Microsoft.NetApp netAppAccounts 2021-04-01-preview

Bicep resource definition

The netAppAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.NetApp/netAppAccounts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.NetApp/netAppAccounts@2021-04-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  properties: {
    activeDirectories: [
      {
        activeDirectoryId: 'string'
        adName: 'string'
        aesEncryption: bool
        allowLocalNfsUsersWithLdap: bool
        backupOperators: [
          'string'
        ]
        dns: 'string'
        domain: 'string'
        kdcIP: 'string'
        ldapOverTLS: bool
        ldapSigning: bool
        organizationalUnit: 'string'
        password: 'string'
        securityOperators: [
          'string'
        ]
        serverRootCACertificate: 'string'
        site: 'string'
        smbServerName: 'string'
        username: 'string'
      }
    ]
    encryption: {
      keySource: 'string'
    }
  }
}

Property values

netAppAccounts

Name Description Value
name The resource name string (required)

Character limit: 1-128

Valid characters:
Alphanumerics, underscores, and hyphens.

Start with alphanumeric.
location Resource location string (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
properties NetApp Account properties AccountProperties

AccountProperties

Name Description Value
activeDirectories Active Directories ActiveDirectory[]
encryption Encryption settings AccountEncryption

ActiveDirectory

Name Description Value
activeDirectoryId Id of the Active Directory string
adName Name of the active directory machine. This optional parameter is used only while creating kerberos volume string

Constraints:
Min length = 1
Max length = 64
aesEncryption If enabled, AES encryption will be enabled for SMB communication. bool
allowLocalNfsUsersWithLdap If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. bool
backupOperators Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
dns Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
domain Name of the Active Directory domain string
kdcIP kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
ldapOverTLS Specifies whether or not the LDAP traffic needs to be secured via TLS. bool
ldapSigning Specifies whether or not the LDAP traffic needs to be signed. bool
organizationalUnit The Organizational Unit (OU) within the Windows Active Directory string
password Plain text password of Active Directory domain administrator, value is masked in the response string

Constraints:
Sensitive value. Pass in as a secure parameter.
securityOperators Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
serverRootCACertificate When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. string

Constraints:
Min length = 1
Max length = 10240
Sensitive value. Pass in as a secure parameter.
site The Active Directory site the service will limit Domain Controller discovery to string
smbServerName NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes string
username Username of Active Directory domain administrator string

AccountEncryption

Name Description Value
keySource Encryption Key Source. Possible values are: 'Microsoft.NetApp'. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create new ANF resource with NFSV3/NFSv4.1 volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with NFSV3 or NFSv4.1 protocol. They are all deployed together with Azure Virtual Network and Delegated subnet that are required for any volume to be created
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.

ARM template resource definition

The netAppAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.NetApp/netAppAccounts resource, add the following JSON to your template.

{
  "type": "Microsoft.NetApp/netAppAccounts",
  "apiVersion": "2021-04-01-preview",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "properties": {
    "activeDirectories": [
      {
        "activeDirectoryId": "string",
        "adName": "string",
        "aesEncryption": "bool",
        "allowLocalNfsUsersWithLdap": "bool",
        "backupOperators": [ "string" ],
        "dns": "string",
        "domain": "string",
        "kdcIP": "string",
        "ldapOverTLS": "bool",
        "ldapSigning": "bool",
        "organizationalUnit": "string",
        "password": "string",
        "securityOperators": [ "string" ],
        "serverRootCACertificate": "string",
        "site": "string",
        "smbServerName": "string",
        "username": "string"
      }
    ],
    "encryption": {
      "keySource": "string"
    }
  }
}

Property values

netAppAccounts

Name Description Value
type The resource type 'Microsoft.NetApp/netAppAccounts'
apiVersion The resource api version '2021-04-01-preview'
name The resource name string (required)

Character limit: 1-128

Valid characters:
Alphanumerics, underscores, and hyphens.

Start with alphanumeric.
location Resource location string (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
properties NetApp Account properties AccountProperties

AccountProperties

Name Description Value
activeDirectories Active Directories ActiveDirectory[]
encryption Encryption settings AccountEncryption

ActiveDirectory

Name Description Value
activeDirectoryId Id of the Active Directory string
adName Name of the active directory machine. This optional parameter is used only while creating kerberos volume string

Constraints:
Min length = 1
Max length = 64
aesEncryption If enabled, AES encryption will be enabled for SMB communication. bool
allowLocalNfsUsersWithLdap If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. bool
backupOperators Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
dns Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
domain Name of the Active Directory domain string
kdcIP kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
ldapOverTLS Specifies whether or not the LDAP traffic needs to be secured via TLS. bool
ldapSigning Specifies whether or not the LDAP traffic needs to be signed. bool
organizationalUnit The Organizational Unit (OU) within the Windows Active Directory string
password Plain text password of Active Directory domain administrator, value is masked in the response string

Constraints:
Sensitive value. Pass in as a secure parameter.
securityOperators Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
serverRootCACertificate When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. string

Constraints:
Min length = 1
Max length = 10240
Sensitive value. Pass in as a secure parameter.
site The Active Directory site the service will limit Domain Controller discovery to string
smbServerName NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes string
username Username of Active Directory domain administrator string

AccountEncryption

Name Description Value
keySource Encryption Key Source. Possible values are: 'Microsoft.NetApp'. string

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create new ANF resource with NFSV3/NFSv4.1 volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with NFSV3 or NFSv4.1 protocol. They are all deployed together with Azure Virtual Network and Delegated subnet that are required for any volume to be created
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.

Terraform (AzAPI provider) resource definition

The netAppAccounts resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.NetApp/netAppAccounts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.NetApp/netAppAccounts@2021-04-01-preview"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      activeDirectories = [
        {
          activeDirectoryId = "string"
          adName = "string"
          aesEncryption = bool
          allowLocalNfsUsersWithLdap = bool
          backupOperators = [
            "string"
          ]
          dns = "string"
          domain = "string"
          kdcIP = "string"
          ldapOverTLS = bool
          ldapSigning = bool
          organizationalUnit = "string"
          password = "string"
          securityOperators = [
            "string"
          ]
          serverRootCACertificate = "string"
          site = "string"
          smbServerName = "string"
          username = "string"
        }
      ]
      encryption = {
        keySource = "string"
      }
    }
  })
}

Property values

netAppAccounts

Name Description Value
type The resource type "Microsoft.NetApp/netAppAccounts@2021-04-01-preview"
name The resource name string (required)

Character limit: 1-128

Valid characters:
Alphanumerics, underscores, and hyphens.

Start with alphanumeric.
location Resource location string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags Dictionary of tag names and values.
properties NetApp Account properties AccountProperties

AccountProperties

Name Description Value
activeDirectories Active Directories ActiveDirectory[]
encryption Encryption settings AccountEncryption

ActiveDirectory

Name Description Value
activeDirectoryId Id of the Active Directory string
adName Name of the active directory machine. This optional parameter is used only while creating kerberos volume string

Constraints:
Min length = 1
Max length = 64
aesEncryption If enabled, AES encryption will be enabled for SMB communication. bool
allowLocalNfsUsersWithLdap If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. bool
backupOperators Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
dns Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
domain Name of the Active Directory domain string
kdcIP kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
ldapOverTLS Specifies whether or not the LDAP traffic needs to be secured via TLS. bool
ldapSigning Specifies whether or not the LDAP traffic needs to be signed. bool
organizationalUnit The Organizational Unit (OU) within the Windows Active Directory string
password Plain text password of Active Directory domain administrator, value is masked in the response string

Constraints:
Sensitive value. Pass in as a secure parameter.
securityOperators Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
serverRootCACertificate When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. string

Constraints:
Min length = 1
Max length = 10240
Sensitive value. Pass in as a secure parameter.
site The Active Directory site the service will limit Domain Controller discovery to string
smbServerName NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes string
username Username of Active Directory domain administrator string

AccountEncryption

Name Description Value
keySource Encryption Key Source. Possible values are: 'Microsoft.NetApp'. string