Skip to content

googleActiveDirectoryDomainTrust

Adds a trust between Active Directory domains

To get more information about DomainTrust, see:

\~> Warning: All arguments including trustHandshakeSecret will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage - Active Directory Domain Trust Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.activeDirectoryDomainTrust.ActiveDirectoryDomainTrust(
  this,
  "ad-domain-trust",
  {
    domain: "test-managed-ad.com",
    target_dns_ip_addresses: ["10.1.0.100"],
    target_domain_name: "example-gcp.com",
    trust_direction: "OUTBOUND",
    trust_handshake_secret: "Testing1!",
    trust_type: "FOREST",
  }
);

Argument Reference

The following arguments are supported:

  • targetDomainName - (Required) The fully qualified target domain name which will be in trust with the current domain.

  • trustType - (Required) The type of trust represented by the trust resource. Possible values are forest and external.

  • trustDirection - (Required) The trust direction, which decides if the current domain is trusted, trusting, or both. Possible values are inbound, outbound, and bidirectional.

  • targetDnsIpAddresses - (Required) The target DNS server IP addresses which can resolve the remote domain involved in the trust.

  • trustHandshakeSecret - (Required) The trust secret used for the handshake with the target domain. This will not be stored. Note: This property is sensitive and will not be displayed in the plan.

  • domain - (Required) The fully qualified domain name. e.g. mydomain.myorganization.com, with the restrictions, https://cloud.google.com/managed-microsoft-ad/reference/rest/v1/projects.locations.global.domains.

  • selectiveAuthentication - (Optional) Whether the trusted side has forest/domain wide access or selective access to an approved set of resources.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/locations/global/domains/{{domain}}/{{targetDomainName}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

DomainTrust can be imported using any of these accepted formats:

$ terraform import google_active_directory_domain_trust.default projects/{{project}}/locations/global/domains/{{domain}}/{{target_domain_name}}
$ terraform import google_active_directory_domain_trust.default {{project}}/{{domain}}/{{target_domain_name}}
$ terraform import google_active_directory_domain_trust.default {{domain}}/{{target_domain_name}}

User Project Overrides

This resource supports User Project Overrides.