArgs

    A notifications block as defined below.

    SecureLdap ServiceSecureLdapArgs

    A secure_ldap block as defined below.

    Security ServiceSecurityArgs

    A security block as defined below.

    Tags map[string]string

    A mapping of tags assigned to the resource.

    domainName String

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    initialReplicaSet ServiceInitialReplicaSet

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    resourceGroupName String

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    sku String

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    domainConfigurationType String

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    filteredSyncEnabled Boolean

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    location String

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name String

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications ServiceNotifications

    A notifications block as defined below.

    secureLdap ServiceSecureLdap

    A secure_ldap block as defined below.

    security ServiceSecurity

    A security block as defined below.

    tags Map<String,String>

    A mapping of tags assigned to the resource.

    domainName string

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    initialReplicaSet ServiceInitialReplicaSet

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    resourceGroupName string

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    sku string

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    domainConfigurationType string

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    filteredSyncEnabled boolean

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name string

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications ServiceNotifications

    A notifications block as defined below.

    secureLdap ServiceSecureLdap

    A secure_ldap block as defined below.

    security ServiceSecurity

    A security block as defined below.

    tags {[key: string]: string}

    A mapping of tags assigned to the resource.

    domain_name str

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    initial_replica_set ServiceInitialReplicaSetArgs

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    resource_group_name str

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    sku str

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    domain_configuration_type str

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    filtered_sync_enabled bool

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    location str

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name str

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications ServiceNotificationsArgs

    A notifications block as defined below.

    secure_ldap ServiceSecureLdapArgs

    A secure_ldap block as defined below.

    security ServiceSecurityArgs

    A security block as defined below.

    tags Mapping[str, str]

    A mapping of tags assigned to the resource.

    domainName String

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    initialReplicaSet Property Map

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    resourceGroupName String

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    sku String

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    domainConfigurationType String

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    filteredSyncEnabled Boolean

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    location String

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name String

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications Property Map

    A notifications block as defined below.

    secureLdap Property Map

    A secure_ldap block as defined below.

    security Property Map

    A security block as defined below.

    tags Map<String>

    A mapping of tags assigned to the resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Service resource produces the following output properties:

    DeploymentId string

    A unique ID for the managed domain deployment.

    Id string

    The provider-assigned unique ID for this managed resource.

    ResourceId string

    The Azure resource ID for the domain service.

    SyncOwner string
    TenantId string
    Version int
    DeploymentId string

    A unique ID for the managed domain deployment.

    Id string

    The provider-assigned unique ID for this managed resource.

    ResourceId string

    The Azure resource ID for the domain service.

    SyncOwner string
    TenantId string
    Version int
    deploymentId String

    A unique ID for the managed domain deployment.

    id String

    The provider-assigned unique ID for this managed resource.

    resourceId String

    The Azure resource ID for the domain service.

    syncOwner String
    tenantId String
    version Integer
    deploymentId string

    A unique ID for the managed domain deployment.

    id string

    The provider-assigned unique ID for this managed resource.

    resourceId string

    The Azure resource ID for the domain service.

    syncOwner string
    tenantId string
    version number
    deployment_id str

    A unique ID for the managed domain deployment.

    id str

    The provider-assigned unique ID for this managed resource.

    resource_id str

    The Azure resource ID for the domain service.

    sync_owner str
    tenant_id str
    version int
    deploymentId String

    A unique ID for the managed domain deployment.

    id String

    The provider-assigned unique ID for this managed resource.

    resourceId String

    The Azure resource ID for the domain service.

    syncOwner String
    tenantId String
    version Number

    Look up Existing Service Resource

    Get an existing Service resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ServiceState, opts?: CustomResourceOptions): Service
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            deployment_id: Optional[str] = None,
            domain_configuration_type: Optional[str] = None,
            domain_name: Optional[str] = None,
            filtered_sync_enabled: Optional[bool] = None,
            initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            notifications: Optional[ServiceNotificationsArgs] = None,
            resource_group_name: Optional[str] = None,
            resource_id: Optional[str] = None,
            secure_ldap: Optional[ServiceSecureLdapArgs] = None,
            security: Optional[ServiceSecurityArgs] = None,
            sku: Optional[str] = None,
            sync_owner: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tenant_id: Optional[str] = None,
            version: Optional[int] = None) -> Service
    func GetService(ctx *Context, name string, id IDInput, state *ServiceState, opts ...ResourceOption) (*Service, error)
    public static Service Get(string name, Input<string> id, ServiceState? state, CustomResourceOptions? opts = null)
    public static Service get(String name, Output<String> id, ServiceState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DeploymentId string

    A unique ID for the managed domain deployment.

