Microsoft.AAD domainServices 2020-01-01

Template format

To create a Microsoft.AAD/domainServices resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.AAD/domainServices",
  "apiVersion": "2020-01-01",
  "location": "string",
  "tags": {},
  "properties": {
    "domainName": "string",
    "replicaSets": [
      {
        "location": "string",
        "subnetId": "string"
      }
    ],
    "ldapsSettings": {
      "ldaps": "string",
      "pfxCertificate": "string",
      "pfxCertificatePassword": "string",
      "externalAccess": "string"
    },
    "resourceForestSettings": {
      "settings": [
        {
          "trustedDomainFqdn": "string",
          "trustDirection": "string",
          "friendlyName": "string",
          "remoteDnsIps": "string",
          "trustPassword": "string"
        }
      ],
      "resourceForest": "string"
    },
    "domainSecuritySettings": {
      "ntlmV1": "string",
      "tlsV1": "string",
      "syncNtlmPasswords": "string",
      "syncKerberosPasswords": "string",
      "syncOnPremPasswords": "string"
    },
    "domainConfigurationType": "string",
    "sku": "string",
    "filteredSync": "string",
    "notificationSettings": {
      "notifyGlobalAdmins": "string",
      "notifyDcAdmins": "string",
      "additionalRecipients": [
        "string"
      ]
    }
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.AAD/domainServices object

Note

In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.

Name Type Required Value
name string Yes The name of the domain service.
type enum Yes For JSON - Microsoft.AAD/domainServices
apiVersion enum Yes For JSON - 2020-01-01
location string No Resource location
tags object No Resource tags
properties object Yes Domain service properties - DomainServiceProperties object

DomainServiceProperties object

Name Type Required Value
domainName string No The name of the Azure domain that the user would like to deploy Domain Services to.
replicaSets array No List of ReplicaSets - ReplicaSet object
ldapsSettings object No Secure LDAP Settings - LdapsSettings object
resourceForestSettings object No Resource Forest Settings - ResourceForestSettings object
domainSecuritySettings object No DomainSecurity Settings - DomainSecuritySettings object
domainConfigurationType string No Domain Configuration Type
sku string No Sku Type
filteredSync enum No Enabled or Disabled flag to turn on Group-based filtered sync. - Enabled or Disabled
notificationSettings object No Notification Settings - NotificationSettings object

ReplicaSet object

Name Type Required Value
location string No Virtual network location
subnetId string No The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName.

LdapsSettings object

Name Type Required Value
ldaps enum No A flag to determine whether or not Secure LDAP is enabled or disabled. - Enabled or Disabled
pfxCertificate string No The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file.
pfxCertificatePassword string No The password to decrypt the provided Secure LDAP certificate pfx file.
externalAccess enum No A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. - Enabled or Disabled

ResourceForestSettings object

Name Type Required Value
settings array No List of settings for Resource Forest - ForestTrust object
resourceForest string No Resource Forest

DomainSecuritySettings object

Name Type Required Value
ntlmV1 enum No A flag to determine whether or not NtlmV1 is enabled or disabled. - Enabled or Disabled
tlsV1 enum No A flag to determine whether or not TlsV1 is enabled or disabled. - Enabled or Disabled
syncNtlmPasswords enum No A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. - Enabled or Disabled
syncKerberosPasswords enum No A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. - Enabled or Disabled
syncOnPremPasswords enum No A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. - Enabled or Disabled

NotificationSettings object

Name Type Required Value
notifyGlobalAdmins enum No Should global admins be notified. - Enabled or Disabled
notifyDcAdmins enum No Should domain controller admins be notified. - Enabled or Disabled
additionalRecipients array No The list of additional recipients - string

ForestTrust object

Name Type Required Value
trustedDomainFqdn string No Trusted Domain FQDN
trustDirection string No Trust Direction
friendlyName string No Friendly Name
remoteDnsIps string No Remote Dns ips
trustPassword string No Trust Password

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Managed Azure Active Directory Domain Services

Deploy to Azure
This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations.