Microsoft.NetApp netAppAccounts 2022-11-01
- Latest
- 2024-03-01
- 2024-03-01-preview
- 2023-11-01
- 2023-11-01-preview
- 2023-07-01
- 2023-07-01-preview
- 2023-05-01
- 2023-05-01-preview
- 2022-11-01
- 2022-11-01-preview
- 2022-09-01
- 2022-05-01
- 2022-03-01
- 2022-01-01
- 2021-10-01
- 2021-08-01
- 2021-06-01
- 2021-04-01
- 2021-04-01-preview
- 2021-02-01
- 2020-12-01
- 2020-11-01
- 2020-09-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-03-01
- 2020-02-01
- 2019-11-01
- 2019-10-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-05-01
- 2017-08-15
Bicep resource definition
The netAppAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.NetApp/netAppAccounts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.NetApp/netAppAccounts@2022-11-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
properties: {
activeDirectories: [
{
activeDirectoryId: 'string'
administrators: [
'string'
]
adName: 'string'
aesEncryption: bool
allowLocalNfsUsersWithLdap: bool
backupOperators: [
'string'
]
dns: 'string'
domain: 'string'
encryptDCConnections: bool
kdcIP: 'string'
ldapOverTLS: bool
ldapSearchScope: {
groupDN: 'string'
groupMembershipFilter: 'string'
userDN: 'string'
}
ldapSigning: bool
organizationalUnit: 'string'
password: 'string'
preferredServersForLdapClient: 'string'
securityOperators: [
'string'
]
serverRootCACertificate: 'string'
site: 'string'
smbServerName: 'string'
username: 'string'
}
]
encryption: {
identity: {
userAssignedIdentity: 'string'
}
keySource: 'string'
keyVaultProperties: {
keyName: 'string'
keyVaultResourceId: 'string'
keyVaultUri: 'string'
}
}
}
}
Property values
netAppAccounts
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 1-128 Valid characters: Alphanumerics, underscores, and hyphens. Start with alphanumeric. |
| location | The geo-location where the resource lives | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| identity | The identity used for the resource. | ManagedServiceIdentity |
| properties | NetApp Account properties | AccountProperties |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
UserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | UserAssignedIdentity |
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
AccountProperties
| Name | Description | Value |
|---|---|---|
| activeDirectories | Active Directories | ActiveDirectory[] |
| encryption | Encryption settings | AccountEncryption |
ActiveDirectory
| Name | Description | Value |
|---|---|---|
| activeDirectoryId | Id of the Active Directory | string |
| administrators | Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| adName | Name of the active directory machine. This optional parameter is used only while creating kerberos volume | string Constraints: Min length = 1 Max length = 64 |
| aesEncryption | If enabled, AES encryption will be enabled for SMB communication. | bool |
| allowLocalNfsUsersWithLdap | If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. | bool |
| backupOperators | Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| dns | Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain | string Constraints: Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$ |
| domain | Name of the Active Directory domain | string |
| encryptDCConnections | If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. | bool |
| kdcIP | kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. | string Constraints: Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$ |
| ldapOverTLS | Specifies whether or not the LDAP traffic needs to be secured via TLS. | bool |
| ldapSearchScope | LDAP Search scope options | LdapSearchScopeOpt |
| ldapSigning | Specifies whether or not the LDAP traffic needs to be signed. | bool |
| organizationalUnit | The Organizational Unit (OU) within the Windows Active Directory | string |
| password | Plain text password of Active Directory domain administrator, value is masked in the response | string Constraints: Sensitive value. Pass in as a secure parameter. |
| preferredServersForLdapClient | Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed. | string Constraints: Max length = 32 Pattern = ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))?)?$ |
| securityOperators | Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| serverRootCACertificate | When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. | string Constraints: Min length = 1 Max length = 10240 Sensitive value. Pass in as a secure parameter. |
| site | The Active Directory site the service will limit Domain Controller discovery to | string |
| smbServerName | NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes | string |
| username | A domain user account with permission to create machine accounts | string |
LdapSearchScopeOpt
| Name | Description | Value |
|---|---|---|
| groupDN | This specifies the group DN, which overrides the base DN for group lookups. | string Constraints: Max length = 255 |
| groupMembershipFilter | This specifies the custom LDAP search filter to be used when looking up group membership from LDAP server. | string Constraints: Max length = 255 |