    DomainConfigurationType string

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    DomainName string

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    FilteredSyncEnabled bool

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    InitialReplicaSet ServiceInitialReplicaSet

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    Location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    Name string

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    Notifications ServiceNotifications

    A notifications block as defined below.

    ResourceGroupName string

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    ResourceId string

    The Azure resource ID for the domain service.

    SecureLdap ServiceSecureLdap

    A secure_ldap block as defined below.

    Security ServiceSecurity

    A security block as defined below.

    Sku string

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    SyncOwner string
    Tags Dictionary<string, string>

    A mapping of tags assigned to the resource.

    TenantId string
    Version int
    DeploymentId string

    A unique ID for the managed domain deployment.

    DomainConfigurationType string

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    DomainName string

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    FilteredSyncEnabled bool

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    InitialReplicaSet ServiceInitialReplicaSetArgs

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    Location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    Name string

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    Notifications ServiceNotificationsArgs

    A notifications block as defined below.

    ResourceGroupName string

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    ResourceId string

    The Azure resource ID for the domain service.

    SecureLdap ServiceSecureLdapArgs

    A secure_ldap block as defined below.

    Security ServiceSecurityArgs

    A security block as defined below.

    Sku string

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    SyncOwner string
    Tags map[string]string

    A mapping of tags assigned to the resource.

    TenantId string
    Version int
    deploymentId String

    A unique ID for the managed domain deployment.

    domainConfigurationType String

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    domainName String

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    filteredSyncEnabled Boolean

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    initialReplicaSet ServiceInitialReplicaSet

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    location String

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name String

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications ServiceNotifications

    A notifications block as defined below.

    resourceGroupName String

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    resourceId String

    The Azure resource ID for the domain service.

    secureLdap ServiceSecureLdap

    A secure_ldap block as defined below.

    security ServiceSecurity

    A security block as defined below.

    sku String

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    syncOwner String
    tags Map<String,String>

    A mapping of tags assigned to the resource.

    tenantId String
    version Integer
    deploymentId string

    A unique ID for the managed domain deployment.

    domainConfigurationType string

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    domainName string

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    filteredSyncEnabled boolean

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    initialReplicaSet ServiceInitialReplicaSet

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name string

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications ServiceNotifications

    A notifications block as defined below.

    resourceGroupName string

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    resourceId string

    The Azure resource ID for the domain service.

    secureLdap ServiceSecureLdap

    A secure_ldap block as defined below.

    security ServiceSecurity

    A security block as defined below.

    sku string

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    syncOwner string
    tags {[key: string]: string}

    A mapping of tags assigned to the resource.

    tenantId string
    version number
    deployment_id str

    A unique ID for the managed domain deployment.

    domain_configuration_type str

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    domain_name str

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    filtered_sync_enabled bool

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    initial_replica_set ServiceInitialReplicaSetArgs

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    location str

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name str

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications ServiceNotificationsArgs

    A notifications block as defined below.

    resource_group_name str

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    resource_id str

    The Azure resource ID for the domain service.

    secure_ldap ServiceSecureLdapArgs

    A secure_ldap block as defined below.

    security ServiceSecurityArgs

    A security block as defined below.

    sku str

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    sync_owner str
    tags Mapping[str, str]

    A mapping of tags assigned to the resource.

    tenant_id str
    version int
    deploymentId String

    A unique ID for the managed domain deployment.

    domainConfigurationType String

    The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

    domainName String

    The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

    filteredSyncEnabled Boolean

    Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

    initialReplicaSet Property Map

    An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

    location String

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    name String

    The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

    notifications Property Map

    A notifications block as defined below.

    resourceGroupName String

    The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

    resourceId String

    The Azure resource ID for the domain service.

    secureLdap Property Map

    A secure_ldap block as defined below.

    security Property Map

    A security block as defined below.

    sku String

    The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

    syncOwner String
    tags Map<String>

    A mapping of tags assigned to the resource.

    tenantId String
    version Number

    Supporting Types

    ServiceInitialReplicaSet, ServiceInitialReplicaSetArgs

    SubnetId string

    The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

    DomainControllerIpAddresses List<string>

    A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

    ExternalAccessIpAddress string

    The publicly routable IP address for the domain controllers in the initial replica set.

    Id string

    A unique ID for the replica set.

    Location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    ServiceStatus string

    The current service status for the initial replica set.

    SubnetId string

    The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

    DomainControllerIpAddresses []string

    A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

    ExternalAccessIpAddress string

    The publicly routable IP address for the domain controllers in the initial replica set.

    Id string

    A unique ID for the replica set.

    Location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    ServiceStatus string

    The current service status for the initial replica set.

    subnetId String

    The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

    domainControllerIpAddresses List<String>

    A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

    externalAccessIpAddress String

    The publicly routable IP address for the domain controllers in the initial replica set.

    id String

    A unique ID for the replica set.

    location String

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    serviceStatus String

    The current service status for the initial replica set.

    subnetId string

    The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

    domainControllerIpAddresses string[]

    A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

    externalAccessIpAddress string

    The publicly routable IP address for the domain controllers in the initial replica set.

    id string

    A unique ID for the replica set.

    location string

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    serviceStatus string

    The current service status for the initial replica set.

    subnet_id str

    The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

    domain_controller_ip_addresses Sequence[str]

    A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

    external_access_ip_address str

    The publicly routable IP address for the domain controllers in the initial replica set.

    id str

    A unique ID for the replica set.

    location str

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    service_status str

    The current service status for the initial replica set.

    subnetId String

    The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.

    domainControllerIpAddresses List<String>

    A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.

    externalAccessIpAddress String

    The publicly routable IP address for the domain controllers in the initial replica set.

    id String

    A unique ID for the replica set.

    location String

    The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

    serviceStatus String

    The current service status for the initial replica set.

    ServiceNotifications, ServiceNotificationsArgs

    AdditionalRecipients List<string>

    A list of additional email addresses to notify when there are alerts in the managed domain.

    NotifyDcAdmins bool

    Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

    NotifyGlobalAdmins bool

    Whether to notify all Global Administrators when there are alerts in the managed domain.

    AdditionalRecipients []string

    A list of additional email addresses to notify when there are alerts in the managed domain.

    NotifyDcAdmins bool

    Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

    NotifyGlobalAdmins bool

    Whether to notify all Global Administrators when there are alerts in the managed domain.

    additionalRecipients List<String>

    A list of additional email addresses to notify when there are alerts in the managed domain.

    notifyDcAdmins Boolean

    Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

    notifyGlobalAdmins Boolean

    Whether to notify all Global Administrators when there are alerts in the managed domain.

    additionalRecipients string[]

    A list of additional email addresses to notify when there are alerts in the managed domain.

    notifyDcAdmins boolean

    Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

    notifyGlobalAdmins boolean

    Whether to notify all Global Administrators when there are alerts in the managed domain.

    additional_recipients Sequence[str]

    A list of additional email addresses to notify when there are alerts in the managed domain.

    notify_dc_admins bool

    Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

    notify_global_admins bool

    Whether to notify all Global Administrators when there are alerts in the managed domain.

    additionalRecipients List<String>

    A list of additional email addresses to notify when there are alerts in the managed domain.

    notifyDcAdmins Boolean

    Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.

    notifyGlobalAdmins Boolean

    Whether to notify all Global Administrators when there are alerts in the managed domain.

    ServiceSecureLdap, ServiceSecureLdapArgs

    Enabled bool

    Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

    PfxCertificate string

    The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

    PfxCertificatePassword string

    The password to use for decrypting the PKCS#12 bundle (PFX file).

    CertificateExpiry string

    The expiry time of the certificate.

    CertificateThumbprint string

    The thumbprint of the certificate.

    ExternalAccessEnabled bool

    Whether to enable external access to LDAPS over the Internet. Defaults to false.

    PublicCertificate string

    The public certificate.

    Enabled bool

    Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

    PfxCertificate string

    The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

    PfxCertificatePassword string

    The password to use for decrypting the PKCS#12 bundle (PFX file).

    CertificateExpiry string

    The expiry time of the certificate.

    CertificateThumbprint string

    The thumbprint of the certificate.

    ExternalAccessEnabled bool

    Whether to enable external access to LDAPS over the Internet. Defaults to false.

    PublicCertificate string

    The public certificate.

    enabled Boolean

    Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

    pfxCertificate String

    The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

    pfxCertificatePassword String

    The password to use for decrypting the PKCS#12 bundle (PFX file).

    certificateExpiry String

    The expiry time of the certificate.

    certificateThumbprint String

    The thumbprint of the certificate.

    externalAccessEnabled Boolean

    Whether to enable external access to LDAPS over the Internet. Defaults to false.

    publicCertificate String

    The public certificate.

    enabled boolean

    Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

    pfxCertificate string

    The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

    pfxCertificatePassword string

    The password to use for decrypting the PKCS#12 bundle (PFX file).

    certificateExpiry string

    The expiry time of the certificate.

    certificateThumbprint string

    The thumbprint of the certificate.

    externalAccessEnabled boolean

    Whether to enable external access to LDAPS over the Internet. Defaults to false.

    publicCertificate string

    The public certificate.

    enabled bool

    Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

    pfx_certificate str

    The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

    pfx_certificate_password str

    The password to use for decrypting the PKCS#12 bundle (PFX file).

