Microsoft.AAD domainServices 2021-03-01
04/01/2021
4 minutes to read
In this article
To create a Microsoft.AAD/domainServices resource, add the following JSON to the resources section of your template.
{
"name": "string",
"type": "Microsoft.AAD/domainServices",
"apiVersion": "2021-03-01",
"location": "string",
"tags": {},
"properties": {
"domainName": "string",
"replicaSets": [
{
"location": "string",
"subnetId": "string"
}
],
"ldapsSettings": {
"ldaps": "string",
"pfxCertificate": "string",
"pfxCertificatePassword": "string",
"externalAccess": "string"
},
"resourceForestSettings": {
"settings": [
{
"trustedDomainFqdn": "string",
"trustDirection": "string",
"friendlyName": "string",
"remoteDnsIps": "string",
"trustPassword": "string"
}
],
"resourceForest": "string"
},
"domainSecuritySettings": {
"ntlmV1": "string",
"tlsV1": "string",
"syncNtlmPasswords": "string",
"syncKerberosPasswords": "string",
"syncOnPremPasswords": "string",
"kerberosRc4Encryption": "string",
"kerberosArmoring": "string"
},
"domainConfigurationType": "string",
"sku": "string",
"filteredSync": "string",
"notificationSettings": {
"notifyGlobalAdmins": "string",
"notifyDcAdmins": "string",
"additionalRecipients": [
"string"
]
}
}
}
resource symbolicname 'Microsoft.AAD/domainServices@2021-03-01' = {
name: 'string'
location: 'string'
tags: {}
properties: {
domainName: 'string'
replicaSets: [
{
location: 'string'
subnetId: 'string'
}
]
ldapsSettings: {
ldaps: 'string'
pfxCertificate: 'string'
pfxCertificatePassword: 'string'
externalAccess: 'string'
}
resourceForestSettings: {
settings: [
{
trustedDomainFqdn: 'string'
trustDirection: 'string'
friendlyName: 'string'
remoteDnsIps: 'string'
trustPassword: 'string'
}
]
resourceForest: 'string'
}
domainSecuritySettings: {
ntlmV1: 'string'
tlsV1: 'string'
syncNtlmPasswords: 'string'
syncKerberosPasswords: 'string'
syncOnPremPasswords: 'string'
kerberosRc4Encryption: 'string'
kerberosArmoring: 'string'
}
domainConfigurationType: 'string'
sku: 'string'
filteredSync: 'string'
notificationSettings: {
notifyGlobalAdmins: 'string'
notifyDcAdmins: 'string'
additionalRecipients: [
'string'
]
}
}
}
Property values
The following tables describe the values you need to set in the schema.
Microsoft.AAD/domainServices object
Note
In Bicep, type and apiVersion are specified in the first line of the resource declaration. Use the format <type>@<apiVersion>. Don't set those properties in the resource body.
Name
Type
Required
Value
name
string
Yes
The name of the domain service.
type
enum
Yes
For JSON - Microsoft.AAD/domainServices
apiVersion
enum
Yes
For JSON - 2021-03-01
location
string
No
Resource location
tags
object
No
Resource tags
properties
object
Yes
Domain service properties - DomainServiceProperties object
DomainServiceProperties object
Name
Type
Required
Value
domainName
string
No
The name of the Azure domain that the user would like to deploy Domain Services to.
replicaSets
array
No
List of ReplicaSets - ReplicaSet object
ldapsSettings
object
No
Secure LDAP Settings - LdapsSettings object
resourceForestSettings
object
No
Resource Forest Settings - ResourceForestSettings object
domainSecuritySettings
object
No
DomainSecurity Settings - DomainSecuritySettings object
domainConfigurationType
string
No
Domain Configuration Type
sku
string
No
Sku Type
filteredSync
enum
No
Enabled or Disabled flag to turn on Group-based filtered sync. - Enabled or Disabled
notificationSettings
object
No
Notification Settings - NotificationSettings object
ReplicaSet object
Name
Type
Required
Value
location
string
No
Virtual network location
subnetId
string
No
The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName.
LdapsSettings object
Name
Type
Required
Value
ldaps
enum
No
A flag to determine whether or not Secure LDAP is enabled or disabled. - Enabled or Disabled
pfxCertificate
string
No
The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file.
pfxCertificatePassword
string
No
The password to decrypt the provided Secure LDAP certificate pfx file.
externalAccess
enum
No
A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. - Enabled or Disabled
ResourceForestSettings object
Name
Type
Required
Value
settings
array
No
List of settings for Resource Forest - ForestTrust object
resourceForest
string
No
Resource Forest
DomainSecuritySettings object
Name
Type
Required
Value
ntlmV1
enum
No
A flag to determine whether or not NtlmV1 is enabled or disabled. - Enabled or Disabled
tlsV1
enum
No
A flag to determine whether or not TlsV1 is enabled or disabled. - Enabled or Disabled
syncNtlmPasswords
enum
No
A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. - Enabled or Disabled
syncKerberosPasswords
enum
No
A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. - Enabled or Disabled
syncOnPremPasswords
enum
No
A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. - Enabled or Disabled
kerberosRc4Encryption
enum
No
A flag to determine whether or not KerberosRc4Encryption is enabled or disabled. - Enabled or Disabled
kerberosArmoring
enum
No
A flag to determine whether or not KerberosArmoring is enabled or disabled. - Enabled or Disabled
NotificationSettings object
Name
Type
Required
Value
notifyGlobalAdmins
enum
No
Should global admins be notified. - Enabled or Disabled
notifyDcAdmins
enum
No
Should domain controller admins be notified. - Enabled or Disabled
additionalRecipients
array
No
The list of additional recipients - string
ForestTrust object
Name
Type
Required
Value
trustedDomainFqdn
string
No
Trusted Domain FQDN
trustDirection
string
No
Trust Direction
friendlyName
string
No
Friendly Name
remoteDnsIps
string
No
Remote Dns ips
trustPassword
string
No
Trust Password
Quickstart templates
The following quickstart templates deploy this resource type.
