Microsoft.AAD domainServices 2021-03-01
The domainServices resource type can be deployed to: Resource groups.
To learn about resource group deployments, see Bicep or ARM template.
For a list of changed properties in each API version, see change log.
Template format
To create a Microsoft.AAD/domainServices resource, add the following Bicep or JSON to your template.
resource symbolicname 'Microsoft.AAD/domainServices@2021-03-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
etag: 'string'
properties: {
domainConfigurationType: 'string'
domainName: 'string'
domainSecuritySettings: {
kerberosArmoring: 'string'
kerberosRc4Encryption: 'string'
ntlmV1: 'string'
syncKerberosPasswords: 'string'
syncNtlmPasswords: 'string'
syncOnPremPasswords: 'string'
tlsV1: 'string'
}
filteredSync: 'string'
ldapsSettings: {
externalAccess: 'string'
ldaps: 'string'
pfxCertificate: 'string'
pfxCertificatePassword: 'string'
}
notificationSettings: {
additionalRecipients: [
'string'
]
notifyDcAdmins: 'string'
notifyGlobalAdmins: 'string'
}
replicaSets: [
{
location: 'string'
subnetId: 'string'
}
]
resourceForestSettings: {
resourceForest: 'string'
settings: [
{
friendlyName: 'string'
remoteDnsIps: 'string'
trustDirection: 'string'
trustedDomainFqdn: 'string'
trustPassword: 'string'
}
]
}
sku: 'string'
}
}
Property values
domainServices
Name | Description | Value |
---|---|---|
type | The resource type For Bicep, set this value in the resource declaration. |
'Microsoft.AAD/domainServices' |
apiVersion | The resource api version For Bicep, set this value in the resource declaration. |
'2021-03-01' |
name | The resource name | string (required) |
location | Resource location | string |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
etag | Resource etag | string |
properties | Domain service properties | DomainServiceProperties |
DomainServiceProperties
Name | Description | Value |
---|---|---|
domainConfigurationType | Domain Configuration Type | string |
domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | 'Disabled' 'Enabled' |
ldapsSettings | Secure LDAP Settings | LdapsSettings |
notificationSettings | Notification Settings | NotificationSettings |
replicaSets | List of ReplicaSets | ReplicaSet[] |
resourceForestSettings | Resource Forest Settings | ResourceForestSettings |
sku | Sku Type | string |
DomainSecuritySettings
Name | Description | Value |
---|---|---|
kerberosArmoring | A flag to determine whether or not KerberosArmoring is enabled or disabled. | 'Disabled' 'Enabled' |
kerberosRc4Encryption | A flag to determine whether or not KerberosRc4Encryption is enabled or disabled. | 'Disabled' 'Enabled' |
ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | 'Disabled' 'Enabled' |
syncKerberosPasswords | A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
syncOnPremPasswords | A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | 'Disabled' 'Enabled' |
LdapsSettings
Name | Description | Value |
---|---|---|
externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | 'Disabled' 'Enabled' |
ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | 'Disabled' 'Enabled' |
pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
Name | Description | Value |
---|---|---|
additionalRecipients | The list of additional recipients | string[] |
notifyDcAdmins | Should domain controller admins be notified | 'Disabled' 'Enabled' |
notifyGlobalAdmins | Should global admins be notified | 'Disabled' 'Enabled' |
ReplicaSet
Name | Description | Value |
---|---|---|
location | Virtual network location | string |
subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
ResourceForestSettings
Name | Description | Value |
---|---|---|
resourceForest | Resource Forest | string |
settings | List of settings for Resource Forest | ForestTrust[] |
ForestTrust
Name | Description | Value |
---|---|---|
friendlyName | Friendly Name | string |
remoteDnsIps | Remote Dns ips | string |
trustDirection | Trust Direction | string |
trustedDomainFqdn | Trusted Domain FQDN | string |
trustPassword | Trust Password | string |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Managed Azure Active Directory Domain Services |
This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations. |