    certificate_expiry str

    The expiry time of the certificate.

    certificate_thumbprint str

    The thumbprint of the certificate.

    external_access_enabled bool

    Whether to enable external access to LDAPS over the Internet. Defaults to false.

    public_certificate str

    The public certificate.

    enabled Boolean

    Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.

    pfxCertificate String

    The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

    pfxCertificatePassword String

    The password to use for decrypting the PKCS#12 bundle (PFX file).

    certificateExpiry String

    The expiry time of the certificate.

    certificateThumbprint String

    The thumbprint of the certificate.

    externalAccessEnabled Boolean

    Whether to enable external access to LDAPS over the Internet. Defaults to false.

    publicCertificate String

    The public certificate.

    ServiceSecurity, ServiceSecurityArgs

    KerberosArmoringEnabled bool

    Whether to enable Kerberos Armoring. Defaults to false.

    KerberosRc4EncryptionEnabled bool

    Whether to enable Kerberos RC4 Encryption. Defaults to false.

    NtlmV1Enabled bool

    Whether to enable legacy NTLM v1 support. Defaults to false.

    SyncKerberosPasswords bool

    Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

    SyncNtlmPasswords bool

    Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

    SyncOnPremPasswords bool

    Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

    TlsV1Enabled bool

    Whether to enable legacy TLS v1 support. Defaults to false.

    KerberosArmoringEnabled bool

    Whether to enable Kerberos Armoring. Defaults to false.

    KerberosRc4EncryptionEnabled bool

    Whether to enable Kerberos RC4 Encryption. Defaults to false.

    NtlmV1Enabled bool

    Whether to enable legacy NTLM v1 support. Defaults to false.

    SyncKerberosPasswords bool

    Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

    SyncNtlmPasswords bool

    Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

    SyncOnPremPasswords bool

    Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

    TlsV1Enabled bool

    Whether to enable legacy TLS v1 support. Defaults to false.

    kerberosArmoringEnabled Boolean

    Whether to enable Kerberos Armoring. Defaults to false.

    kerberosRc4EncryptionEnabled Boolean

    Whether to enable Kerberos RC4 Encryption. Defaults to false.

    ntlmV1Enabled Boolean

    Whether to enable legacy NTLM v1 support. Defaults to false.

    syncKerberosPasswords Boolean

    Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

    syncNtlmPasswords Boolean

    Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

    syncOnPremPasswords Boolean

    Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

    tlsV1Enabled Boolean

    Whether to enable legacy TLS v1 support. Defaults to false.

    kerberosArmoringEnabled boolean

    Whether to enable Kerberos Armoring. Defaults to false.

    kerberosRc4EncryptionEnabled boolean

    Whether to enable Kerberos RC4 Encryption. Defaults to false.

    ntlmV1Enabled boolean

    Whether to enable legacy NTLM v1 support. Defaults to false.

    syncKerberosPasswords boolean

    Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

    syncNtlmPasswords boolean

    Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

    syncOnPremPasswords boolean

    Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

    tlsV1Enabled boolean

    Whether to enable legacy TLS v1 support. Defaults to false.

    kerberos_armoring_enabled bool

    Whether to enable Kerberos Armoring. Defaults to false.

    kerberos_rc4_encryption_enabled bool

    Whether to enable Kerberos RC4 Encryption. Defaults to false.

    ntlm_v1_enabled bool

    Whether to enable legacy NTLM v1 support. Defaults to false.

    sync_kerberos_passwords bool

    Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

    sync_ntlm_passwords bool

    Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

    sync_on_prem_passwords bool

    Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

    tls_v1_enabled bool

    Whether to enable legacy TLS v1 support. Defaults to false.

    kerberosArmoringEnabled Boolean

    Whether to enable Kerberos Armoring. Defaults to false.

    kerberosRc4EncryptionEnabled Boolean

    Whether to enable Kerberos RC4 Encryption. Defaults to false.

    ntlmV1Enabled Boolean

    Whether to enable legacy NTLM v1 support. Defaults to false.

    syncKerberosPasswords Boolean

    Whether to synchronize Kerberos password hashes to the managed domain. Defaults to false.

    syncNtlmPasswords Boolean

    Whether to synchronize NTLM password hashes to the managed domain. Defaults to false.

    syncOnPremPasswords Boolean

    Whether to synchronize on-premises password hashes to the managed domain. Defaults to false.

    tlsV1Enabled Boolean

    Whether to enable legacy TLS v1 support. Defaults to false.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the azurerm Terraform Provider.

    azure logo

    We recommend using Azure Native.

    Azure Classic v5.57.0 published on Tuesday, Nov 28, 2023 by Pulumi