Share via


az netappfiles account ad

Manage Azure NetApp Files (ANF) Account active directories.

Commands

Name Description Type Status
az netappfiles account ad add

Add an active directory to the account.

Core GA
az netappfiles account ad list

List the active directories of an account.

Core GA
az netappfiles account ad remove

Remove an active directory from the account.

Core GA
az netappfiles account ad show

Get the specified ANF active directory.

Core GA
az netappfiles account ad update

Updates an active directory to the account.

Core GA
az netappfiles account ad wait

Place the CLI in a waiting state until a condition is met.

Core GA

az netappfiles account ad add

Add an active directory to the account.

az netappfiles account ad add --account-name
                              --resource-group
                              [--active-directory-id]
                              [--ad-name]
                              [--administrators]
                              [--aes-encryption {0, 1, f, false, n, no, t, true, y, yes}]
                              [--allow-local-ldap-users {0, 1, f, false, n, no, t, true, y, yes}]
                              [--backup-operators]
                              [--dns]
                              [--domain]
                              [--encrypt-dc-conn {0, 1, f, false, n, no, t, true, y, yes}]
                              [--kdc-ip]
                              [--ldap-over-tls {0, 1, f, false, n, no, t, true, y, yes}]
                              [--ldap-search-scope]
                              [--ldap-signing {0, 1, f, false, n, no, t, true, y, yes}]
                              [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                              [--organizational-unit]
                              [--password]
                              [--preferred-servers-for-ldap-client]
                              [--security-operators]
                              [--server-root-ca-cert]
                              [--site]
                              [--smb-server-name]
                              [--username]

Examples

Add an active directory to the account

az netappfiles account ad add -g mygroup -a myname --username aduser --password aduser --smb-server-name SMBSERVER --dns 1.2.3.4 --domain westcentralus

Required Parameters

--account-name --name -a -n

The name of the NetApp account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--active-directory-id

Id of the Active Directory.

--ad-name

Name of the active directory machine. This optional parameter is used only while creating kerberos volume.

--administrators

Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--aes-encryption

If enabled, AES encryption will be enabled for SMB communication.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-local-ldap-users --allow-local-nfs-users-with-ldap

If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--backup-operators

Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--dns

Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain.

--domain

Name of the Active Directory domain.

--encrypt-dc-conn --encrypt-dc-connections

If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--kdc-ip

Kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume.

--ldap-over-tls

Specifies whether or not the LDAP traffic needs to be secured via TLS.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ldap-search-scope

LDAP Search scope options Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--ldap-signing

Specifies whether or not the LDAP traffic needs to be signed.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--organizational-unit

The Organizational Unit (OU) within the Windows Active Directory.

Default value: CN=Computers
--password

Plain text password of Active Directory domain administrator, value is masked in the response.

--preferred-servers-for-ldap-client -p

Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed.

--security-operators

Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--server-root-ca-cert --server-root-ca-certificate

When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes.

--site

The Active Directory site the service will limit Domain Controller discovery to.

--smb-server-name

NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes.

--username

A domain user account with permission to create machine accounts.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az netappfiles account ad list

List the active directories of an account.

az netappfiles account ad list --account-name
                               --resource-group

Examples

List the active directories of an account.

az netappfiles account ad list -g mygroup -a myname

Required Parameters

--account-name --name -a -n

The name of the NetApp account.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az netappfiles account ad remove

Remove an active directory from the account.

az netappfiles account ad remove --account-name
                                 --active-directory
                                 --resource-group
                                 [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--yes]

Examples

Remove an active directory from the account

az netappfiles account ad remove -g mygroup --name myname --active-directory-id 13641da9-c0e9-4b97-84fc-4f8014a93848

Required Parameters

--account-name --name -a -n

The name of the NetApp account.

--active-directory --active-directory-id

Id of the Active Directory.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az netappfiles account ad show

Get the specified ANF active directory.

az netappfiles account ad show --account-name
                               --active-directory-id
                               --resource-group

Examples

Get an active directory on the account

az netappfiles account ad show -g mygroup --name myname --active-directory-id 13641da9-c0e9-4b97-84fc-4f8014a93848

Required Parameters

--account-name --name -a -n

The name of the NetApp account.

--active-directory-id

Id of the Active Directory.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az netappfiles account ad update

Updates an active directory to the account.

az netappfiles account ad update --account-name
                                 --active-directory-id
                                 --resource-group
                                 [--ad-name]
                                 [--add]
                                 [--administrators]
                                 [--aes-encryption {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--allow-local-ldap-users {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--backup-operators]
                                 [--dns]
                                 [--domain]
                                 [--encrypt-dc-connections {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--kdc-ip]
                                 [--ldap-over-tls {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--ldap-search-scope]
                                 [--ldap-signing {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                 [--organizational-unit]
                                 [--password]
                                 [--preferred-servers-for-ldap-client]
                                 [--remove]
                                 [--security-operators]
                                 [--server-root-ca-cert]
                                 [--set]
                                 [--site]
                                 [--smb-server-name]
                                 [--username]

Examples

Update an active directory on the account

az netappfiles account ad update -g mygroup --name myname --active-directory-id 13641da9-c0e9-4b97-84fc-4f8014a93848 --username ad_username --password ad_password --domain northeurope --dns 1.2.3.4 --smb-server-name SMBSERVER

Required Parameters

--account-name --name -a -n

The name of the NetApp account.

--active-directory-id

Id of the Active Directory.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--ad-name

Name of the active directory machine. This optional parameter is used only while creating kerberos volume.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--administrators

Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--aes-encryption

If enabled, AES encryption will be enabled for SMB communication.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--allow-local-ldap-users --allow-local-nfs-users-with-ldap

If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--backup-operators

Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--dns

Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain.

--domain

Name of the Active Directory domain.

--encrypt-dc-connections

If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--kdc-ip

Kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume.

--ldap-over-tls

Specifies whether or not the LDAP traffic needs to be secured via TLS.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ldap-search-scope

LDAP Search scope options Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--ldap-signing

Specifies whether or not the LDAP traffic needs to be signed.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--organizational-unit

The Organizational Unit (OU) within the Windows Active Directory.

--password

Plain text password of Active Directory domain administrator, value is masked in the response.

--preferred-servers-for-ldap-client -p

Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--security-operators

Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--server-root-ca-cert --server-root-ca-certificate

When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--site

The Active Directory site the service will limit Domain Controller discovery to.

--smb-server-name

NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes.

--username

A domain user account with permission to create machine accounts.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az netappfiles account ad wait

Place the CLI in a waiting state until a condition is met.

az netappfiles account ad wait [--account-name]
                               [--created]
                               [--custom]
                               [--deleted]
                               [--exists]
                               [--ids]
                               [--interval]
                               [--resource-group]
                               [--subscription]
                               [--timeout]
                               [--updated]

Optional Parameters

--account-name --name -a -n

The name of the NetApp account.

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.