Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The domainServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AAD/domainServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AAD/domainServices@2017-01-01' = {
etag: 'string'
location: 'string'
name: 'string'
properties: {
domainName: 'string'
domainSecuritySettings: {
ntlmV1: 'string'
syncNtlmPasswords: 'string'
tlsV1: 'string'
}
filteredSync: 'string'
ldapsSettings: {
externalAccess: 'string'
ldaps: 'string'
pfxCertificate: 'string'
pfxCertificatePassword: 'string'
}
notificationSettings: {
additionalRecipients: [
'string'
]
notifyDcAdmins: 'string'
notifyGlobalAdmins: 'string'
}
subnetId: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property Values
Microsoft.AAD/domainServices
| Name | Description | Value |
|---|---|---|
| etag | Resource etag | string |
| location | Resource location | string |
| name | The resource name | string (required) |
| properties | Domain service properties | DomainServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
DomainSecuritySettings
| Name | Description | Value |
|---|---|---|
| ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | 'Disabled' 'Enabled' |
| syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | 'Disabled' 'Enabled' |
DomainServiceProperties
| Name | Description | Value |
|---|---|---|
| domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
| domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
| filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | 'Disabled' 'Enabled' |
| ldapsSettings | Secure LDAP Settings | LdapsSettings |
| notificationSettings | Notification Settings | NotificationSettings |
| subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
LdapsSettings
| Name | Description | Value |
|---|---|---|
| externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | 'Disabled' 'Enabled' |
| ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | 'Disabled' 'Enabled' |
| pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
| pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
| Name | Description | Value |
|---|---|---|
| additionalRecipients | The list of additional recipients | string[] |
| notifyDcAdmins | Should domain controller admins be notified | 'Disabled' 'Enabled' |
| notifyGlobalAdmins | Should global admins be notified | 'Disabled' 'Enabled' |
ResourceTags
| Name | Description | Value |
|---|
Usage Examples
Azure Verified Modules
The following Azure Verified Modules can be used to deploy this resource type.
| Module | Description |
|---|---|
| Azure Active Directory Domain Service | AVM Resource Module for Azure Active Directory Domain Service |
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Managed Azure Active Directory Domain Services | This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations. |
ARM template resource definition
The domainServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AAD/domainServices resource, add the following JSON to your template.
{
"type": "Microsoft.AAD/domainServices",
"apiVersion": "2017-01-01",
"name": "string",
"etag": "string",
"location": "string",
"properties": {
"domainName": "string",
"domainSecuritySettings": {
"ntlmV1": "string",
"syncNtlmPasswords": "string",
"tlsV1": "string"
},
"filteredSync": "string",
"ldapsSettings": {
"externalAccess": "string",
"ldaps": "string",
"pfxCertificate": "string",
"pfxCertificatePassword": "string"
},
"notificationSettings": {
"additionalRecipients": [ "string" ],
"notifyDcAdmins": "string",
"notifyGlobalAdmins": "string"
},
"subnetId": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property Values
Microsoft.AAD/domainServices
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2017-01-01' |
| etag | Resource etag | string |
| location | Resource location | string |
| name | The resource name | string (required) |
| properties | Domain service properties | DomainServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.AAD/domainServices' |
DomainSecuritySettings
| Name | Description | Value |
|---|---|---|
| ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | 'Disabled' 'Enabled' |
| syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | 'Disabled' 'Enabled' |
DomainServiceProperties
| Name | Description | Value |
|---|---|---|
| domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
| domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
| filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | 'Disabled' 'Enabled' |
| ldapsSettings | Secure LDAP Settings | LdapsSettings |
| notificationSettings | Notification Settings | NotificationSettings |
| subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
LdapsSettings
| Name | Description | Value |
|---|---|---|
| externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | 'Disabled' 'Enabled' |
| ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | 'Disabled' 'Enabled' |
| pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
| pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
| Name | Description | Value |
|---|---|---|
| additionalRecipients | The list of additional recipients | string[] |
| notifyDcAdmins | Should domain controller admins be notified | 'Disabled' 'Enabled' |
| notifyGlobalAdmins | Should global admins be notified | 'Disabled' 'Enabled' |
ResourceTags
| Name | Description | Value |
|---|
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Managed Azure Active Directory Domain Services |
This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations. |
Terraform (AzAPI provider) resource definition
The domainServices resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AAD/domainServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AAD/domainServices@2017-01-01"
name = "string"
parent_id = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = {
etag = "string"
properties = {
domainName = "string"
domainSecuritySettings = {
ntlmV1 = "string"
syncNtlmPasswords = "string"
tlsV1 = "string"
}
filteredSync = "string"
ldapsSettings = {
externalAccess = "string"
ldaps = "string"
pfxCertificate = "string"
pfxCertificatePassword = "string"
}
notificationSettings = {
additionalRecipients = [
"string"
]
notifyDcAdmins = "string"
notifyGlobalAdmins = "string"
}
subnetId = "string"
}
}
}
Property Values
Microsoft.AAD/domainServices
| Name | Description | Value |
|---|---|---|
| etag | Resource etag | string |
| location | Resource location | string |
| name | The resource name | string (required) |
| properties | Domain service properties | DomainServiceProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.AAD/domainServices@2017-01-01" |
DomainSecuritySettings
| Name | Description | Value |
|---|---|---|
| ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | 'Disabled' 'Enabled' |
| syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | 'Disabled' 'Enabled' |
DomainServiceProperties
| Name | Description | Value |
|---|---|---|
| domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
| domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
| filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | 'Disabled' 'Enabled' |
| ldapsSettings | Secure LDAP Settings | LdapsSettings |
| notificationSettings | Notification Settings | NotificationSettings |
| subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
LdapsSettings
| Name | Description | Value |
|---|---|---|
| externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | 'Disabled' 'Enabled' |
| ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | 'Disabled' 'Enabled' |
| pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
| pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
| Name | Description | Value |
|---|---|---|
| additionalRecipients | The list of additional recipients | string[] |
| notifyDcAdmins | Should domain controller admins be notified | 'Disabled' 'Enabled' |
| notifyGlobalAdmins | Should global admins be notified | 'Disabled' 'Enabled' |
ResourceTags
| Name | Description | Value |
|---|