Microsoft.AAD domainServices 2017-06-01
Bicep resource definition
The domainServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AAD/domainServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.AAD/domainServices@2017-06-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
etag: 'string'
properties: {
domainConfigurationType: 'string'
domainName: 'string'
domainSecuritySettings: {
ntlmV1: 'string'
syncKerberosPasswords: 'string'
syncNtlmPasswords: 'string'
syncOnPremPasswords: 'string'
tlsV1: 'string'
}
filteredSync: 'string'
ldapsSettings: {
externalAccess: 'string'
ldaps: 'string'
pfxCertificate: 'string'
pfxCertificatePassword: 'string'
}
notificationSettings: {
additionalRecipients: [
'string'
]
notifyDcAdmins: 'string'
notifyGlobalAdmins: 'string'
}
resourceForestSettings: {
resourceForest: 'string'
settings: [
{
friendlyName: 'string'
remoteDnsIps: 'string'
trustDirection: 'string'
trustedDomainFqdn: 'string'
trustPassword: 'string'
}
]
}
sku: 'string'
subnetId: 'string'
}
}
Property values
domainServices
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| location | Resource location | string |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| etag | Resource etag | string |
| properties | Domain service properties | DomainServiceProperties |
DomainServiceProperties
| Name | Description | Value |
|---|---|---|
| domainConfigurationType | Domain Configuration Type | string |
| domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
| domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
| filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | 'Disabled' 'Enabled' |
| ldapsSettings | Secure LDAP Settings | LdapsSettings |
| notificationSettings | Notification Settings | NotificationSettings |
| resourceForestSettings | Resource Forest Settings | ResourceForestSettings |
| sku | Sku Type | string |
| subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
DomainSecuritySettings
| Name | Description | Value |
|---|---|---|
| ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | 'Disabled' 'Enabled' |
| syncKerberosPasswords | A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| syncOnPremPasswords | A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | 'Disabled' 'Enabled' |
LdapsSettings
| Name | Description | Value |
|---|---|---|
| externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | 'Disabled' 'Enabled' |
| ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | 'Disabled' 'Enabled' |
| pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
| pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
| Name | Description | Value |
|---|---|---|
| additionalRecipients | The list of additional recipients | string[] |
| notifyDcAdmins | Should domain controller admins be notified | 'Disabled' 'Enabled' |
| notifyGlobalAdmins | Should global admins be notified | 'Disabled' 'Enabled' |
ResourceForestSettings
| Name | Description | Value |
|---|---|---|
| resourceForest | Resource Forest | string |
| settings | List of settings for Resource Forest | ForestTrust[] |
ForestTrust
| Name | Description | Value |
|---|---|---|
| friendlyName | Friendly Name | string |
| remoteDnsIps | Remote Dns ips | string |
| trustDirection | Trust Direction | string |
| trustedDomainFqdn | Trusted Domain FQDN | string |
| trustPassword | Trust Password | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Managed Azure Active Directory Domain Services |
This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations. |
ARM template resource definition
The domainServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AAD/domainServices resource, add the following JSON to your template.
{
"type": "Microsoft.AAD/domainServices",
"apiVersion": "2017-06-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"etag": "string",
"properties": {
"domainConfigurationType": "string",
"domainName": "string",
"domainSecuritySettings": {
"ntlmV1": "string",
"syncKerberosPasswords": "string",
"syncNtlmPasswords": "string",
"syncOnPremPasswords": "string",
"tlsV1": "string"
},
"filteredSync": "string",
"ldapsSettings": {
"externalAccess": "string",
"ldaps": "string",
"pfxCertificate": "string",
"pfxCertificatePassword": "string"
},
"notificationSettings": {
"additionalRecipients": [ "string" ],
"notifyDcAdmins": "string",
"notifyGlobalAdmins": "string"
},
"resourceForestSettings": {
"resourceForest": "string",
"settings": [
{
"friendlyName": "string",
"remoteDnsIps": "string",
"trustDirection": "string",
"trustedDomainFqdn": "string",
"trustPassword": "string"
}
]
},
"sku": "string",
"subnetId": "string"
}
}
Property values
domainServices
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.AAD/domainServices' |
| apiVersion | The resource api version | '2017-06-01' |
| name | The resource name | string (required) |
| location | Resource location | string |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| etag | Resource etag | string |
| properties | Domain service properties | DomainServiceProperties |
DomainServiceProperties
| Name | Description | Value |
|---|---|---|
| domainConfigurationType | Domain Configuration Type | string |
| domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
| domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
| filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | 'Disabled' 'Enabled' |
| ldapsSettings | Secure LDAP Settings | LdapsSettings |
| notificationSettings | Notification Settings | NotificationSettings |
| resourceForestSettings | Resource Forest Settings | ResourceForestSettings |
| sku | Sku Type | string |
| subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
DomainSecuritySettings
| Name | Description | Value |
|---|---|---|
| ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | 'Disabled' 'Enabled' |
| syncKerberosPasswords | A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| syncOnPremPasswords | A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | 'Disabled' 'Enabled' |
LdapsSettings
| Name | Description | Value |
|---|---|---|
| externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | 'Disabled' 'Enabled' |
| ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | 'Disabled' 'Enabled' |
| pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
| pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
| Name | Description | Value |
|---|---|---|
| additionalRecipients | The list of additional recipients | string[] |
| notifyDcAdmins | Should domain controller admins be notified | 'Disabled' 'Enabled' |
| notifyGlobalAdmins | Should global admins be notified | 'Disabled' 'Enabled' |
ResourceForestSettings
| Name | Description | Value |
|---|---|---|
| resourceForest | Resource Forest | string |
| settings | List of settings for Resource Forest | ForestTrust[] |
ForestTrust
| Name | Description | Value |
|---|---|---|
| friendlyName | Friendly Name | string |
| remoteDnsIps | Remote Dns ips | string |
| trustDirection | Trust Direction | string |
| trustedDomainFqdn | Trusted Domain FQDN | string |
| trustPassword | Trust Password | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Managed Azure Active Directory Domain Services |
This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations. |
Terraform (AzAPI provider) resource definition
The domainServices resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.AAD/domainServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.AAD/domainServices@2017-06-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
body = jsonencode({
properties = {
domainConfigurationType = "string"
domainName = "string"
domainSecuritySettings = {
ntlmV1 = "string"
syncKerberosPasswords = "string"
syncNtlmPasswords = "string"
syncOnPremPasswords = "string"
tlsV1 = "string"
}
filteredSync = "string"
ldapsSettings = {
externalAccess = "string"
ldaps = "string"
pfxCertificate = "string"
pfxCertificatePassword = "string"
}
notificationSettings = {
additionalRecipients = [
"string"
]
notifyDcAdmins = "string"
notifyGlobalAdmins = "string"
}
resourceForestSettings = {
resourceForest = "string"
settings = [
{
friendlyName = "string"
remoteDnsIps = "string"
trustDirection = "string"
trustedDomainFqdn = "string"
trustPassword = "string"
}
]
}
sku = "string"
subnetId = "string"
}
etag = "string"
})
}
Property values
domainServices
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.AAD/domainServices@2017-06-01" |
| name | The resource name | string (required) |
| location | Resource location | string |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | Resource tags | Dictionary of tag names and values. |
| etag | Resource etag | string |
| properties | Domain service properties | DomainServiceProperties |
DomainServiceProperties
| Name | Description | Value |
|---|---|---|
| domainConfigurationType | Domain Configuration Type | string |
| domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
| domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
| filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | "Disabled" "Enabled" |
| ldapsSettings | Secure LDAP Settings | LdapsSettings |
| notificationSettings | Notification Settings | NotificationSettings |
| resourceForestSettings | Resource Forest Settings | ResourceForestSettings |
| sku | Sku Type | string |
| subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
DomainSecuritySettings
| Name | Description | Value |
|---|---|---|
| ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | "Disabled" "Enabled" |
| syncKerberosPasswords | A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. | "Disabled" "Enabled" |
| syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | "Disabled" "Enabled" |
| syncOnPremPasswords | A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. | "Disabled" "Enabled" |
| tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | "Disabled" "Enabled" |
LdapsSettings
| Name | Description | Value |
|---|---|---|
| externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | "Disabled" "Enabled" |
| ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | "Disabled" "Enabled" |
| pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
| pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
| Name | Description | Value |
|---|---|---|
| additionalRecipients | The list of additional recipients | string[] |
| notifyDcAdmins | Should domain controller admins be notified | "Disabled" "Enabled" |
| notifyGlobalAdmins | Should global admins be notified | "Disabled" "Enabled" |
ResourceForestSettings
| Name | Description | Value |
|---|---|---|
| resourceForest | Resource Forest | string |
| settings | List of settings for Resource Forest | ForestTrust[] |
ForestTrust
| Name | Description | Value |
|---|---|---|
| friendlyName | Friendly Name | string |
| remoteDnsIps | Remote Dns ips | string |
| trustDirection | Trust Direction | string |
| trustedDomainFqdn | Trusted Domain FQDN | string |
| trustPassword | Trust Password | string |