| userDN | This specifies the user DN, which overrides the base DN for user lookups. | string Constraints: Max length = 255 |
AccountEncryption
| Name | Description | Value |
|---|---|---|
| identity | Identity used to authenticate to KeyVault. Applicable if keySource is 'Microsoft.KeyVault'. | EncryptionIdentity |
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Microsoft.NetApp, Microsoft.KeyVault | 'Microsoft.KeyVault' 'Microsoft.NetApp' |
| keyVaultProperties | Properties provided by KeVault. Applicable if keySource is 'Microsoft.KeyVault'. | KeyVaultProperties |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentity | The ARM resource identifier of the user assigned identity used to authenticate with key vault. Applicable if identity.type has 'UserAssigned'. It should match key of identity.userAssignedIdentities. | string |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyName | The name of KeyVault key. | string (required) |
| keyVaultResourceId | The resource ID of KeyVault. | string (required) |
| keyVaultUri | The Uri of KeyVault. | string (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create new ANF resource with NFSV3/NFSv4.1 volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with NFSV3 or NFSv4.1 protocol. They are all deployed together with Azure Virtual Network and Delegated subnet that are required for any volume to be created |
| Create new ANF resource with SMB volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol. |
ARM template resource definition
The netAppAccounts resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.NetApp/netAppAccounts resource, add the following JSON to your template.
{
"type": "Microsoft.NetApp/netAppAccounts",
"apiVersion": "2022-11-01",
"name": "string",
"location": "string",
"tags": {
"tagName1": "tagValue1",
"tagName2": "tagValue2"
},
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {}
}
},
"properties": {
"activeDirectories": [
{
"activeDirectoryId": "string",
"administrators": [ "string" ],
"adName": "string",
"aesEncryption": "bool",
"allowLocalNfsUsersWithLdap": "bool",
"backupOperators": [ "string" ],
"dns": "string",
"domain": "string",
"encryptDCConnections": "bool",
"kdcIP": "string",
"ldapOverTLS": "bool",
"ldapSearchScope": {
"groupDN": "string",
"groupMembershipFilter": "string",
"userDN": "string"
},
"ldapSigning": "bool",
"organizationalUnit": "string",
"password": "string",
"preferredServersForLdapClient": "string",
"securityOperators": [ "string" ],
"serverRootCACertificate": "string",
"site": "string",
"smbServerName": "string",
"username": "string"
}
],
"encryption": {
"identity": {
"userAssignedIdentity": "string"
},
"keySource": "string",
"keyVaultProperties": {
"keyName": "string",
"keyVaultResourceId": "string",
"keyVaultUri": "string"
}
}
}
}
Property values
netAppAccounts
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.NetApp/netAppAccounts' |
| apiVersion | The resource api version | '2022-11-01' |
| name | The resource name | string (required) Character limit: 1-128 Valid characters: Alphanumerics, underscores, and hyphens. Start with alphanumeric. |
| location | The geo-location where the resource lives | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. See Tags in templates |
| identity | The identity used for the resource. | ManagedServiceIdentity |
| properties | NetApp Account properties | AccountProperties |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
UserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | UserAssignedIdentity |
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
AccountProperties
| Name | Description | Value |
|---|---|---|
| activeDirectories | Active Directories | ActiveDirectory[] |
| encryption | Encryption settings | AccountEncryption |
ActiveDirectory
| Name | Description | Value |
|---|---|---|
| activeDirectoryId | Id of the Active Directory | string |
| administrators | Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| adName | Name of the active directory machine. This optional parameter is used only while creating kerberos volume | string Constraints: Min length = 1 Max length = 64 |
| aesEncryption | If enabled, AES encryption will be enabled for SMB communication. | bool |
| allowLocalNfsUsersWithLdap | If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. | bool |
| backupOperators | Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| dns | Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain | string Constraints: Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$ |
| domain | Name of the Active Directory domain | string |
| encryptDCConnections | If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. | bool |
| kdcIP | kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. | string Constraints: Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$ |
| ldapOverTLS | Specifies whether or not the LDAP traffic needs to be secured via TLS. | bool |
| ldapSearchScope | LDAP Search scope options | LdapSearchScopeOpt |
| ldapSigning | Specifies whether or not the LDAP traffic needs to be signed. | bool |
| organizationalUnit | The Organizational Unit (OU) within the Windows Active Directory | string |
| password | Plain text password of Active Directory domain administrator, value is masked in the response | string Constraints: Sensitive value. Pass in as a secure parameter. |
| preferredServersForLdapClient | Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed. | string Constraints: Max length = 32 Pattern = ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))?)?$ |
| securityOperators | Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| serverRootCACertificate | When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. | string Constraints: Min length = 1 Max length = 10240 Sensitive value. Pass in as a secure parameter. |
| site | The Active Directory site the service will limit Domain Controller discovery to | string |
| smbServerName | NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes | string |
| username | A domain user account with permission to create machine accounts | string |
LdapSearchScopeOpt
| Name | Description | Value |
|---|---|---|
| groupDN | This specifies the group DN, which overrides the base DN for group lookups. | string Constraints: Max length = 255 |
| groupMembershipFilter | This specifies the custom LDAP search filter to be used when looking up group membership from LDAP server. | string Constraints: Max length = 255 |
| userDN | This specifies the user DN, which overrides the base DN for user lookups. | string Constraints: Max length = 255 |
AccountEncryption
| Name | Description | Value |
|---|---|---|
| identity | Identity used to authenticate to KeyVault. Applicable if keySource is 'Microsoft.KeyVault'. | EncryptionIdentity |
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Microsoft.NetApp, Microsoft.KeyVault | 'Microsoft.KeyVault' 'Microsoft.NetApp' |
| keyVaultProperties | Properties provided by KeVault. Applicable if keySource is 'Microsoft.KeyVault'. | KeyVaultProperties |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentity | The ARM resource identifier of the user assigned identity used to authenticate with key vault. Applicable if identity.type has 'UserAssigned'. It should match key of identity.userAssignedIdentities. | string |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyName | The name of KeyVault key. | string (required) |
| keyVaultResourceId | The resource ID of KeyVault. | string (required) |
| keyVaultUri | The Uri of KeyVault. | string (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
| Create new ANF resource with NFSV3/NFSv4.1 volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with NFSV3 or NFSv4.1 protocol. They are all deployed together with Azure Virtual Network and Delegated subnet that are required for any volume to be created |
| Create new ANF resource with SMB volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol. |
Terraform (AzAPI provider) resource definition
The netAppAccounts resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.NetApp/netAppAccounts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.NetApp/netAppAccounts@2022-11-01"
name = "string"
location = "string"
parent_id = "string"
tags = {
tagName1 = "tagValue1"
tagName2 = "tagValue2"
}
identity {
type = "string"
identity_ids = []
}
body = jsonencode({
properties = {
activeDirectories = [
{
activeDirectoryId = "string"
administrators = [
"string"
]
adName = "string"
aesEncryption = bool
allowLocalNfsUsersWithLdap = bool
backupOperators = [
"string"
]
dns = "string"
domain = "string"
encryptDCConnections = bool
kdcIP = "string"
ldapOverTLS = bool
ldapSearchScope = {
groupDN = "string"
groupMembershipFilter = "string"
userDN = "string"
}
ldapSigning = bool
organizationalUnit = "string"
password = "string"
preferredServersForLdapClient = "string"
securityOperators = [
"string"
]
serverRootCACertificate = "string"
site = "string"
smbServerName = "string"
username = "string"
}
]
encryption = {
identity = {
userAssignedIdentity = "string"
}
keySource = "string"
keyVaultProperties = {
keyName = "string"
keyVaultResourceId = "string"
keyVaultUri = "string"
}
}
}
})
}
Property values
netAppAccounts
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.NetApp/netAppAccounts@2022-11-01" |
| name | The resource name | string (required) Character limit: 1-128 Valid characters: Alphanumerics, underscores, and hyphens. Start with alphanumeric. |
| location | The geo-location where the resource lives | string (required) |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| tags | Resource tags. | Dictionary of tag names and values. |
| identity | The identity used for the resource. | ManagedServiceIdentity |
| properties | NetApp Account properties | AccountProperties |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | "SystemAssigned" "SystemAssigned,UserAssigned" "UserAssigned" (required) |
| identity_ids | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | Array of user identity IDs. |
UserAssignedIdentities
| Name | Description | Value |
|---|---|---|
| {customized property} | UserAssignedIdentity |
UserAssignedIdentity
This object doesn't contain any properties to set during deployment. All properties are ReadOnly.
AccountProperties
| Name | Description | Value |
|---|---|---|
| activeDirectories | Active Directories | ActiveDirectory[] |
| encryption | Encryption settings | AccountEncryption |
ActiveDirectory
| Name | Description | Value |
|---|---|---|
| activeDirectoryId | Id of the Active Directory | string |
| administrators | Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| adName | Name of the active directory machine. This optional parameter is used only while creating kerberos volume | string Constraints: Min length = 1 Max length = 64 |
| aesEncryption | If enabled, AES encryption will be enabled for SMB communication. | bool |
| allowLocalNfsUsersWithLdap | If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. | bool |
| backupOperators | Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| dns | Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain | string Constraints: Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$ |
| domain | Name of the Active Directory domain | string |
| encryptDCConnections | If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. | bool |
| kdcIP | kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. | string Constraints: Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$ |
| ldapOverTLS | Specifies whether or not the LDAP traffic needs to be secured via TLS. | bool |
| ldapSearchScope | LDAP Search scope options | LdapSearchScopeOpt |
| ldapSigning | Specifies whether or not the LDAP traffic needs to be signed. | bool |
| organizationalUnit | The Organizational Unit (OU) within the Windows Active Directory | string |
| password | Plain text password of Active Directory domain administrator, value is masked in the response | string Constraints: Sensitive value. Pass in as a secure parameter. |
| preferredServersForLdapClient | Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed. | string Constraints: Max length = 32 Pattern = ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))?)?$ |
| securityOperators | Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier | string[] Constraints: Min length = 1 Max length = 255 |
| serverRootCACertificate | When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. | string Constraints: Min length = 1 Max length = 10240 Sensitive value. Pass in as a secure parameter. |
| site | The Active Directory site the service will limit Domain Controller discovery to | string |
| smbServerName | NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes | string |
| username | A domain user account with permission to create machine accounts | string |
LdapSearchScopeOpt
| Name | Description | Value |
|---|---|---|
| groupDN | This specifies the group DN, which overrides the base DN for group lookups. | string Constraints: Max length = 255 |
| groupMembershipFilter | This specifies the custom LDAP search filter to be used when looking up group membership from LDAP server. | string Constraints: Max length = 255 |
| userDN | This specifies the user DN, which overrides the base DN for user lookups. | string Constraints: Max length = 255 |
AccountEncryption
| Name | Description | Value |
|---|---|---|
| identity | Identity used to authenticate to KeyVault. Applicable if keySource is 'Microsoft.KeyVault'. | EncryptionIdentity |
| keySource | The encryption keySource (provider). Possible values (case-insensitive): Microsoft.NetApp, Microsoft.KeyVault | "Microsoft.KeyVault" "Microsoft.NetApp" |
| keyVaultProperties | Properties provided by KeVault. Applicable if keySource is 'Microsoft.KeyVault'. | KeyVaultProperties |
EncryptionIdentity
| Name | Description | Value |
|---|---|---|
| userAssignedIdentity | The ARM resource identifier of the user assigned identity used to authenticate with key vault. Applicable if identity.type has 'UserAssigned'. It should match key of identity.userAssignedIdentities. | string |
KeyVaultProperties
| Name | Description | Value |
|---|---|---|
| keyName | The name of KeyVault key. | string (required) |
| keyVaultResourceId | The resource ID of KeyVault. | string (required) |
| keyVaultUri | The Uri of KeyVault. | string (required) |