Microsoft.NetApp netAppAccounts
The netAppAccounts resource type can be deployed to: Resource groups.
To learn about resource group deployments, see Bicep or ARM template.
Template format
To create a Microsoft.NetApp/netAppAccounts resource, add the following Bicep or JSON to your template.
resource symbolicname 'Microsoft.NetApp/netAppAccounts@2021-10-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
properties: {
activeDirectories: [
{
activeDirectoryId: 'string'
administrators: [
'string'
]
adName: 'string'
aesEncryption: bool
allowLocalNfsUsersWithLdap: bool
backupOperators: [
'string'
]
dns: 'string'
domain: 'string'
encryptDCConnections: bool
kdcIP: 'string'
ldapOverTLS: bool
ldapSearchScope: {
groupDN: 'string'
groupMembershipFilter: 'string'
userDN: 'string'
}
ldapSigning: bool
organizationalUnit: 'string'
password: 'string'
securityOperators: [
'string'
]
serverRootCACertificate: 'string'
site: 'string'
smbServerName: 'string'
username: 'string'
}
]
encryption: {
keySource: 'string'
}
}
}
Property values
netAppAccounts
| Name | Description | Value |
|---|---|---|
| type | The resource type For Bicep, set this value in the resource declaration. |
'Microsoft.NetApp/netAppAccounts' |
| apiVersion | The resource api version For Bicep, set this value in the resource declaration. |
'2021-10-01' |
| name | The resource name | string (required) Character limit: 1-128 Valid characters: Alphanumerics, underscores, and hyphens. Start with alphanumeric. |
| location | Resource location | string (required) |
| tags | Tags are a list of key-value pairs that describe the resource | Dictionary of tag names and values. See Tags in templates |
| properties | NetApp account properties | AccountProperties |
AccountProperties
| Name | Description | Value |
|---|---|---|
| activeDirectories | Active Directories | ActiveDirectory[] |
| encryption | Encryption settings | AccountEncryption |
ActiveDirectory
| Name | Description | Value |
|---|---|---|
| activeDirectoryId | Id of the Active Directory | string |
| administrators | Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier | string[] |
| adName | Name of the active directory machine. This optional parameter is used only while creating kerberos volume | string |
| aesEncryption | If enabled, AES encryption will be enabled for SMB communication. | bool |
| allowLocalNfsUsersWithLdap | If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. | bool |
| backupOperators | Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier | string[] |
| dns | Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain | string |
| domain | Name of the Active Directory domain | string |
| encryptDCConnections | If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. | bool |
| kdcIP | kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. | string |
| ldapOverTLS | Specifies whether or not the LDAP traffic needs to be secured via TLS. | bool |
| ldapSearchScope | LDAP search scope | LdapSearchScopeOpt |
| ldapSigning | Specifies whether or not the LDAP traffic needs to be signed. | bool |
| organizationalUnit | The Organizational Unit (OU) within the Windows Active Directory | string |
| password | Plain text password of Active Directory domain administrator, value is masked in the response | string |
| securityOperators | Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier | string[] |
| serverRootCACertificate | When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. | string |
| site | The Active Directory site the service will limit Domain Controller discovery to | string |
| smbServerName | NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes | string |
| username | Username of Active Directory domain administrator | string |
LdapSearchScopeOpt
| Name | Description | Value |
|---|---|---|
| groupDN | This specifies the group DN, which overrides the base DN for group lookups. | string |
| groupMembershipFilter | This specifies the custom LDAP search filter to be used when looking up group membership from LDAP server. | string |
| userDN | This specifies the user DN, which overrides the base DN for user lookups. | string |
AccountEncryption
| Name | Description | Value |
|---|---|---|
| keySource | Encryption Key Source. Possible values are: 'Microsoft.NetApp'. | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create new ANF resource with NFSV3/NFSv4.1 volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with NFSV3 or NFSv4.1 protocol. They are all deployed together with Azure Virtual Network and Delegated subnet that are required for any volume to be created |
| Create new ANF resource with SMB volume |
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol. |