Scribd Logo
Upload

Welcome to Scribd!

  • 70 views

    Microsoft - AAD Domainservices

    Uploaded by

    Madalina Croitoru-Heuser
    The document provides details on deploying a Microsoft.AAD/domainServices resource, including supported API versions and required properties. Key properties include domainConfigurationType, domainName, replicaSets, sku, and properties like domainSecuritySettings, filteredSync, and notificationSettings. The resource can be deployed to resource groups using ARM templates.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Microsoft - AAD Domainservices

    Uploaded by

    Madalina Croitoru-Heuser
    70 views8 pages
    The document provides details on deploying a Microsoft.AAD/domainServices resource, including supported API versions and required properties. Key properties include domainConfigurationType, domainName, replicaSets, sku, and properties like domainSecuritySettings, filteredSync, and notificationSettings. The resource can be deployed to resource groups using ARM templates.

    Original Title

    Microsoft.AAD domainServices

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides details on deploying a Microsoft.AAD/domainServices resource, including supported API versions and required properties. Key properties include domainConfigurationType, domainName, replicaSets, sku, and properties like domainSecuritySettings, filteredSync, and notificationSettings. The resource can be deployed to resource groups using ARM templates.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    70 views8 pages

    Microsoft - AAD Domainservices

    Uploaded by

    Madalina Croitoru-Heuser
    The document provides details on deploying a Microsoft.AAD/domainServices resource, including supported API versions and required properties. Key properties include domainConfigurationType, domainName, replicaSets, sku, and properties like domainSecuritySettings, filteredSync, and notificationSettings. The resource can be deployed to resource groups using ARM templates.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 8

    Microsoft.

    AAD domainServices

    Article

    12/28/2022

    11 minutes to read

    1 contributor

    Choose a deployment language

    API Versions:

    ARM template resource definition

    The domainServices resource type can be deployed to:

    Resource groups - See resource group deployment commands

    For a list of changed properties in each API version, see change log.

    Resource format

    To create a Microsoft.AAD/domainServices resource, add the following JSON to your template.

    JSON

    Copy

    "type": "Microsoft.AAD/domainServices",

    "apiVersion": "2022-12-01",

    "name": "string",

    "location": "string",

    "tags": {

    "tagName1": "tagValue1",

    "tagName2": "tagValue2"
    },

    "etag": "string",

    "properties": {

    "configDiagnostics": {

    "lastExecuted": "string",

    "validatorResults": [

    "issues": [

    "descriptionParams": [ "string" ],

    "id": "string"

    ],

    "replicaSetSubnetDisplayName": "string",

    "status": "string",

    "validatorId": "string"

    },

    "domainConfigurationType": "string",

    "domainName": "string",

    "domainSecuritySettings": {

    "channelBinding": "string",

    "kerberosArmoring": "string",

    "kerberosRc4Encryption": "string",

    "ldapSigning": "string",

    "ntlmV1": "string",
    "syncKerberosPasswords": "string",

    "syncNtlmPasswords": "string",

    "syncOnPremPasswords": "string",

    "tlsV1": "string"

    },

    "filteredSync": "string",

    "ldapsSettings": {

    "externalAccess": "string",

    "ldaps": "string",

    "pfxCertificate": "string",

    "pfxCertificatePassword": "string"

    },

    "notificationSettings": {

    "additionalRecipients": [ "string" ],

    "notifyDcAdmins": "string",

    "notifyGlobalAdmins": "string"

    },

    "replicaSets": [

    "location": "string",

    "subnetId": "string"

    ],

    "resourceForestSettings": {

    "resourceForest": "string",

    "settings": [

    {
    "friendlyName": "string",

    "remoteDnsIps": "string",

    "trustDirection": "string",

    "trustedDomainFqdn": "string",

    "trustPassword": "string"

    },

    "sku": "string",

    "syncScope": "string"

    Property values

    domainServices

    Name Description Value

    type The resource type 'Microsoft.AAD/domainServices'

    apiVersion The resource api version '2022-12-01'

    name The resource name string (required)

    location Resource location string

    tags Resource tags Dictionary of tag names and values. See Tags in templates

    etag Resource etag string

    properties Domain service properties DomainServiceProperties

    DomainServiceProperties

    Name Description Value

    configDiagnostics Configuration diagnostics data containing latest execution from client.


    ConfigDiagnostics

    domainConfigurationType Domain Configuration Type string

    domainName The name of the Azure domain that the user would like to deploy Domain Services to.
    string

    domainSecuritySettings DomainSecurity Settings DomainSecuritySettings

    filteredSync Enabled or Disabled flag to turn on Group-based filtered sync 'Disabled'

    'Enabled'

    ldapsSettings Secure LDAP Settings LdapsSettings

    notificationSettings Notification Settings NotificationSettings

    replicaSets List of ReplicaSets ReplicaSet[]

    resourceForestSettings Resource Forest Settings ResourceForestSettings

    sku Sku Type string

    syncScope All or CloudOnly, All users in AAD are synced to AAD DS domain or only users actively
    syncing in the cloud 'All'

    'CloudOnly'

    ConfigDiagnostics

    Name Description Value

    lastExecuted Last domain configuration diagnostics DateTime string

    validatorResults List of Configuration Diagnostics validator results.


    ConfigDiagnosticsValidatorResult[]

    ConfigDiagnosticsValidatorResult

    Name Description Value

    issues List of resource config validation issues. ConfigDiagnosticsValidatorResultIssue[]

    replicaSetSubnetDisplayName Replica set location and subnet name string

    status Status for individual validator after running diagnostics. 'Failure'

    'None'

    'OK'

    'Running'

    'Skipped'

    'Warning'

    validatorId Validator identifier string


    ConfigDiagnosticsValidatorResultIssue

    Name Description Value

    descriptionParams List of domain resource property name or values used to compose a rich
    description. string[]

    id Validation issue identifier. string

    DomainSecuritySettings

    Name Description Value

    channelBinding A flag to determine whether or not ChannelBinding is enabled or disabled.


    'Disabled'

    'Enabled'

    kerberosArmoring A flag to determine whether or not KerberosArmoring is enabled or disabled.


    'Disabled'

    'Enabled'

    kerberosRc4Encryption A flag to determine whether or not KerberosRc4Encryption is enabled or


    disabled. 'Disabled'

    'Enabled'

    ldapSigning A flag to determine whether or not LdapSigning is enabled or disabled. 'Disabled'

    'Enabled'

    ntlmV1 A flag to determine whether or not NtlmV1 is enabled or disabled. 'Disabled'

    'Enabled'

    syncKerberosPasswordsA flag to determine whether or not SyncKerberosPasswords is enabled or


    disabled. 'Disabled'

    'Enabled'

    syncNtlmPasswords A flag to determine whether or not SyncNtlmPasswords is enabled or disabled.


    'Disabled'

    'Enabled'

    syncOnPremPasswords A flag to determine whether or not SyncOnPremPasswords is enabled or


    disabled. 'Disabled'

    'Enabled'

    tlsV1 A flag to determine whether or not TlsV1 is enabled or disabled. 'Disabled'


    'Enabled'

    LdapsSettings

    Name Description Value

    externalAccess A flag to determine whether or not Secure LDAP access over the internet is enabled or
    disabled. 'Disabled'

    'Enabled'

    ldaps A flag to determine whether or not Secure LDAP is enabled or disabled. 'Disabled'

    'Enabled'

    pfxCertificate The certificate required to configure Secure LDAP. The parameter passed here should be
    a base64encoded representation of the certificate pfx file. string

    pfxCertificatePassword The password to decrypt the provided Secure LDAP certificate pfx file. string

    NotificationSettings

    Name Description Value

    additionalRecipients The list of additional recipients string[]

    notifyDcAdmins Should domain controller admins be notified 'Disabled'

    'Enabled'

    notifyGlobalAdmins Should global admins be notified 'Disabled'

    'Enabled'

    ReplicaSet

    Name Description Value

    location Virtual network location string

    subnetId The name of the virtual network that Domain Services will be deployed on. The id of the
    subnet that Domain Services will be deployed on. /virtualNetwork/vnetName/subnets/subnetName.
    string

    ResourceForestSettings

    Name Description Value

    resourceForest Resource Forest string

    settings List of settings for Resource Forest ForestTrust[]

    ForestTrust
    Name Description Value

    friendlyName Friendly Name string

    remoteDnsIps Remote Dns ips string

    trustDirection Trust Direction string

    trustedDomainFqdn Trusted Domain FQDN string

    trustPassword Trust Password string

    You might also like