Top / Microsoft Azure / Azure Active Directory Domain Services / Domain Service Replica Set

Azure Active Directory Domain Services Domain Service Replica Set

This page shows how to write Terraform and Azure Resource Manager for Active Directory Domain Services Domain Service Replica Set and write them securely.

terraform-logo

Review your .tf file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

azurerm_active_directory_domain_service_replica_set (Terraform)

The Domain Service Replica Set in Active Directory Domain Services can be configured in Terraform with the resource name azurerm_active_directory_domain_service_replica_set. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

active_directory_domain_service_replica_set_test.tf#L39
resource "azurerm_active_directory_domain_service_replica_set" "replica" {
  domain_service_id = azurerm_active_directory_domain_service.example.id
  location          = "australiaeast"
  subnet_id         = azurerm_subnet.deploy.id

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

The following arguments are supported:

  • domain_service_id - (Required) The ID of the Domain Service for which to create this Replica Set. Changing this forces a new resource to be created.

  • location - (Required) The Azure location where this Replica Set should exist. Changing this forces a new resource to be created.

  • subnet_id - (Required) The ID of the subnet in which to place this Replica Set.

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the Domain Service Replica Set.

  • domain_controller_ip_addresses - A list of subnet IP addresses for the domain controllers in this Replica Set, typically two.

  • external_access_ip_address - The publicly routable IP address for the domain controllers in this Replica Set.

  • service_status - The current service status for the replica set.

>> from Terraform Registry

Explanation in Terraform Registry

Manages a Replica Set for an Active Directory Domain Service.

>> from Terraform Registry

Microsoft.AAD/domainServices (Azure Resource Manager)

The domainServices in Microsoft.AAD can be configured in Azure Resource Manager with the resource name Microsoft.AAD/domainServices. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

CreateDomainService.json#L19
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",
        "properties": {
          "tenantId": "3f8cd22c-7b32-48aa-a01c-f533133b1def",
          "domainName": "zdomain.zforest.com",
CreateDomainService.json#L19
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",
        "properties": {
          "tenantId": "3f8cd22c-7b32-48aa-a01c-f533133b1def",
          "domainName": "zdomain.zforest.com",
settings.json#L7
    "galleries": [{ "type":"workbook", "resourceType":"Microsoft.AAD/domainServices", "order": 200 }],
    "order": 200,
    "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/settings.json"
settings.json#L7
    "galleries": [{ "type":"workbook", "resourceType":"Microsoft.AAD/domainServices", "order": 100 }],
    "order": 100,
    "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/settings.json"
CreateDomainService.json#L19
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",
        "properties": {
          "tenantId": "3f8cd22c-7b32-48aa-a01c-f533133b1def",
          "domainName": "zdomain.zforest.com",
CreateDomainService.json#L19
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",
        "properties": {
          "tenantId": "3f8cd22c-7b32-48aa-a01c-f533133b1def",
          "domainName": "zdomain.zforest.com",
CreateDomainService.json#L19
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",
        "properties": {
          "tenantId": "3f8cd22c-7b32-48aa-a01c-f533133b1def",
          "domainName": "zdomain.zforest.com",
CreateDomainService.json#L19
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",
        "properties": {
          "tenantId": "3f8cd22c-7b32-48aa-a01c-f533133b1def",
          "domainName": "zdomain.zforest.com",
UpdateDomainService.json#L23
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "tags": {
          "Owner": "jicha"
        },
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",
UpdateDomainService.json#L23
        "type": "Microsoft.AAD/domainServices",
        "location": "westus",
        "tags": {
          "Owner": "jicha"
        },
        "etag": "W/\"datetime'2017-04-10T04%3A42%3A19.7067387Z'\"",

Parameters

  • apiVersion required - string
  • etag optional - string

    Resource etag

  • location optional - string

    Resource location

  • name required - string

    The name of the domain service.

  • properties required
      • domainConfigurationType optional - string

        Domain Configuration Type

      • domainName optional - string

        The name of the Azure domain that the user would like to deploy Domain Services to.

      • domainSecuritySettings optional
          • kerberosArmoring optional - string

            A flag to determine whether or not KerberosArmoring is enabled or disabled.

          • kerberosRc4Encryption optional - string

            A flag to determine whether or not KerberosRc4Encryption is enabled or disabled.

          • ntlmV1 optional - string

            A flag to determine whether or not NtlmV1 is enabled or disabled.

          • syncKerberosPasswords optional - string

            A flag to determine whether or not SyncKerberosPasswords is enabled or disabled.

          • syncNtlmPasswords optional - string

            A flag to determine whether or not SyncNtlmPasswords is enabled or disabled.

          • syncOnPremPasswords optional - string

            A flag to determine whether or not SyncOnPremPasswords is enabled or disabled.

          • tlsV1 optional - string

            A flag to determine whether or not TlsV1 is enabled or disabled.

      • filteredSync optional - string

        Enabled or Disabled flag to turn on Group-based filtered sync.

      • ldapsSettings optional
          • externalAccess optional - string

            A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled.

          • ldaps optional - string

            A flag to determine whether or not Secure LDAP is enabled or disabled.

          • pfxCertificate optional - string

            The certificate required to configure Secure LDAP. The parameter passed here should be a base64encoded representation of the certificate pfx file.

          • pfxCertificatePassword optional - string

            The password to decrypt the provided Secure LDAP certificate pfx file.

      • notificationSettings optional
          • additionalRecipients optional - array

            The list of additional recipients

          • notifyDcAdmins optional - string

            Should domain controller admins be notified.

          • notifyGlobalAdmins optional - string

            Should global admins be notified.

      • replicaSets optional array
          • location optional - string

            Virtual network location

          • subnetId optional - string

            The name of the virtual network that Domain Services will be deployed on. The id of the subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName.

      • resourceForestSettings optional
          • resourceForest optional - string

            Resource Forest

          • settings optional array
              • friendlyName optional - string

                Friendly Name

              • remoteDnsIps optional - string

                Remote Dns ips

              • trustDirection optional - string

                Trust Direction

              • trustedDomainFqdn optional - string

                Trusted Domain FQDN

              • trustPassword optional - string

                Trust Password

      • sku optional - string

        Sku Type

  • tags optional - string

    Resource tags

  • type required - string

>> from Azure Resource Manager Documentation

The Other Related Azure Active Directory Domain Services Resources

Frequently asked questions

What is Azure Active Directory Domain Services Domain Service Replica Set?

Azure Active Directory Domain Services Domain Service Replica Set is a resource for Active Directory Domain Services of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Active Directory Domain Services Domain Service Replica Set?

For Terraform, the infracost/infracost source code example is useful. See the Terraform Example section for further details.

For Azure Resource Manager, the sanjaypavan/OldAzure-Rest-API, sanjaypavan/OldAzure-Rest-API and vutran01/Application-Insights-Workbooks-Int source code examples are useful. See the Azure Resource Manager Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents