Microsoft.AAD domainServices 2021-03-01
The domainServices resource type can be deployed to: Resource groups.
To learn about resource group deployments, see Bicep or ARM template.
For a list of changed properties in each API version, see change log.
Template format
To create a Microsoft.AAD/domainServices resource, add the following Bicep or JSON to your template.
resource symbolicname 'Microsoft.AAD/domainServices@2021-03-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
etag: 'string'
properties: {
domainConfigurationType: 'string'
domainName: 'string'
domainSecuritySettings: {
kerberosArmoring: 'string'
kerberosRc4Encryption: 'string'
ntlmV1: 'string'
syncKerberosPasswords: 'string'
syncNtlmPasswords: 'string'
syncOnPremPasswords: 'string'
tlsV1: 'string'
}
filteredSync: 'string'
ldapsSettings: {
externalAccess: 'string'
ldaps: 'string'
pfxCertificate: 'string'
pfxCertificatePassword: 'string'
}
notificationSettings: {
additionalRecipients: [
'string'
]
notifyDcAdmins: 'string'
notifyGlobalAdmins: 'string'
}
replicaSets: [
{
location: 'string'
subnetId: 'string'
}
]
resourceForestSettings: {
resourceForest: 'string'
settings: [
{
friendlyName: 'string'
remoteDnsIps: 'string'
trustDirection: 'string'
trustedDomainFqdn: 'string'
trustPassword: 'string'
}
]
}
sku: 'string'
}
}
Property values
domainServices
| Name | Description | Value |
|---|---|---|
| type | The resource type For Bicep, set this value in the resource declaration. |
'Microsoft.AAD/domainServices' |
| apiVersion | The resource api version For Bicep, set this value in the resource declaration. |
'2021-03-01' |
| name | The resource name | string (required) |
| location | Resource location | string |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| etag | Resource etag | string |
| properties | Domain service properties | DomainServiceProperties |
DomainServiceProperties
| Name | Description | Value |
|---|---|---|
| domainConfigurationType | Domain Configuration Type | string |
| domainName | The name of the Azure domain that the user would like to deploy Domain Services to. | string |
| domainSecuritySettings | DomainSecurity Settings | DomainSecuritySettings |
| filteredSync | Enabled or Disabled flag to turn on Group-based filtered sync | 'Disabled' 'Enabled' |
| ldapsSettings | Secure LDAP Settings | LdapsSettings |
| notificationSettings | Notification Settings | NotificationSettings |
| replicaSets | List of ReplicaSets | ReplicaSet[] |
| resourceForestSettings | Resource Forest Settings | ResourceForestSettings |
| sku | Sku Type | string |
DomainSecuritySettings
| Name | Description | Value |
|---|---|---|
| kerberosArmoring | A flag to determine whether or not KerberosArmoring is enabled or disabled. | 'Disabled' 'Enabled' |
| kerberosRc4Encryption | A flag to determine whether or not KerberosRc4Encryption is enabled or disabled. | 'Disabled' 'Enabled' |
| ntlmV1 | A flag to determine whether or not NtlmV1 is enabled or disabled. | 'Disabled' 'Enabled' |
| syncKerberosPasswords | A flag to determine whether or not SyncKerberosPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| syncNtlmPasswords | A flag to determine whether or not SyncNtlmPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| syncOnPremPasswords | A flag to determine whether or not SyncOnPremPasswords is enabled or disabled. | 'Disabled' 'Enabled' |
| tlsV1 | A flag to determine whether or not TlsV1 is enabled or disabled. | 'Disabled' 'Enabled' |
LdapsSettings
| Name | Description | Value |
|---|---|---|
| externalAccess | A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled. | 'Disabled' 'Enabled' |
| ldaps | A flag to determine whether or not Secure LDAP is enabled or disabled. | 'Disabled' 'Enabled' |
| pfxCertificate | The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file. | string |
| pfxCertificatePassword | The password to decrypt the provided Secure LDAP certificate pfx file. | string |
NotificationSettings
| Name | Description | Value |
|---|---|---|
| additionalRecipients | The list of additional recipients | string[] |
| notifyDcAdmins | Should domain controller admins be notified | 'Disabled' 'Enabled' |
| notifyGlobalAdmins | Should global admins be notified | 'Disabled' 'Enabled' |
ReplicaSet
| Name | Description | Value |
|---|---|---|
| location | Virtual network location | string |
| subnetId | The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName. | string |
ResourceForestSettings
| Name | Description | Value |
|---|---|---|
| resourceForest | Resource Forest | string |
| settings | List of settings for Resource Forest | ForestTrust[] |
ForestTrust
| Name | Description | Value |
|---|---|---|
| friendlyName | Friendly Name | string |
| remoteDnsIps | Remote Dns ips | string |
| trustDirection | Trust Direction | string |
| trustedDomainFqdn | Trusted Domain FQDN | string |
| trustPassword | Trust Password | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Managed Azure Active Directory Domain Services |
This template deploys an Managed Azure Active Directory Domain Service with required VNet and NSG configurations. |