az ad ds
Note
This reference is part of the ad extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az ad ds command. Learn more about extensions.
This command group is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Manage domain service with azure active directory.
Commands
Name | Description | Type | Status |
---|---|---|---|
az ad ds create |
Create a new domain service with the specified parameters. |
Extension | Experimental |
az ad ds delete |
The Delete Domain Service operation deletes an existing Domain Service. |
Extension | Experimental |
az ad ds list |
List domain services in resource group or in subscription. |
Extension | Experimental |
az ad ds show |
Get the specified domain service. |
Extension | Experimental |
az ad ds update |
Update the existing deployment properties for domain service. |
Extension | Experimental |
az ad ds wait |
Place the CLI in a waiting state until a condition of the ad ds is met. |
Extension | Experimental |
az ad ds create
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create a new domain service with the specified parameters.
az ad ds create --domain
--name
--replica-sets
--resource-group
[--domain-config-type {FullySynced, ResourceTrusting}]
[--external-access {Disabled, Enabled}]
[--filtered-sync {Disabled, Enabled}]
[--ldaps {Disabled, Enabled}]
[--no-wait]
[--notify-dc-admins {Disabled, Enabled}]
[--notify-global-admins {Disabled, Enabled}]
[--notify-others]
[--ntlm-v1 {Disabled, Enabled}]
[--pfx-cert]
[--pfx-cert-pwd]
[--resource-forest {Disabled, Enabled}]
[--settings]
[--sku {Enterprise, Premium, Standard}]
[--sync-kerberos-pwd {Disabled, Enabled}]
[--sync-ntlm-pwd {Disabled, Enabled}]
[--sync-on-prem-pwd {Disabled, Enabled}]
[--tags]
[--tls-v1 {Disabled, Enabled}]
Examples
Create Domain Service
az ad ds create --domain "TestDS.com" --replica-sets location="West US" subnet-id="<subnetId>" --name "TestDS.com" --resource-group "rg"
Create Domain Service with specified settings (Line breaks for legibility only)
az ad ds create --domain "TestDS.com" --replica-sets location="West US" subnet-id="<subnetId>" --name "TestDS.com" --resource-group "rg"
--ntlm-v1 "Enabled" --sync-ntlm-pwd "Enabled" --tls-v1 "Disabled" --filtered-sync "Enabled" --external-access "Enabled"
--ldaps "Enabled" --pfx-cert "cert or path to cert" --pfx-cert-pwd "<pfxCertificatePassword>"
--notify-others "a@gmail.com" "b@gmail.com" --notify-dc-admins "Enabled" --notify-global-admins "Enabled"
Required Parameters
The name of the Azure domain that the user would like to deploy Domain Services to.
The name of the domain service.
List of ReplicaSets.
Usage: --replica-sets location=XX subnet-id=XX
location: Virtual network location subnet-id: The id of the subnet that Domain Services will be deployed on.
Multiple actions can be specified by using more than one --replica-sets argument.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Domain Configuration Type.
Property | Value |
---|---|
Accepted values: | FullySynced, ResourceTrusting |
A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
Accepted values: | Disabled, Enabled |
Enabled or Disabled flag to turn on Group-based filtered sync.
Property | Value |
---|---|
Accepted values: | Disabled, Enabled |
A flag to determine whether or not Secure LDAP is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
Accepted values: | Disabled, Enabled |
Do not wait for the long-running operation to finish.
Property | Value |
---|---|
Default value: | False |
Should domain controller admins be notified.
Property | Value |
---|---|
Parameter group: | Notification Settings Arguments |
Accepted values: | Disabled, Enabled |
Should global admins be notified.
Property | Value |
---|---|
Parameter group: | Notification Settings Arguments |
Accepted values: | Disabled, Enabled |
The list of additional recipients.
Property | Value |
---|---|
Parameter group: | Notification Settings Arguments |
A flag to determine whether or not NtlmV1 is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
The certificate required to configure Secure LDAP. The parameter passed here should be the file path to the certificate pfx file or a base64encoded representation of the certificate pfx file.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
The password to decrypt the provided Secure LDAP certificate pfx file.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
Resource Forest.
Property | Value |
---|---|
Parameter group: | Resource Forest Settings Arguments |
Accepted values: | Disabled, Enabled |
List of settings for Resource Forest. This can be either a JSON-formatted string or the location to a file containing the JSON object.
The format of the settings JSON object for Resource Forest: [ { "trusted_domain_fqdn": "XX", "trust_direction": "XX", "friendly_name": "XX", "remote_dns_ips": "XX", "trust_password": "XX" }, ...n ].
Property | Value |
---|---|
Parameter group: | Resource Forest Settings Arguments |
Sku Type.
Property | Value |
---|---|
Accepted values: | Enterprise, Premium, Standard |
A flag to determine whether or not SyncKerberosPasswords is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
A flag to determine whether or not SyncNtlmPasswords is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
A flag to determine whether or not SyncOnPremPasswords is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
A flag to determine whether or not TlsV1 is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad ds delete
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
The Delete Domain Service operation deletes an existing Domain Service.
az ad ds delete [--ids]
[--name]
[--no-wait]
[--resource-group]
[--subscription]
[--yes]
Examples
Delete Domain Service
az ad ds delete --name "TestDomainService.com" --resource-group "TestResourceGroup"
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
The name of the domain service.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
Property | Value |
---|---|
Default value: | False |
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Do not prompt for confirmation.
Property | Value |
---|---|
Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad ds list
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List domain services in resource group or in subscription.
az ad ds list [--resource-group]
Examples
List Domain Service By Group
az ad ds list --resource-group "TestResourceGroup"
List Domain Service By Sub
az ad ds list
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad ds show
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get the specified domain service.
az ad ds show [--ids]
[--name]
[--resource-group]
[--subscription]
Examples
Get Domain Service
az ad ds show --name "TestDomainService.com" --resource-group "TestResourceGroup"
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
The name of the domain service.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad ds update
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update the existing deployment properties for domain service.
az ad ds update [--domain-config-type {FullySynced, ResourceTrusting}]
[--external-access {Disabled, Enabled}]
[--filtered-sync {Disabled, Enabled}]
[--ids]
[--ldaps {Disabled, Enabled}]
[--name]
[--no-wait]
[--notify-dc-admins {Disabled, Enabled}]
[--notify-global-admins {Disabled, Enabled}]
[--notify-others]
[--ntlm-v1 {Disabled, Enabled}]
[--pfx-cert]
[--pfx-cert-pwd]
[--replica-sets]
[--resource-forest {Disabled, Enabled}]
[--resource-group]
[--settings]
[--sku {Enterprise, Premium, Standard}]
[--subscription]
[--sync-kerberos-pwd {Disabled, Enabled}]
[--sync-ntlm-pwd {Disabled, Enabled}]
[--sync-on-prem-pwd {Disabled, Enabled}]
[--tags]
[--tls-v1 {Disabled, Enabled}]
Examples
Update sku
az ad ds update --name "TestDS.com" --resource-group "rg" --sku "Enterprise"
Update domain security settings
az ad ds update --name "TestDS.com" --resource-group "rg" --ntlm-v1 "Enabled" --tls-v1 "Disabled"
Update ldaps settings
az ad ds update --name "TestDS.com" --resource-group "rg" --external-access "Enabled" --ldaps "Enabled" --pfx-cert "MIIDPDCCAiSg..." --pfx-cert-pwd "<pfxCertificatePassword>"
Update notification settings
az ad ds update --name "TestDS.com" --resource-group "rg" --notify-dc-admins "Enabled" --notify-global-admins "Disabled"
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Domain Configuration Type.
Property | Value |
---|---|
Accepted values: | FullySynced, ResourceTrusting |
A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
Accepted values: | Disabled, Enabled |
Enabled or Disabled flag to turn on Group-based filtered sync.
Property | Value |
---|---|
Accepted values: | Disabled, Enabled |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
A flag to determine whether or not Secure LDAP is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
Accepted values: | Disabled, Enabled |
The name of the domain service.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
Property | Value |
---|---|
Default value: | False |
Should domain controller admins be notified.
Property | Value |
---|---|
Parameter group: | Notification Settings Arguments |
Accepted values: | Disabled, Enabled |
Should global admins be notified.
Property | Value |
---|---|
Parameter group: | Notification Settings Arguments |
Accepted values: | Disabled, Enabled |
The list of additional recipients.
Property | Value |
---|---|
Parameter group: | Notification Settings Arguments |
A flag to determine whether or not NtlmV1 is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
The certificate required to configure Secure LDAP. The parameter passed here should be the file path to the certificate pfx file or a base64encoded representation of the certificate pfx file.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
The password to decrypt the provided Secure LDAP certificate pfx file.
Property | Value |
---|---|
Parameter group: | Ldaps Settings Arguments |
List of ReplicaSets.
Usage: --replica-sets location=XX subnet-id=XX
location: Virtual network location subnet-id: The id of the subnet that Domain Services will be deployed on.
Multiple actions can be specified by using more than one --replica-sets argument.
Resource Forest.
Property | Value |
---|---|
Parameter group: | Resource Forest Settings Arguments |
Accepted values: | Disabled, Enabled |
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
List of settings for Resource Forest. This can be either a JSON-formatted string or the location to a file containing the JSON object.
The format of the settings JSON object for Resource Forest: [ { "trusted_domain_fqdn": "XX", "trust_direction": "XX", "friendly_name": "XX", "remote_dns_ips": "XX", "trust_password": "XX" }, ...n ].
Property | Value |
---|---|
Parameter group: | Resource Forest Settings Arguments |
Sku Type.
Property | Value |
---|---|
Accepted values: | Enterprise, Premium, Standard |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
A flag to determine whether or not SyncKerberosPasswords is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
A flag to determine whether or not SyncNtlmPasswords is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
A flag to determine whether or not SyncOnPremPasswords is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
A flag to determine whether or not TlsV1 is enabled or disabled.
Property | Value |
---|---|
Parameter group: | Domain Security Settings Arguments |
Accepted values: | Disabled, Enabled |
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |
az ad ds wait
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Place the CLI in a waiting state until a condition of the ad ds is met.
az ad ds wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]
Examples
Pause executing next line of CLI script until the ad ds is successfully created.
az ad ds wait --name "TestDomainService.com" --resource-group "TestResourceGroup" --created
Pause executing next line of CLI script until the ad ds is successfully updated.
az ad ds wait --name "TestDomainService.com" --resource-group "TestResourceGroup" --updated
Pause executing next line of CLI script until the ad ds is successfully deleted.
az ad ds wait --name "TestDomainService.com" --resource-group "TestResourceGroup" --deleted
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
Property | Value |
---|---|
Parameter group: | Wait Condition Arguments |
Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Property | Value |
---|---|
Parameter group: | Wait Condition Arguments |
Wait until deleted.
Property | Value |
---|---|
Parameter group: | Wait Condition Arguments |
Default value: | False |
Wait until the resource exists.
Property | Value |
---|---|
Parameter group: | Wait Condition Arguments |
Default value: | False |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Polling interval in seconds.
Property | Value |
---|---|
Parameter group: | Wait Condition Arguments |
Default value: | 30 |
The name of the domain service.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Property | Value |
---|---|
Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
Property | Value |
---|---|
Parameter group: | Wait Condition Arguments |
Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
Property | Value |
---|---|
Parameter group: | Wait Condition Arguments |
Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
Property | Value |
---|---|
Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
Property | Value |
---|---|
Default value: | False |
Output format.
Property | Value |
---|---|
Default value: | json |
Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
Property | Value |
---|---|
Default value: | False |