Skip to content

Data Source: azurermActiveDirectoryDomainService

Gets information about an Active Directory Domain Service.

-> Supported Modes: At present this data source only supports User Forest mode and not Resource Forest mode. Read more about the different operation modes for this service.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.dataAzurermActiveDirectoryDomainService.DataAzurermActiveDirectoryDomainService(
  this,
  "example",
  {
    name: "example-aadds",
    resource_group_name: "example-aadds-rg",
  }
);

Argument Reference

  • name - (Required) The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

  • resourceGroupName - (Required) The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

Attributes Reference

  • id - The ID of the Domain Service.

  • deploymentId - A unique ID for the managed domain deployment.

  • domainConfigurationType - The forest type used by the managed domain. One of resourceTrusting, for a Resource Forest, or blank, for a User Forest.

  • domainName - The Active Directory domain of the Domain Service. See official documentation for constraints and recommendations.

  • filteredSyncEnabled - Whether group-based filtered sync (also called scoped synchronisation) is enabled.

  • secureLdap - A secureLdap block as defined below.

  • location - The Azure location where the Domain Service exists.

  • notifications - A notifications block as defined below.

  • replicaSets - One or more replicaSet blocks as defined below.

  • security - A security block as defined below.

  • sku - The SKU of the Domain Service resource. One of standard, enterprise or premium.

  • tags - A mapping of tags assigned to the resource.

A secureLdap block exports the following:

  • enabled - Whether secure LDAP is enabled for the managed domain.

  • externalAccessEnabled - Whether external access to LDAPS over the Internet, is enabled.

  • externalAccessIpAddress - The publicly routable IP address for LDAPS clients to connect to.

  • pfxCertificate - The certificate to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).

A notifications block exports the following:

  • additionalRecipients - A list of additional email addresses to notify when there are alerts in the managed domain.

  • notifyDcAdmins - Whethermembers of the AAD DC Administrators group are notified when there are alerts in the managed domain.

  • notifyGlobalAdmins - Whether all Global Administrators are notified when there are alerts in the managed domain.

A replicaSet block exports the following:

  • domainControllerIpAddresses - A list of subnet IP addresses for the domain controllers in the replica set, typically two.

  • externalAccessIpAddress - The publicly routable IP address for the domain controllers in the replica set.

  • location - The Azure location in which the replica set resides.

  • replicaSetId - A unique ID for the replica set.

  • serviceStatus - The current service status for the replica set.

  • subnetId - The ID of the subnet in which the replica set resides.

A security block exports the following:

  • kerberosArmoringEnabled - (Optional) Whether the Kerberos Armoring is enabled.

  • kerberosRc4EncryptionEnabled - (Optional) Whether the Kerberos RC4 Encryption is enabled.

  • ntlmV1Enabled - Whether legacy NTLM v1 support is enabled.

  • syncKerberosPasswords - Whether Kerberos password hashes are synchronized to the managed domain.

  • syncNtlmPasswords - Whether NTLM password hashes are synchronized to the managed domain.

  • syncOnPremPasswords - Whether on-premises password hashes are synchronized to the managed domain.

  • tlsV1Enabled - Whether legacy TLS v1 support is enabled.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • read - (Defaults to 5 minutes) Used when retrieving the Domain Service.