import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages an Active Directory Domain Service. * * > **Note:** Before using this resource, there must exist in your tenant a service principal for the Domain Services published application. This service principal cannot be easily managed by Terraform and it's recommended to create this manually, as it does not exist by default. See [official documentation](https://docs.microsoft.com/azure/active-directory-domain-services/powershell-create-instance#create-required-azure-ad-resources) for details. * * > **Note:** At present this resource only supports **User Forest** mode and _not_ **Resource Forest** mode. [Read more](https://docs.microsoft.com/azure/active-directory-domain-services/concepts-resource-forest) about the different operation modes for this service. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * import * as azuread from "@pulumi/azuread"; * * const deploy = new azure.core.ResourceGroup("deploy", { * name: "example-resources", * location: "West Europe", * }); * const deployVirtualNetwork = new azure.network.VirtualNetwork("deploy", { * name: "deploy-vnet", * location: deploy.location, * resourceGroupName: deploy.name, * addressSpaces: ["10.0.1.0/16"], * }); * const deploySubnet = new azure.network.Subnet("deploy", { * name: "deploy-subnet", * resourceGroupName: deploy.name, * virtualNetworkName: deployVirtualNetwork.name, * addressPrefixes: ["10.0.1.0/24"], * }); * const deployNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("deploy", { * name: "deploy-nsg", * location: deploy.location, * resourceGroupName: deploy.name, * securityRules: [ * { * name: "AllowSyncWithAzureAD", * priority: 101, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "443", * sourceAddressPrefix: "AzureActiveDirectoryDomainServices", * destinationAddressPrefix: "*", * }, * { * name: "AllowRD", * priority: 201, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "3389", * sourceAddressPrefix: "CorpNetSaw", * destinationAddressPrefix: "*", * }, * { * name: "AllowPSRemoting", * priority: 301, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "5986", * sourceAddressPrefix: "AzureActiveDirectoryDomainServices", * destinationAddressPrefix: "*", * }, * { * name: "AllowLDAPS", * priority: 401, * direction: "Inbound", * access: "Allow", * protocol: "Tcp", * sourcePortRange: "*", * destinationPortRange: "636", * sourceAddressPrefix: "*", * destinationAddressPrefix: "*", * }, * ], * }); * const deploySubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("deploy", { * subnetId: deploySubnet.id, * networkSecurityGroupId: deployNetworkSecurityGroup.id, * }); * const dcAdmins = new azuread.Group("dc_admins", { * displayName: "AAD DC Administrators", * securityEnabled: true, * }); * const admin = new azuread.User("admin", { * userPrincipalName: "dc-admin@hashicorp-example.com", * displayName: "DC Administrator", * password: "Pa55w0Rd!!1", * }); * const adminGroupMember = new azuread.GroupMember("admin", { * groupObjectId: dcAdmins.objectId, * memberObjectId: admin.objectId, * }); * const example = new azuread.ServicePrincipal("example", {applicationId: "2565bd9d-da50-47d4-8b85-4c97f669dc36"}); * const aadds = new azure.core.ResourceGroup("aadds", { * name: "aadds-rg", * location: "westeurope", * }); * const exampleService = new azure.domainservices.Service("example", { * name: "example-aadds", * location: aadds.location, * resourceGroupName: aadds.name, * domainName: "widgetslogin.net", * sku: "Enterprise", * filteredSyncEnabled: false, * initialReplicaSet: { * subnetId: deploySubnet.id, * }, * notifications: { * additionalRecipients: [ * "notifyA@example.net", * "notifyB@example.org", * ], * notifyDcAdmins: true, * notifyGlobalAdmins: true, * }, * security: { * syncKerberosPasswords: true, * syncNtlmPasswords: true, * syncOnPremPasswords: true, * }, * tags: { * Environment: "prod", * }, * }, { * dependsOn: [ * example, * deploySubnetNetworkSecurityGroupAssociation, * ], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.AAD` - 2021-05-01 * * ## Import * * Domain Services can be imported using the resource ID, together with the Replica Set ID that you wish to designate as the initial replica set, e.g. * * ```sh * $ pulumi import azure:domainservices/service:Service example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/initialReplicaSetId/00000000-0000-0000-0000-000000000000 * ``` */ export declare class Service extends pulumi.CustomResource { /** * Get an existing Service resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ServiceState, opts?: pulumi.CustomResourceOptions): Service; /** * Returns true if the given object is an instance of Service. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Service; /** * A unique ID for the managed domain deployment. */ readonly deploymentId: pulumi.Output; /** * The configuration type of this Active Directory Domain. Possible values are `FullySynced` and `ResourceTrusting`. Changing this forces a new resource to be created. */ readonly domainConfigurationType: pulumi.Output; /** * The Active Directory domain to use. See [official documentation](https://docs.microsoft.com/azure/active-directory-domain-services/tutorial-create-instance#create-a-managed-domain) for constraints and recommendations. Changing this forces a new resource to be created. */ readonly domainName: pulumi.Output; /** * Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to `false`. */ readonly filteredSyncEnabled: pulumi.Output; /** * An `initialReplicaSet` block as defined below. The initial replica set inherits the same location as the Domain Service resource. */ readonly initialReplicaSet: pulumi.Output; /** * The Azure location where the Domain Service exists. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * A `notifications` block as defined below. */ readonly notifications: pulumi.Output; /** * The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * The Azure resource ID for the domain service. */ readonly resourceId: pulumi.Output; /** * A `secureLdap` block as defined below. */ readonly secureLdap: pulumi.Output; /** * A `security` block as defined below. */ readonly security: pulumi.Output; /** * The SKU to use when provisioning the Domain Service resource. One of `Standard`, `Enterprise` or `Premium`. */ readonly sku: pulumi.Output; readonly syncOwner: pulumi.Output; /** * A mapping of tags assigned to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; readonly tenantId: pulumi.Output; readonly version: pulumi.Output; /** * Create a Service resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServiceArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Service resources. */ export interface ServiceState { /** * A unique ID for the managed domain deployment. */ deploymentId?: pulumi.Input; /** * The configuration type of this Active Directory Domain. Possible values are `FullySynced` and `ResourceTrusting`. Changing this forces a new resource to be created. */ domainConfigurationType?: pulumi.Input; /** * The Active Directory domain to use. See [official documentation](https://docs.microsoft.com/azure/active-directory-domain-services/tutorial-create-instance#create-a-managed-domain) for constraints and recommendations. Changing this forces a new resource to be created. */ domainName?: pulumi.Input; /** * Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to `false`. */ filteredSyncEnabled?: pulumi.Input; /** * An `initialReplicaSet` block as defined below. The initial replica set inherits the same location as the Domain Service resource. */ initialReplicaSet?: pulumi.Input; /** * The Azure location where the Domain Service exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `notifications` block as defined below. */ notifications?: pulumi.Input; /** * The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * The Azure resource ID for the domain service. */ resourceId?: pulumi.Input; /** * A `secureLdap` block as defined below. */ secureLdap?: pulumi.Input; /** * A `security` block as defined below. */ security?: pulumi.Input; /** * The SKU to use when provisioning the Domain Service resource. One of `Standard`, `Enterprise` or `Premium`. */ sku?: pulumi.Input; syncOwner?: pulumi.Input; /** * A mapping of tags assigned to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; tenantId?: pulumi.Input; version?: pulumi.Input; } /** * The set of arguments for constructing a Service resource. */ export interface ServiceArgs { /** * The configuration type of this Active Directory Domain. Possible values are `FullySynced` and `ResourceTrusting`. Changing this forces a new resource to be created. */ domainConfigurationType?: pulumi.Input; /** * The Active Directory domain to use. See [official documentation](https://docs.microsoft.com/azure/active-directory-domain-services/tutorial-create-instance#create-a-managed-domain) for constraints and recommendations. Changing this forces a new resource to be created. */ domainName: pulumi.Input; /** * Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to `false`. */ filteredSyncEnabled?: pulumi.Input; /** * An `initialReplicaSet` block as defined below. The initial replica set inherits the same location as the Domain Service resource. */ initialReplicaSet: pulumi.Input; /** * The Azure location where the Domain Service exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A `notifications` block as defined below. */ notifications?: pulumi.Input; /** * The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * A `secureLdap` block as defined below. */ secureLdap?: pulumi.Input; /** * A `security` block as defined below. */ security?: pulumi.Input; /** * The SKU to use when provisioning the Domain Service resource. One of `Standard`, `Enterprise` or `Premium`. */ sku: pulumi.Input; /** * A mapping of tags assigned to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; }