Docs Home
We recommend using Azure Native.
Azure v6.21.0 published on Friday, Mar 7, 2025 by Pulumi
azure.domainservices.Service
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
const deploy = new azure.core.ResourceGroup("deploy", {
name: "example-resources",
location: "West Europe",
});
const deployVirtualNetwork = new azure.network.VirtualNetwork("deploy", {
name: "deploy-vnet",
location: deploy.location,
resourceGroupName: deploy.name,
addressSpaces: ["10.0.1.0/16"],
});
const deploySubnet = new azure.network.Subnet("deploy", {
name: "deploy-subnet",
resourceGroupName: deploy.name,
virtualNetworkName: deployVirtualNetwork.name,
addressPrefixes: ["10.0.1.0/24"],
});
const deployNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("deploy", {
name: "deploy-nsg",
location: deploy.location,
resourceGroupName: deploy.name,
securityRules: [
{
name: "AllowSyncWithAzureAD",
priority: 101,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "443",
sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
destinationAddressPrefix: "*",
},
{
name: "AllowRD",
priority: 201,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "3389",
sourceAddressPrefix: "CorpNetSaw",
destinationAddressPrefix: "*",
},
{
name: "AllowPSRemoting",
priority: 301,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "5986",
sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
destinationAddressPrefix: "*",
},
{
name: "AllowLDAPS",
priority: 401,
direction: "Inbound",
access: "Allow",
protocol: "Tcp",
sourcePortRange: "*",
destinationPortRange: "636",
sourceAddressPrefix: "*",
destinationAddressPrefix: "*",
},
],
});
const deploySubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("deploy", {
subnetId: deploySubnet.id,
networkSecurityGroupId: deployNetworkSecurityGroup.id,
});
const dcAdmins = new azuread.Group("dc_admins", {
displayName: "AAD DC Administrators",
securityEnabled: true,
});
const admin = new azuread.User("admin", {
userPrincipalName: "dc-admin@hashicorp-example.com",
displayName: "DC Administrator",
password: "Pa55w0Rd!!1",
});
const adminGroupMember = new azuread.GroupMember("admin", {
groupObjectId: dcAdmins.objectId,
memberObjectId: admin.objectId,
});
const example = new azuread.ServicePrincipal("example", {applicationId: "2565bd9d-da50-47d4-8b85-4c97f669dc36"});
const aadds = new azure.core.ResourceGroup("aadds", {
name: "aadds-rg",
location: "westeurope",
});
const exampleService = new azure.domainservices.Service("example", {
name: "example-aadds",
location: aadds.location,
resourceGroupName: aadds.name,
domainName: "widgetslogin.net",
sku: "Enterprise",
filteredSyncEnabled: false,
initialReplicaSet: {
subnetId: deploySubnet.id,
},
notifications: {
additionalRecipients: [
"notifyA@example.net",
"notifyB@example.org",
],
notifyDcAdmins: true,
notifyGlobalAdmins: true,
},
security: {
syncKerberosPasswords: true,
syncNtlmPasswords: true,
syncOnPremPasswords: true,
},
tags: {
Environment: "prod",
},
}, {
dependsOn: [
example,
deploySubnetNetworkSecurityGroupAssociation,
],
});
import pulumi
import pulumi_azure as azure
import pulumi_azuread as azuread
deploy = azure.core.ResourceGroup("deploy",
name="example-resources",
location="West Europe")
deploy_virtual_network = azure.network.VirtualNetwork("deploy",
name="deploy-vnet",
location=deploy.location,
resource_group_name=deploy.name,
address_spaces=["10.0.1.0/16"])
deploy_subnet = azure.network.Subnet("deploy",
name="deploy-subnet",
resource_group_name=deploy.name,
virtual_network_name=deploy_virtual_network.name,
address_prefixes=["10.0.1.0/24"])
deploy_network_security_group = azure.network.NetworkSecurityGroup("deploy",
name="deploy-nsg",
location=deploy.location,
resource_group_name=deploy.name,
security_rules=[
{
"name": "AllowSyncWithAzureAD",
"priority": 101,
"direction": "Inbound",
"access": "Allow",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "443",
"source_address_prefix": "AzureActiveDirectoryDomainServices",
"destination_address_prefix": "*",
},
{
"name": "AllowRD",
"priority": 201,
"direction": "Inbound",
"access": "Allow",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "3389",
"source_address_prefix": "CorpNetSaw",
"destination_address_prefix": "*",
},
{
"name": "AllowPSRemoting",
"priority": 301,
"direction": "Inbound",
"access": "Allow",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "5986",
"source_address_prefix": "AzureActiveDirectoryDomainServices",
"destination_address_prefix": "*",
},
{
"name": "AllowLDAPS",
"priority": 401,
"direction": "Inbound",
"access": "Allow",
"protocol": "Tcp",
"source_port_range": "*",
"destination_port_range": "636",
"source_address_prefix": "*",
"destination_address_prefix": "*",
},
])
deploy_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("deploy",
subnet_id=deploy_subnet.id,
network_security_group_id=deploy_network_security_group.id)
dc_admins = azuread.Group("dc_admins",
display_name="AAD DC Administrators",
security_enabled=True)
admin = azuread.User("admin",
user_principal_name="dc-admin@hashicorp-example.com",
display_name="DC Administrator",
password="Pa55w0Rd!!1")
admin_group_member = azuread.GroupMember("admin",
group_object_id=dc_admins.object_id,
member_object_id=admin.object_id)
example = azuread.ServicePrincipal("example", application_id="2565bd9d-da50-47d4-8b85-4c97f669dc36")
aadds = azure.core.ResourceGroup("aadds",
name="aadds-rg",
location="westeurope")
example_service = azure.domainservices.Service("example",
name="example-aadds",
location=aadds.location,
resource_group_name=aadds.name,
domain_name="widgetslogin.net",
sku="Enterprise",
filtered_sync_enabled=False,
initial_replica_set={
"subnet_id": deploy_subnet.id,
},
notifications={
"additional_recipients": [
"notifyA@example.net",
"notifyB@example.org",
],
"notify_dc_admins": True,
"notify_global_admins": True,
},
security={
"sync_kerberos_passwords": True,
"sync_ntlm_passwords": True,
"sync_on_prem_passwords": True,
},
tags={
"Environment": "prod",
},
opts = pulumi.ResourceOptions(depends_on=[
example,
deploy_subnet_network_security_group_association,
]))
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/domainservices"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
"github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
deploy, err := core.NewResourceGroup(ctx, "deploy", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
deployVirtualNetwork, err := network.NewVirtualNetwork(ctx, "deploy", &network.VirtualNetworkArgs{
Name: pulumi.String("deploy-vnet"),
Location: deploy.Location,
ResourceGroupName: deploy.Name,
AddressSpaces: pulumi.StringArray{
pulumi.String("10.0.1.0/16"),
},
})
if err != nil {
return err
}
deploySubnet, err := network.NewSubnet(ctx, "deploy", &network.SubnetArgs{
Name: pulumi.String("deploy-subnet"),
ResourceGroupName: deploy.Name,
VirtualNetworkName: deployVirtualNetwork.Name,
AddressPrefixes: pulumi.StringArray{
pulumi.String("10.0.1.0/24"),
},
})
if err != nil {
return err
}
deployNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "deploy", &network.NetworkSecurityGroupArgs{
Name: pulumi.String("deploy-nsg"),
Location: deploy.Location,
ResourceGroupName: deploy.Name,
SecurityRules: network.NetworkSecurityGroupSecurityRuleArray{
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowSyncWithAzureAD"),
Priority: pulumi.Int(101),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("443"),
SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
DestinationAddressPrefix: pulumi.String("*"),
},
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowRD"),
Priority: pulumi.Int(201),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("3389"),
SourceAddressPrefix: pulumi.String("CorpNetSaw"),
DestinationAddressPrefix: pulumi.String("*"),
},
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowPSRemoting"),
Priority: pulumi.Int(301),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("5986"),
SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
DestinationAddressPrefix: pulumi.String("*"),
},
&network.NetworkSecurityGroupSecurityRuleArgs{
Name: pulumi.String("AllowLDAPS"),
Priority: pulumi.Int(401),
Direction: pulumi.String("Inbound"),
Access: pulumi.String("Allow"),
Protocol: pulumi.String("Tcp"),
SourcePortRange: pulumi.String("*"),
DestinationPortRange: pulumi.String("636"),
SourceAddressPrefix: pulumi.String("*"),
DestinationAddressPrefix: pulumi.String("*"),
},
},
})
if err != nil {
return err
}
deploySubnetNetworkSecurityGroupAssociation, err := network.NewSubnetNetworkSecurityGroupAssociation(ctx, "deploy", &network.SubnetNetworkSecurityGroupAssociationArgs{
SubnetId: deploySubnet.ID(),
NetworkSecurityGroupId: deployNetworkSecurityGroup.ID(),
})
if err != nil {
return err
}
dcAdmins, err := azuread.NewGroup(ctx, "dc_admins", &azuread.GroupArgs{
DisplayName: pulumi.String("AAD DC Administrators"),
SecurityEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
admin, err := azuread.NewUser(ctx, "admin", &azuread.UserArgs{
UserPrincipalName: pulumi.String("dc-admin@hashicorp-example.com"),
DisplayName: pulumi.String("DC Administrator"),
Password: pulumi.String("Pa55w0Rd!!1"),
})
if err != nil {
return err
}
_, err = azuread.NewGroupMember(ctx, "admin", &azuread.GroupMemberArgs{
GroupObjectId: dcAdmins.ObjectId,
MemberObjectId: admin.ObjectId,
})
if err != nil {
return err
}
example, err := azuread.NewServicePrincipal(ctx, "example", &azuread.ServicePrincipalArgs{
ApplicationId: pulumi.String("2565bd9d-da50-47d4-8b85-4c97f669dc36"),
})
if err != nil {
return err
}
aadds, err := core.NewResourceGroup(ctx, "aadds", &core.ResourceGroupArgs{
Name: pulumi.String("aadds-rg"),
Location: pulumi.String("westeurope"),
})
if err != nil {
return err
}
_, err = domainservices.NewService(ctx, "example", &domainservices.ServiceArgs{
Name: pulumi.String("example-aadds"),
Location: aadds.Location,
ResourceGroupName: aadds.Name,
DomainName: pulumi.String("widgetslogin.net"),
Sku: pulumi.String("Enterprise"),
FilteredSyncEnabled: pulumi.Bool(false),
InitialReplicaSet: &domainservices.ServiceInitialReplicaSetArgs{
SubnetId: deploySubnet.ID(),
},
Notifications: &domainservices.ServiceNotificationsArgs{
AdditionalRecipients: pulumi.StringArray{
pulumi.String("notifyA@example.net"),
pulumi.String("notifyB@example.org"),
},
NotifyDcAdmins: pulumi.Bool(true),
NotifyGlobalAdmins: pulumi.Bool(true),
},
Security: &domainservices.ServiceSecurityArgs{
SyncKerberosPasswords: pulumi.Bool(true),
SyncNtlmPasswords: pulumi.Bool(true),
SyncOnPremPasswords: pulumi.Bool(true),
},
Tags: pulumi.StringMap{
"Environment": pulumi.String("prod"),
},
}, pulumi.DependsOn([]pulumi.Resource{
example,
deploySubnetNetworkSecurityGroupAssociation,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureAD = Pulumi.AzureAD;
return await Deployment.RunAsync(() =>
{
var deploy = new Azure.Core.ResourceGroup("deploy", new()
{
Name = "example-resources",
Location = "West Europe",
});
var deployVirtualNetwork = new Azure.Network.VirtualNetwork("deploy", new()
{
Name = "deploy-vnet",
Location = deploy.Location,
ResourceGroupName = deploy.Name,
AddressSpaces = new[]
{
"10.0.1.0/16",
},
});
var deploySubnet = new Azure.Network.Subnet("deploy", new()
{
Name = "deploy-subnet",
ResourceGroupName = deploy.Name,
VirtualNetworkName = deployVirtualNetwork.Name,
AddressPrefixes = new[]
{
"10.0.1.0/24",
},
});
var deployNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("deploy", new()
{
Name = "deploy-nsg",
Location = deploy.Location,
ResourceGroupName = deploy.Name,
SecurityRules = new[]
{
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowSyncWithAzureAD",
Priority = 101,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "443",
SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
DestinationAddressPrefix = "*",
},
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowRD",
Priority = 201,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "3389",
SourceAddressPrefix = "CorpNetSaw",
DestinationAddressPrefix = "*",
},
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowPSRemoting",
Priority = 301,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "5986",
SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
DestinationAddressPrefix = "*",
},
new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
{
Name = "AllowLDAPS",
Priority = 401,
Direction = "Inbound",
Access = "Allow",
Protocol = "Tcp",
SourcePortRange = "*",
DestinationPortRange = "636",
SourceAddressPrefix = "*",
DestinationAddressPrefix = "*",
},
},
});
var deploySubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("deploy", new()
{
SubnetId = deploySubnet.Id,
NetworkSecurityGroupId = deployNetworkSecurityGroup.Id,
});
var dcAdmins = new AzureAD.Group("dc_admins", new()
{
DisplayName = "AAD DC Administrators",
SecurityEnabled = true,
});
var admin = new AzureAD.User("admin", new()
{
UserPrincipalName = "dc-admin@hashicorp-example.com",
DisplayName = "DC Administrator",
Password = "Pa55w0Rd!!1",
});
var adminGroupMember = new AzureAD.GroupMember("admin", new()
{
GroupObjectId = dcAdmins.ObjectId,
MemberObjectId = admin.ObjectId,
});
var example = new AzureAD.ServicePrincipal("example", new()
{
ApplicationId = "2565bd9d-da50-47d4-8b85-4c97f669dc36",
});
var aadds = new Azure.Core.ResourceGroup("aadds", new()
{
Name = "aadds-rg",
Location = "westeurope",
});
var exampleService = new Azure.DomainServices.Service("example", new()
{
Name = "example-aadds",
Location = aadds.Location,
ResourceGroupName = aadds.Name,
DomainName = "widgetslogin.net",
Sku = "Enterprise",
FilteredSyncEnabled = false,
InitialReplicaSet = new Azure.DomainServices.Inputs.ServiceInitialReplicaSetArgs
{
SubnetId = deploySubnet.Id,
},
Notifications = new Azure.DomainServices.Inputs.ServiceNotificationsArgs
{
AdditionalRecipients = new[]
{
"notifyA@example.net",
"notifyB@example.org",
},
NotifyDcAdmins = true,
NotifyGlobalAdmins = true,
},
Security = new Azure.DomainServices.Inputs.ServiceSecurityArgs
{
SyncKerberosPasswords = true,
SyncNtlmPasswords = true,
SyncOnPremPasswords = true,
},
Tags =
{
{ "Environment", "prod" },
},
}, new CustomResourceOptions
{
DependsOn =
{
example,
deploySubnetNetworkSecurityGroupAssociation,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.NetworkSecurityGroup;
import com.pulumi.azure.network.NetworkSecurityGroupArgs;
import com.pulumi.azure.network.inputs.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.GroupMember;
import com.pulumi.azuread.GroupMemberArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azure.domainservices.Service;
import com.pulumi.azure.domainservices.ServiceArgs;
import com.pulumi.azure.domainservices.inputs.ServiceInitialReplicaSetArgs;
import com.pulumi.azure.domainservices.inputs.ServiceNotificationsArgs;
import com.pulumi.azure.domainservices.inputs.ServiceSecurityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var deploy = new ResourceGroup("deploy", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var deployVirtualNetwork = new VirtualNetwork("deployVirtualNetwork", VirtualNetworkArgs.builder()
.name("deploy-vnet")
.location(deploy.location())
.resourceGroupName(deploy.name())
.addressSpaces("10.0.1.0/16")
.build());
var deploySubnet = new Subnet("deploySubnet", SubnetArgs.builder()
.name("deploy-subnet")
.resourceGroupName(deploy.name())
.virtualNetworkName(deployVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var deployNetworkSecurityGroup = new NetworkSecurityGroup("deployNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
.name("deploy-nsg")
.location(deploy.location())
.resourceGroupName(deploy.name())
.securityRules(
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowSyncWithAzureAD")
.priority(101)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("443")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowRD")
.priority(201)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("3389")
.sourceAddressPrefix("CorpNetSaw")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowPSRemoting")
.priority(301)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("5986")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowLDAPS")
.priority(401)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("636")
.sourceAddressPrefix("*")
.destinationAddressPrefix("*")
.build())
.build());
var deploySubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()
.subnetId(deploySubnet.id())
.networkSecurityGroupId(deployNetworkSecurityGroup.id())
.build());
var dcAdmins = new Group("dcAdmins", GroupArgs.builder()
.displayName("AAD DC Administrators")
.securityEnabled(true)
.build());
var admin = new User("admin", UserArgs.builder()
.userPrincipalName("dc-admin@hashicorp-example.com")
.displayName("DC Administrator")
.password("Pa55w0Rd!!1")
.build());
var adminGroupMember = new GroupMember("adminGroupMember", GroupMemberArgs.builder()
.groupObjectId(dcAdmins.objectId())
.memberObjectId(admin.objectId())
.build());
var example = new ServicePrincipal("example", ServicePrincipalArgs.builder()
.applicationId("2565bd9d-da50-47d4-8b85-4c97f669dc36")
.build());
var aadds = new ResourceGroup("aadds", ResourceGroupArgs.builder()
.name("aadds-rg")
.location("westeurope")
.build());
var exampleService = new Service("exampleService", ServiceArgs.builder()
.name("example-aadds")
.location(aadds.location())
.resourceGroupName(aadds.name())
.domainName("widgetslogin.net")
.sku("Enterprise")
.filteredSyncEnabled(false)
.initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
.subnetId(deploySubnet.id())
.build())
.notifications(ServiceNotificationsArgs.builder()
.additionalRecipients(
"notifyA@example.net",
"notifyB@example.org")
.notifyDcAdmins(true)
.notifyGlobalAdmins(true)
.build())
.security(ServiceSecurityArgs.builder()
.syncKerberosPasswords(true)
.syncNtlmPasswords(true)
.syncOnPremPasswords(true)
.build())
.tags(Map.of("Environment", "prod"))
.build(), CustomResourceOptions.builder()
.dependsOn(
example,
deploySubnetNetworkSecurityGroupAssociation)
.build());
}
}
resources:
deploy:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
deployVirtualNetwork:
type: azure:network:VirtualNetwork
name: deploy
properties:
name: deploy-vnet
location: ${deploy.location}
resourceGroupName: ${deploy.name}
addressSpaces:
- 10.0.1.0/16
deploySubnet:
type: azure:network:Subnet
name: deploy
properties:
name: deploy-subnet
resourceGroupName: ${deploy.name}
virtualNetworkName: ${deployVirtualNetwork.name}
addressPrefixes:
- 10.0.1.0/24
deployNetworkSecurityGroup:
type: azure:network:NetworkSecurityGroup
name: deploy
properties:
name: deploy-nsg
location: ${deploy.location}
resourceGroupName: ${deploy.name}
securityRules:
- name: AllowSyncWithAzureAD
priority: 101
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '443'
sourceAddressPrefix: AzureActiveDirectoryDomainServices
destinationAddressPrefix: '*'
- name: AllowRD
priority: 201
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '3389'
sourceAddressPrefix: CorpNetSaw
destinationAddressPrefix: '*'
- name: AllowPSRemoting
priority: 301
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '5986'
sourceAddressPrefix: AzureActiveDirectoryDomainServices
destinationAddressPrefix: '*'
- name: AllowLDAPS
priority: 401
direction: Inbound
access: Allow
protocol: Tcp
sourcePortRange: '*'
destinationPortRange: '636'
sourceAddressPrefix: '*'
destinationAddressPrefix: '*'
deploySubnetNetworkSecurityGroupAssociation:
type: azure:network:SubnetNetworkSecurityGroupAssociation
name: deploy
properties:
subnetId: ${deploySubnet.id}
networkSecurityGroupId: ${deployNetworkSecurityGroup.id}
dcAdmins:
type: azuread:Group
name: dc_admins
properties:
displayName: AAD DC Administrators
securityEnabled: true
admin:
type: azuread:User
properties:
userPrincipalName: dc-admin@hashicorp-example.com
displayName: DC Administrator
password: Pa55w0Rd!!1
adminGroupMember:
type: azuread:GroupMember
name: admin
properties:
groupObjectId: ${dcAdmins.objectId}
memberObjectId: ${admin.objectId}
example:
type: azuread:ServicePrincipal
properties:
applicationId: 2565bd9d-da50-47d4-8b85-4c97f669dc36
aadds:
type: azure:core:ResourceGroup
properties:
name: aadds-rg
location: westeurope
exampleService:
type: azure:domainservices:Service
name: example
properties:
name: example-aadds
location: ${aadds.location}
resourceGroupName: ${aadds.name}
domainName: widgetslogin.net
sku: Enterprise
filteredSyncEnabled: false
initialReplicaSet:
subnetId: ${deploySubnet.id}
notifications:
additionalRecipients:
- notifyA@example.net
- notifyB@example.org
notifyDcAdmins: true
notifyGlobalAdmins: true
security:
syncKerberosPasswords: true
syncNtlmPasswords: true
syncOnPremPasswords: true
tags:
Environment: prod
options:
dependsOn:
- ${example}
- ${deploySubnetNetworkSecurityGroupAssociation}
Create Service Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Service(name: string, args: ServiceArgs, opts?: CustomResourceOptions);@overload
def Service(resource_name: str,
args: ServiceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Service(resource_name: str,
opts: Optional[ResourceOptions] = None,
domain_name: Optional[str] = None,
initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
resource_group_name: Optional[str] = None,
sku: Optional[str] = None,
domain_configuration_type: Optional[str] = None,
filtered_sync_enabled: Optional[bool] = None,
location: Optional[str] = None,
name: Optional[str] = None,
notifications: Optional[ServiceNotificationsArgs] = None,
secure_ldap: Optional[ServiceSecureLdapArgs] = None,
security: Optional[ServiceSecurityArgs] = None,
tags: Optional[Mapping[str, str]] = None)func NewService(ctx *Context, name string, args ServiceArgs, opts ...ResourceOption) (*Service, error)public Service(string name, ServiceArgs args, CustomResourceOptions? opts = null)
public Service(String name, ServiceArgs args)
public Service(String name, ServiceArgs args, CustomResourceOptions options)
type: azure:domainservices:Service
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServiceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleserviceResourceResourceFromDomainservicesservice = new Azure.DomainServices.Service("exampleserviceResourceResourceFromDomainservicesservice", new()
{
DomainName = "string",
InitialReplicaSet = new Azure.DomainServices.Inputs.ServiceInitialReplicaSetArgs
{
SubnetId = "string",
DomainControllerIpAddresses = new[]
{
"string",
},
ExternalAccessIpAddress = "string",
Id = "string",
Location = "string",
ServiceStatus = "string",
},
ResourceGroupName = "string",
Sku = "string",
DomainConfigurationType = "string",
FilteredSyncEnabled = false,
Location = "string",
Name = "string",
Notifications = new Azure.DomainServices.Inputs.ServiceNotificationsArgs
{
AdditionalRecipients = new[]
{
"string",
},
NotifyDcAdmins = false,
NotifyGlobalAdmins = false,
},
SecureLdap = new Azure.DomainServices.Inputs.ServiceSecureLdapArgs
{
Enabled = false,
PfxCertificate = "string",
PfxCertificatePassword = "string",
CertificateExpiry = "string",
CertificateThumbprint = "string",
ExternalAccessEnabled = false,
PublicCertificate = "string",
},
Security = new Azure.DomainServices.Inputs.ServiceSecurityArgs
{
KerberosArmoringEnabled = false,
KerberosRc4EncryptionEnabled = false,
NtlmV1Enabled = false,
SyncKerberosPasswords = false,
SyncNtlmPasswords = false,
SyncOnPremPasswords = false,
TlsV1Enabled = false,
},
Tags =
{
{ "string", "string" },
},
});
example, err := domainservices.NewService(ctx, "exampleserviceResourceResourceFromDomainservicesservice", &domainservices.ServiceArgs{
DomainName: pulumi.String("string"),
InitialReplicaSet: &domainservices.ServiceInitialReplicaSetArgs{
SubnetId: pulumi.String("string"),
DomainControllerIpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
ExternalAccessIpAddress: pulumi.String("string"),
Id: pulumi.String("string"),
Location: pulumi.String("string"),
ServiceStatus: pulumi.String("string"),
},
ResourceGroupName: pulumi.String("string"),
Sku: pulumi.String("string"),
DomainConfigurationType: pulumi.String("string"),
FilteredSyncEnabled: pulumi.Bool(false),
Location: pulumi.String("string"),
Name: pulumi.String("string"),
Notifications: &domainservices.ServiceNotificationsArgs{
AdditionalRecipients: pulumi.StringArray{
pulumi.String("string"),
},
NotifyDcAdmins: pulumi.Bool(false),
NotifyGlobalAdmins: pulumi.Bool(false),
},
SecureLdap: &domainservices.ServiceSecureLdapArgs{
Enabled: pulumi.Bool(false),
PfxCertificate: pulumi.String("string"),
PfxCertificatePassword: pulumi.String("string"),
CertificateExpiry: pulumi.String("string"),
CertificateThumbprint: pulumi.String("string"),
ExternalAccessEnabled: pulumi.Bool(false),
PublicCertificate: pulumi.String("string"),
},
Security: &domainservices.ServiceSecurityArgs{
KerberosArmoringEnabled: pulumi.Bool(false),
KerberosRc4EncryptionEnabled: pulumi.Bool(false),
NtlmV1Enabled: pulumi.Bool(false),
SyncKerberosPasswords: pulumi.Bool(false),
SyncNtlmPasswords: pulumi.Bool(false),
SyncOnPremPasswords: pulumi.Bool(false),
TlsV1Enabled: pulumi.Bool(false),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var exampleserviceResourceResourceFromDomainservicesservice = new Service("exampleserviceResourceResourceFromDomainservicesservice", ServiceArgs.builder()
.domainName("string")
.initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
.subnetId("string")
.domainControllerIpAddresses("string")
.externalAccessIpAddress("string")
.id("string")
.location("string")
.serviceStatus("string")
.build())
.resourceGroupName("string")
.sku("string")
.domainConfigurationType("string")
.filteredSyncEnabled(false)
.location("string")
.name("string")
.notifications(ServiceNotificationsArgs.builder()
.additionalRecipients("string")
.notifyDcAdmins(false)
.notifyGlobalAdmins(false)
.build())
.secureLdap(ServiceSecureLdapArgs.builder()
.enabled(false)
.pfxCertificate("string")
.pfxCertificatePassword("string")
.certificateExpiry("string")
.certificateThumbprint("string")
.externalAccessEnabled(false)
.publicCertificate("string")
.build())
.security(ServiceSecurityArgs.builder()
.kerberosArmoringEnabled(false)
.kerberosRc4EncryptionEnabled(false)
.ntlmV1Enabled(false)
.syncKerberosPasswords(false)
.syncNtlmPasswords(false)
.syncOnPremPasswords(false)
.tlsV1Enabled(false)
.build())
.tags(Map.of("string", "string"))
.build());
exampleservice_resource_resource_from_domainservicesservice = azure.domainservices.Service("exampleserviceResourceResourceFromDomainservicesservice",
domain_name="string",
initial_replica_set={
"subnet_id": "string",
"domain_controller_ip_addresses": ["string"],
"external_access_ip_address": "string",
"id": "string",
"location": "string",
"service_status": "string",
},
resource_group_name="string",
sku="string",
domain_configuration_type="string",
filtered_sync_enabled=False,
location="string",
name="string",
notifications={
"additional_recipients": ["string"],
"notify_dc_admins": False,
"notify_global_admins": False,
},
secure_ldap={
"enabled": False,
"pfx_certificate": "string",
"pfx_certificate_password": "string",
"certificate_expiry": "string",
"certificate_thumbprint": "string",
"external_access_enabled": False,
"public_certificate": "string",
},
security={
"kerberos_armoring_enabled": False,
"kerberos_rc4_encryption_enabled": False,
"ntlm_v1_enabled": False,
"sync_kerberos_passwords": False,
"sync_ntlm_passwords": False,
"sync_on_prem_passwords": False,
"tls_v1_enabled": False,
},
tags={
"string": "string",
})
const exampleserviceResourceResourceFromDomainservicesservice = new azure.domainservices.Service("exampleserviceResourceResourceFromDomainservicesservice", {
domainName: "string",
initialReplicaSet: {
subnetId: "string",
domainControllerIpAddresses: ["string"],
externalAccessIpAddress: "string",
id: "string",
location: "string",
serviceStatus: "string",
},
resourceGroupName: "string",
sku: "string",
domainConfigurationType: "string",
filteredSyncEnabled: false,
location: "string",
name: "string",
notifications: {
additionalRecipients: ["string"],
notifyDcAdmins: false,
notifyGlobalAdmins: false,
},
secureLdap: {
enabled: false,
pfxCertificate: "string",
pfxCertificatePassword: "string",
certificateExpiry: "string",
certificateThumbprint: "string",
externalAccessEnabled: false,
publicCertificate: "string",
},
security: {
kerberosArmoringEnabled: false,
kerberosRc4EncryptionEnabled: false,
ntlmV1Enabled: false,
syncKerberosPasswords: false,
syncNtlmPasswords: false,
syncOnPremPasswords: false,
tlsV1Enabled: false,
},
tags: {
string: "string",
},
});
type: azure:domainservices:Service
properties:
domainConfigurationType: string
domainName: string
filteredSyncEnabled: false
initialReplicaSet:
domainControllerIpAddresses:
- string
externalAccessIpAddress: string
id: string
location: string
serviceStatus: string
subnetId: string
location: string
name: string
notifications:
additionalRecipients:
- string
notifyDcAdmins: false
notifyGlobalAdmins: false
resourceGroupName: string
secureLdap:
certificateExpiry: string
certificateThumbprint: string
enabled: false
externalAccessEnabled: false
pfxCertificate: string
pfxCertificatePassword: string
publicCertificate: string
security:
kerberosArmoringEnabled: false
kerberosRc4EncryptionEnabled: false
ntlmV1Enabled: false
syncKerberosPasswords: false
syncNtlmPasswords: false
syncOnPremPasswords: false
tlsV1Enabled: false
sku: string
tags:
string: string
Service Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Service resource accepts the following input properties:
- Domain
Name string - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Initial
Replica ServiceSet Initial Replica Set - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - Resource
Group stringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Sku string
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - Domain
Configuration stringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - Filtered
Sync boolEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - Location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications - A
notificationsblock as defined below. - Secure
Ldap ServiceSecure Ldap - A
secure_ldapblock as defined below. - Security
Service
Security - A
securityblock as defined below. - Dictionary<string, string>
- A mapping of tags assigned to the resource.
- Domain
Name string - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Initial
Replica ServiceSet Initial Replica Set Args - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - Resource
Group stringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Sku string
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - Domain
Configuration stringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - Filtered
Sync boolEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - Location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications Args - A
notificationsblock as defined below. - Secure
Ldap ServiceSecure Ldap Args - A
secure_ldapblock as defined below. - Security
Service
Security Args - A
securityblock as defined below. - map[string]string
- A mapping of tags assigned to the resource.
- domain
Name String - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial
Replica ServiceSet Initial Replica Set - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - resource
Group StringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku String
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - domain
Configuration StringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - filtered
Sync BooleanEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - location String
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications - A
notificationsblock as defined below. - secure
Ldap ServiceSecure Ldap - A
secure_ldapblock as defined below. - security
Service
Security - A
securityblock as defined below. - Map<String,String>
- A mapping of tags assigned to the resource.
- domain
Name string - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial
Replica ServiceSet Initial Replica Set - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - resource
Group stringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku string
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - domain
Configuration stringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - filtered
Sync booleanEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name string
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications - A
notificationsblock as defined below. - secure
Ldap ServiceSecure Ldap - A
secure_ldapblock as defined below. - security
Service
Security - A
securityblock as defined below. - {[key: string]: string}
- A mapping of tags assigned to the resource.
- domain_
name str - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial_
replica_ Serviceset Initial Replica Set Args - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - resource_
group_ strname - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku str
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - domain_
configuration_ strtype - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - filtered_
sync_ boolenabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - location str
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name str
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications Args - A
notificationsblock as defined below. - secure_
ldap ServiceSecure Ldap Args - A
secure_ldapblock as defined below. - security
Service
Security Args - A
securityblock as defined below. - Mapping[str, str]
- A mapping of tags assigned to the resource.
- domain
Name String - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- initial
Replica Property MapSet - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - resource
Group StringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- sku String
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - domain
Configuration StringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - filtered
Sync BooleanEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - location String
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications Property Map
- A
notificationsblock as defined below. - secure
Ldap Property Map - A
secure_ldapblock as defined below. - security Property Map
- A
securityblock as defined below. - Map<String>
- A mapping of tags assigned to the resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the Service resource produces the following output properties:
- Deployment
Id string - A unique ID for the managed domain deployment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Id string - The Azure resource ID for the domain service.
- Sync
Owner string - Tenant
Id string - Version int
- Deployment
Id string - A unique ID for the managed domain deployment.
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Id string - The Azure resource ID for the domain service.
- Sync
Owner string - Tenant
Id string - Version int
- deployment
Id String - A unique ID for the managed domain deployment.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Id String - The Azure resource ID for the domain service.
- sync
Owner String - tenant
Id String - version Integer
- deployment
Id string - A unique ID for the managed domain deployment.
- id string
- The provider-assigned unique ID for this managed resource.
- resource
Id string - The Azure resource ID for the domain service.
- sync
Owner string - tenant
Id string - version number
- deployment_
id str - A unique ID for the managed domain deployment.
- id str
- The provider-assigned unique ID for this managed resource.
- resource_
id str - The Azure resource ID for the domain service.
- sync_
owner str - tenant_
id str - version int
- deployment
Id String - A unique ID for the managed domain deployment.
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Id String - The Azure resource ID for the domain service.
- sync
Owner String - tenant
Id String - version Number
Look up Existing Service Resource
Get an existing Service resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServiceState, opts?: CustomResourceOptions): Service@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
deployment_id: Optional[str] = None,
domain_configuration_type: Optional[str] = None,
domain_name: Optional[str] = None,
filtered_sync_enabled: Optional[bool] = None,
initial_replica_set: Optional[ServiceInitialReplicaSetArgs] = None,
location: Optional[str] = None,
name: Optional[str] = None,
notifications: Optional[ServiceNotificationsArgs] = None,
resource_group_name: Optional[str] = None,
resource_id: Optional[str] = None,
secure_ldap: Optional[ServiceSecureLdapArgs] = None,
security: Optional[ServiceSecurityArgs] = None,
sku: Optional[str] = None,
sync_owner: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tenant_id: Optional[str] = None,
version: Optional[int] = None) -> Servicefunc GetService(ctx *Context, name string, id IDInput, state *ServiceState, opts ...ResourceOption) (*Service, error)public static Service Get(string name, Input<string> id, ServiceState? state, CustomResourceOptions? opts = null)public static Service get(String name, Output<String> id, ServiceState state, CustomResourceOptions options)resources: _: type: azure:domainservices:Service get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Deployment
Id string - A unique ID for the managed domain deployment.
- Domain
Configuration stringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - Domain
Name string - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Filtered
Sync boolEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - Initial
Replica ServiceSet Initial Replica Set - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - Location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications - A
notificationsblock as defined below. - Resource
Group stringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Resource
Id string - The Azure resource ID for the domain service.
- Secure
Ldap ServiceSecure Ldap - A
secure_ldapblock as defined below. - Security
Service
Security - A
securityblock as defined below. - Sku string
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - Sync
Owner string - Dictionary<string, string>
- A mapping of tags assigned to the resource.
- Tenant
Id string - Version int
- Deployment
Id string - A unique ID for the managed domain deployment.
- Domain
Configuration stringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - Domain
Name string - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- Filtered
Sync boolEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - Initial
Replica ServiceSet Initial Replica Set Args - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - Location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Name string
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- Notifications
Service
Notifications Args - A
notificationsblock as defined below. - Resource
Group stringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- Resource
Id string - The Azure resource ID for the domain service.
- Secure
Ldap ServiceSecure Ldap Args - A
secure_ldapblock as defined below. - Security
Service
Security Args - A
securityblock as defined below. - Sku string
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - Sync
Owner string - map[string]string
- A mapping of tags assigned to the resource.
- Tenant
Id string - Version int
- deployment
Id String - A unique ID for the managed domain deployment.
- domain
Configuration StringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - domain
Name String - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered
Sync BooleanEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - initial
Replica ServiceSet Initial Replica Set - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - location String
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications - A
notificationsblock as defined below. - resource
Group StringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource
Id String - The Azure resource ID for the domain service.
- secure
Ldap ServiceSecure Ldap - A
secure_ldapblock as defined below. - security
Service
Security - A
securityblock as defined below. - sku String
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - sync
Owner String - Map<String,String>
- A mapping of tags assigned to the resource.
- tenant
Id String - version Integer
- deployment
Id string - A unique ID for the managed domain deployment.
- domain
Configuration stringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - domain
Name string - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered
Sync booleanEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - initial
Replica ServiceSet Initial Replica Set - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name string
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications - A
notificationsblock as defined below. - resource
Group stringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource
Id string - The Azure resource ID for the domain service.
- secure
Ldap ServiceSecure Ldap - A
secure_ldapblock as defined below. - security
Service
Security - A
securityblock as defined below. - sku string
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - sync
Owner string - {[key: string]: string}
- A mapping of tags assigned to the resource.
- tenant
Id string - version number
- deployment_
id str - A unique ID for the managed domain deployment.
- domain_
configuration_ strtype - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - domain_
name str - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered_
sync_ boolenabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - initial_
replica_ Serviceset Initial Replica Set Args - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - location str
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name str
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications
Service
Notifications Args - A
notificationsblock as defined below. - resource_
group_ strname - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource_
id str - The Azure resource ID for the domain service.
- secure_
ldap ServiceSecure Ldap Args - A
secure_ldapblock as defined below. - security
Service
Security Args - A
securityblock as defined below. - sku str
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - sync_
owner str - Mapping[str, str]
- A mapping of tags assigned to the resource.
- tenant_
id str - version int
- deployment
Id String - A unique ID for the managed domain deployment.
- domain
Configuration StringType - The configuration type of this Active Directory Domain. Possible values are
FullySyncedandResourceTrusting. Changing this forces a new resource to be created. - domain
Name String - The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.
- filtered
Sync BooleanEnabled - Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to
false. - initial
Replica Property MapSet - An
initial_replica_setblock as defined below. The initial replica set inherits the same location as the Domain Service resource. - location String
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- name String
- The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.
- notifications Property Map
- A
notificationsblock as defined below. - resource
Group StringName - The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
- resource
Id String - The Azure resource ID for the domain service.
- secure
Ldap Property Map - A
secure_ldapblock as defined below. - security Property Map
- A
securityblock as defined below. - sku String
- The SKU to use when provisioning the Domain Service resource. One of
Standard,EnterpriseorPremium. - sync
Owner String - Map<String>
- A mapping of tags assigned to the resource.
- tenant
Id String - version Number
Supporting Types
ServiceInitialReplicaSet, ServiceInitialReplicaSetArgs
- Subnet
Id string - The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- Domain
Controller List<string>Ip Addresses - A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- External
Access stringIp Address - The publicly routable IP address for the domain controllers in the initial replica set.
- Id string
- A unique ID for the replica set.
- Location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Service
Status string - The current service status for the initial replica set.
- Subnet
Id string - The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- Domain
Controller []stringIp Addresses - A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- External
Access stringIp Address - The publicly routable IP address for the domain controllers in the initial replica set.
- Id string
- A unique ID for the replica set.
- Location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- Service
Status string - The current service status for the initial replica set.
- subnet
Id String - The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain
Controller List<String>Ip Addresses - A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external
Access StringIp Address - The publicly routable IP address for the domain controllers in the initial replica set.
- id String
- A unique ID for the replica set.
- location String
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service
Status String - The current service status for the initial replica set.
- subnet
Id string - The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain
Controller string[]Ip Addresses - A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external
Access stringIp Address - The publicly routable IP address for the domain controllers in the initial replica set.
- id string
- A unique ID for the replica set.
- location string
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service
Status string - The current service status for the initial replica set.
- subnet_
id str - The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain_
controller_ Sequence[str]ip_ addresses - A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external_
access_ strip_ address - The publicly routable IP address for the domain controllers in the initial replica set.
- id str
- A unique ID for the replica set.
- location str
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service_
status str - The current service status for the initial replica set.
- subnet
Id String - The ID of the subnet in which to place the initial replica set. Changing this forces a new resource to be created.
- domain
Controller List<String>Ip Addresses - A list of subnet IP addresses for the domain controllers in the initial replica set, typically two.
- external
Access StringIp Address - The publicly routable IP address for the domain controllers in the initial replica set.
- id String
- A unique ID for the replica set.
- location String
- The Azure location where the Domain Service exists. Changing this forces a new resource to be created.
- service
Status String - The current service status for the initial replica set.
ServiceNotifications, ServiceNotificationsArgs
- Additional
Recipients List<string> - A list of additional email addresses to notify when there are alerts in the managed domain.
- Notify
Dc boolAdmins - Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- Notify
Global boolAdmins - Whether to notify all Global Administrators when there are alerts in the managed domain.
- Additional
Recipients []string - A list of additional email addresses to notify when there are alerts in the managed domain.
- Notify
Dc boolAdmins - Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- Notify
Global boolAdmins - Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional
Recipients List<String> - A list of additional email addresses to notify when there are alerts in the managed domain.
- notify
Dc BooleanAdmins - Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify
Global BooleanAdmins - Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional
Recipients string[] - A list of additional email addresses to notify when there are alerts in the managed domain.
- notify
Dc booleanAdmins - Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify
Global booleanAdmins - Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional_
recipients Sequence[str] - A list of additional email addresses to notify when there are alerts in the managed domain.
- notify_
dc_ booladmins - Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify_
global_ booladmins - Whether to notify all Global Administrators when there are alerts in the managed domain.
- additional
Recipients List<String> - A list of additional email addresses to notify when there are alerts in the managed domain.
- notify
Dc BooleanAdmins - Whether to notify members of the AAD DC Administrators group when there are alerts in the managed domain.
- notify
Global BooleanAdmins - Whether to notify all Global Administrators when there are alerts in the managed domain.
ServiceSecureLdap, ServiceSecureLdapArgs
- Enabled bool
- Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- Pfx
Certificate string - The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- Pfx
Certificate stringPassword - The password to use for decrypting the PKCS#12 bundle (PFX file).
