Microsoft.AAD domainServices 2021-03-01

The domainServices resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

For a list of changed properties in each API version, see change log.

Template format

To create a Microsoft.AAD/domainServices resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.AAD/domainServices@2021-03-01' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  etag: 'string'
  properties: {
    domainConfigurationType: 'string'
    domainName: 'string'
    domainSecuritySettings: {
      kerberosArmoring: 'string'
      kerberosRc4Encryption: 'string'
      ntlmV1: 'string'
      syncKerberosPasswords: 'string'
      syncNtlmPasswords: 'string'
      syncOnPremPasswords: 'string'
      tlsV1: 'string'
    filteredSync: 'string'
    ldapsSettings: {
      externalAccess: 'string'
      ldaps: 'string'
      pfxCertificate: 'string'
      pfxCertificatePassword: 'string'
    notificationSettings: {
      additionalRecipients: [
      notifyDcAdmins: 'string'
      notifyGlobalAdmins: 'string'
    replicaSets: [
        location: 'string'
        subnetId: 'string'
    resourceForestSettings: {
      resourceForest: 'string'
      settings: [
          friendlyName: 'string'
          remoteDnsIps: 'string'
          trustDirection: 'string'
          trustedDomainFqdn: 'string'
          trustPassword: 'string'
    sku: 'string'

Property values


Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
name The resource name string (required)
location Resource location string
tags Resource tags Dictionary of tag names and values. See Tags in templates
etag Resource etag string
properties Domain service properties DomainServiceProperties


Name Description Value
domainConfigurationType Domain Configuration Type string
domainName The name of the Azure domain that the user would like to deploy Domain Services to. string
domainSecuritySettings DomainSecurity Settings DomainSecuritySettings
filteredSync Enabled or Disabled flag to turn on Group-based filtered sync 'Disabled'
ldapsSettings Secure LDAP Settings LdapsSettings
notificationSettings Notification Settings NotificationSettings
replicaSets List of ReplicaSets ReplicaSet[]
resourceForestSettings Resource Forest Settings ResourceForestSettings
sku Sku Type string


Name Description Value
kerberosArmoring A flag to determine whether or not KerberosArmoring is enabled or disabled. 'Disabled'
kerberosRc4Encryption A flag to determine whether or not KerberosRc4Encryption is enabled or disabled. 'Disabled'
ntlmV1 A flag to determine whether or not NtlmV1 is enabled or disabled. 'Disabled'
syncKerberosPasswords A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. 'Disabled'
syncNtlmPasswords A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. 'Disabled'
syncOnPremPasswords A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. 'Disabled'
tlsV1 A flag to determine whether or not TlsV1 is enabled or disabled. 'Disabled'


Name Description Value
externalAccess A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. 'Disabled'
ldaps A flag to determine whether or not Secure LDAP is enabled or disabled. 'Disabled'
pfxCertificate The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. string
pfxCertificatePassword The password to decrypt the provided Secure LDAP certificate pfx file. string


Name Description Value
additionalRecipients The list of additional recipients string[]
notifyDcAdmins Should domain controller admins be notified 'Disabled'
notifyGlobalAdmins Should global admins be notified 'Disabled'


Name Description Value
location Virtual network location string
subnetId The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. string


Name Description Value
resourceForest Resource Forest string
settings List of settings for Resource Forest ForestTrust[]


Name Description Value
friendlyName Friendly Name string
remoteDnsIps Remote Dns ips string
trustDirection Trust Direction string
trustedDomainFqdn Trusted Domain FQDN string
trustPassword Trust Password string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Managed Azure Active Directory Domain Services

Deploy to Azure
This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations.