Data Source: azurermActiveDirectoryDomainService
Gets information about an Active Directory Domain Service.
-> Supported Modes: At present this data source only supports User Forest mode and not Resource Forest mode. Read more about the different operation modes for this service.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.dataAzurermActiveDirectoryDomainService.DataAzurermActiveDirectoryDomainService(
this,
"example",
{
name: "example-aadds",
resource_group_name: "example-aadds-rg",
}
);
Argument Reference
-
name
- (Required) The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.
Attributes Reference
-
id
- The ID of the Domain Service. -
deploymentId
- A unique ID for the managed domain deployment. -
domainConfigurationType
- The forest type used by the managed domain. One ofresourceTrusting
, for a Resource Forest, or blank, for a User Forest. -
domainName
- The Active Directory domain of the Domain Service. See official documentation for constraints and recommendations. -
filteredSyncEnabled
- Whether group-based filtered sync (also called scoped synchronisation) is enabled. -
secureLdap
- AsecureLdap
block as defined below. -
location
- The Azure location where the Domain Service exists. -
notifications
- Anotifications
block as defined below. -
replicaSets
- One or morereplicaSet
blocks as defined below. -
security
- Asecurity
block as defined below. -
sku
- The SKU of the Domain Service resource. One ofstandard
,enterprise
orpremium
. -
tags
- A mapping of tags assigned to the resource.
A secureLdap
block exports the following:
-
enabled
- Whether secure LDAP is enabled for the managed domain. -
externalAccessEnabled
- Whether external access to LDAPS over the Internet, is enabled. -
externalAccessIpAddress
- The publicly routable IP address for LDAPS clients to connect to. -
pfxCertificate
- The certificate to use for LDAPS, as a base64-encoded TripleDES-SHA1 encrypted PKCS#12 bundle (PFX file).
A notifications
block exports the following:
-
additionalRecipients
- A list of additional email addresses to notify when there are alerts in the managed domain. -
notifyDcAdmins
- Whethermembers of the AAD DC Administrators group are notified when there are alerts in the managed domain. -
notifyGlobalAdmins
- Whether all Global Administrators are notified when there are alerts in the managed domain.
A replicaSet
block exports the following:
-
domainControllerIpAddresses
- A list of subnet IP addresses for the domain controllers in the replica set, typically two. -
externalAccessIpAddress
- The publicly routable IP address for the domain controllers in the replica set. -
location
- The Azure location in which the replica set resides. -
replicaSetId
- A unique ID for the replica set. -
serviceStatus
- The current service status for the replica set. -
subnetId
- The ID of the subnet in which the replica set resides.
A security
block exports the following:
-
kerberosArmoringEnabled
- (Optional) Whether the Kerberos Armoring is enabled. -
kerberosRc4EncryptionEnabled
- (Optional) Whether the Kerberos RC4 Encryption is enabled. -
ntlmV1Enabled
- Whether legacy NTLM v1 support is enabled. -
syncKerberosPasswords
- Whether Kerberos password hashes are synchronized to the managed domain. -
syncNtlmPasswords
- Whether NTLM password hashes are synchronized to the managed domain. -
syncOnPremPasswords
- Whether on-premises password hashes are synchronized to the managed domain. -
tlsV1Enabled
- Whether legacy TLS v1 support is enabled.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
read
- (Defaults to 5 minutes) Used when retrieving the Domain Service.