- Certificate
Expiry string - The expiry time of the certificate.
- Certificate
Thumbprint string - The thumbprint of the certificate.
- External
Access boolEnabled - Whether to enable external access to LDAPS over the Internet. Defaults to
false. - Public
Certificate string - The public certificate.
- Enabled bool
- Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- Pfx
Certificate string - The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- Pfx
Certificate stringPassword - The password to use for decrypting the PKCS#12 bundle (PFX file).
- Certificate
Expiry string - The expiry time of the certificate.
- Certificate
Thumbprint string - The thumbprint of the certificate.
- External
Access boolEnabled - Whether to enable external access to LDAPS over the Internet. Defaults to
false. - Public
Certificate string - The public certificate.
- enabled Boolean
- Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx
Certificate String - The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx
Certificate StringPassword - The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate
Expiry String - The expiry time of the certificate.
- certificate
Thumbprint String - The thumbprint of the certificate.
- external
Access BooleanEnabled - Whether to enable external access to LDAPS over the Internet. Defaults to
false. - public
Certificate String - The public certificate.
- enabled boolean
- Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx
Certificate string - The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx
Certificate stringPassword - The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate
Expiry string - The expiry time of the certificate.
- certificate
Thumbprint string - The thumbprint of the certificate.
- external
Access booleanEnabled - Whether to enable external access to LDAPS over the Internet. Defaults to
false. - public
Certificate string - The public certificate.
- enabled bool
- Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx_
certificate str - The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx_
certificate_ strpassword - The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate_
expiry str - The expiry time of the certificate.
- certificate_
thumbprint str - The thumbprint of the certificate.
- external_
access_ boolenabled - Whether to enable external access to LDAPS over the Internet. Defaults to
false. - public_
certificate str - The public certificate.
- enabled Boolean
- Whether to enable secure LDAP for the managed domain. For more information, please see official documentation on enabling LDAPS, paying particular attention to the section on network security to avoid unnecessarily exposing your service to Internet-borne bruteforce attacks.
- pfx
Certificate String - The certificate/private key to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
- pfx
Certificate StringPassword - The password to use for decrypting the PKCS#12 bundle (PFX file).
- certificate
Expiry String - The expiry time of the certificate.
- certificate
Thumbprint String - The thumbprint of the certificate.
- external
Access BooleanEnabled - Whether to enable external access to LDAPS over the Internet. Defaults to
false. - public
Certificate String - The public certificate.
ServiceSecurity, ServiceSecurityArgs
- Kerberos
Armoring boolEnabled - Whether to enable Kerberos Armoring. Defaults to
false. - Kerberos
Rc4Encryption boolEnabled - Whether to enable Kerberos RC4 Encryption. Defaults to
false. - Ntlm
V1Enabled bool - Whether to enable legacy NTLM v1 support. Defaults to
false. - Sync
Kerberos boolPasswords - Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false. - Sync
Ntlm boolPasswords - Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false. - Sync
On boolPrem Passwords - Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false. - Tls
V1Enabled bool - Whether to enable legacy TLS v1 support. Defaults to
false.
- Kerberos
Armoring boolEnabled - Whether to enable Kerberos Armoring. Defaults to
false. - Kerberos
Rc4Encryption boolEnabled - Whether to enable Kerberos RC4 Encryption. Defaults to
false. - Ntlm
V1Enabled bool - Whether to enable legacy NTLM v1 support. Defaults to
false. - Sync
Kerberos boolPasswords - Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false. - Sync
Ntlm boolPasswords - Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false. - Sync
On boolPrem Passwords - Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false. - Tls
V1Enabled bool - Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos
Armoring BooleanEnabled - Whether to enable Kerberos Armoring. Defaults to
false. - kerberos
Rc4Encryption BooleanEnabled - Whether to enable Kerberos RC4 Encryption. Defaults to
false. - ntlm
V1Enabled Boolean - Whether to enable legacy NTLM v1 support. Defaults to
false. - sync
Kerberos BooleanPasswords - Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false. - sync
Ntlm BooleanPasswords - Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false. - sync
On BooleanPrem Passwords - Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false. - tls
V1Enabled Boolean - Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos
Armoring booleanEnabled - Whether to enable Kerberos Armoring. Defaults to
false. - kerberos
Rc4Encryption booleanEnabled - Whether to enable Kerberos RC4 Encryption. Defaults to
false. - ntlm
V1Enabled boolean - Whether to enable legacy NTLM v1 support. Defaults to
false. - sync
Kerberos booleanPasswords - Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false. - sync
Ntlm booleanPasswords - Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false. - sync
On booleanPrem Passwords - Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false. - tls
V1Enabled boolean - Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos_
armoring_ boolenabled - Whether to enable Kerberos Armoring. Defaults to
false. - kerberos_
rc4_ boolencryption_ enabled - Whether to enable Kerberos RC4 Encryption. Defaults to
false. - ntlm_
v1_ boolenabled - Whether to enable legacy NTLM v1 support. Defaults to
false. - sync_
kerberos_ boolpasswords - Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false. - sync_
ntlm_ boolpasswords - Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false. - sync_
on_ boolprem_ passwords - Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false. - tls_
v1_ boolenabled - Whether to enable legacy TLS v1 support. Defaults to
false.
- kerberos
Armoring BooleanEnabled - Whether to enable Kerberos Armoring. Defaults to
false. - kerberos
Rc4Encryption BooleanEnabled - Whether to enable Kerberos RC4 Encryption. Defaults to
false. - ntlm
V1Enabled Boolean - Whether to enable legacy NTLM v1 support. Defaults to
false. - sync
Kerberos BooleanPasswords - Whether to synchronize Kerberos password hashes to the managed domain. Defaults to
false. - sync
Ntlm BooleanPasswords - Whether to synchronize NTLM password hashes to the managed domain. Defaults to
false. - sync
On BooleanPrem Passwords - Whether to synchronize on-premises password hashes to the managed domain. Defaults to
false. - tls
V1Enabled Boolean - Whether to enable legacy TLS v1 support. Defaults to
false.
Import
Domain Services can be imported using the resource ID, together with the Replica Set ID that you wish to designate as the initial replica set, e.g.
$ pulumi import azure:domainservices/service:Service example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/initialReplicaSetId/00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.