Replica
Manages a Replica Set for an Active Directory Domain Service.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.NetworkSecurityGroup;
import com.pulumi.azure.network.NetworkSecurityGroupArgs;
import com.pulumi.azure.network.inputs.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.GroupMember;
import com.pulumi.azuread.GroupMemberArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azure.domainservices.Service;
import com.pulumi.azure.domainservices.ServiceArgs;
import com.pulumi.azure.domainservices.inputs.ServiceInitialReplicaSetArgs;
import com.pulumi.azure.domainservices.inputs.ServiceNotificationsArgs;
import com.pulumi.azure.domainservices.inputs.ServiceSecurityArgs;
import com.pulumi.azure.network.VirtualNetworkPeering;
import com.pulumi.azure.network.VirtualNetworkPeeringArgs;
import com.pulumi.azure.network.VirtualNetworkDnsServers;
import com.pulumi.azure.network.VirtualNetworkDnsServersArgs;
import com.pulumi.azure.domainservices.ReplicaSet;
import com.pulumi.azure.domainservices.ReplicaSetArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primaryResourceGroup = new ResourceGroup("primaryResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var primaryVirtualNetwork = new VirtualNetwork("primaryVirtualNetwork", VirtualNetworkArgs.builder()
.location(primaryResourceGroup.location())
.resourceGroupName(primaryResourceGroup.name())
.addressSpaces("10.0.1.0/16")
.build());
var primarySubnet = new Subnet("primarySubnet", SubnetArgs.builder()
.resourceGroupName(primaryResourceGroup.name())
.virtualNetworkName(primaryVirtualNetwork.name())
.addressPrefixes("10.0.1.0/24")
.build());
var primaryNetworkSecurityGroup = new NetworkSecurityGroup("primaryNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
.location(primaryResourceGroup.location())
.resourceGroupName(primaryResourceGroup.name())
.securityRules(
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowSyncWithAzureAD")
.priority(101)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("443")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowRD")
.priority(201)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("3389")
.sourceAddressPrefix("CorpNetSaw")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowPSRemoting")
.priority(301)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("5986")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowLDAPS")
.priority(401)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("636")
.sourceAddressPrefix("*")
.destinationAddressPrefix("*")
.build())
.build());
var primarySubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("primarySubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()
.subnetId(primarySubnet.id())
.networkSecurityGroupId(primaryNetworkSecurityGroup.id())
.build());
var dcAdmins = new Group("dcAdmins", GroupArgs.builder()
.displayName("aad-dc-administrators")
.securityEnabled(true)
.build());
var adminUser = new User("adminUser", UserArgs.builder()
.userPrincipalName("dc-admin@hashicorp-example.net")
.displayName("DC Administrator")
.password("Pa55w0Rd!!1")
.build());
var adminGroupMember = new GroupMember("adminGroupMember", GroupMemberArgs.builder()
.groupObjectId(dcAdmins.objectId())
.memberObjectId(adminUser.objectId())
.build());
var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()
.applicationId("2565bd9d-da50-47d4-8b85-4c97f669dc36")
.build());
var aadds = new ResourceGroup("aadds", ResourceGroupArgs.builder()
.location("westeurope")
.build());
var exampleService = new Service("exampleService", ServiceArgs.builder()
.location(aadds.location())
.resourceGroupName(aadds.name())
.domainName("widgetslogin.net")
.sku("Enterprise")
.filteredSyncEnabled(false)
.initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
.location(primaryVirtualNetwork.location())
.subnetId(primarySubnet.id())
.build())
.notifications(ServiceNotificationsArgs.builder()
.additionalRecipients(
"notifyA@example.net",
"notifyB@example.org")
.notifyDcAdmins(true)
.notifyGlobalAdmins(true)
.build())
.security(ServiceSecurityArgs.builder()
.syncKerberosPasswords(true)
.syncNtlmPasswords(true)
.syncOnPremPasswords(true)
.build())
.tags(Map.of("Environment", "prod"))
.build(), CustomResourceOptions.builder()
.dependsOn(
exampleServicePrincipal,
primarySubnetNetworkSecurityGroupAssociation)
.build());
var replicaResourceGroup = new ResourceGroup("replicaResourceGroup", ResourceGroupArgs.builder()
.location("North Europe")
.build());
var replicaVirtualNetwork = new VirtualNetwork("replicaVirtualNetwork", VirtualNetworkArgs.builder()
.location(replicaResourceGroup.location())
.resourceGroupName(replicaResourceGroup.name())
.addressSpaces("10.20.0.0/16")
.build());
var aaddsReplicaSubnet = new Subnet("aaddsReplicaSubnet", SubnetArgs.builder()
.resourceGroupName(replicaResourceGroup.name())
.virtualNetworkName(replicaVirtualNetwork.name())
.addressPrefixes("10.20.0.0/24")
.build());
var aaddsReplicaNetworkSecurityGroup = new NetworkSecurityGroup("aaddsReplicaNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
.location(replicaResourceGroup.location())
.resourceGroupName(replicaResourceGroup.name())
.securityRules(
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowSyncWithAzureAD")
.priority(101)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("443")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowRD")
.priority(201)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("3389")
.sourceAddressPrefix("CorpNetSaw")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowPSRemoting")
.priority(301)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("5986")
.sourceAddressPrefix("AzureActiveDirectoryDomainServices")
.destinationAddressPrefix("*")
.build(),
NetworkSecurityGroupSecurityRuleArgs.builder()
.name("AllowLDAPS")
.priority(401)
.direction("Inbound")
.access("Allow")
.protocol("Tcp")
.sourcePortRange("*")
.destinationPortRange("636")
.sourceAddressPrefix("*")
.destinationAddressPrefix("*")
.build())
.build());
var replicaSubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("replicaSubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()
.subnetId(aaddsReplicaSubnet.id())
.networkSecurityGroupId(aaddsReplicaNetworkSecurityGroup.id())
.build());
var primaryReplica = new VirtualNetworkPeering("primaryReplica", VirtualNetworkPeeringArgs.builder()
.resourceGroupName(primaryVirtualNetwork.resourceGroupName())
.virtualNetworkName(primaryVirtualNetwork.name())
.remoteVirtualNetworkId(replicaVirtualNetwork.id())
.allowForwardedTraffic(true)
.allowGatewayTransit(false)
.allowVirtualNetworkAccess(true)
.useRemoteGateways(false)
.build());
var replicaPrimary = new VirtualNetworkPeering("replicaPrimary", VirtualNetworkPeeringArgs.builder()
.resourceGroupName(replicaVirtualNetwork.resourceGroupName())
.virtualNetworkName(replicaVirtualNetwork.name())
.remoteVirtualNetworkId(primaryVirtualNetwork.id())
.allowForwardedTraffic(true)
.allowGatewayTransit(false)
.allowVirtualNetworkAccess(true)
.useRemoteGateways(false)
.build());
var replicaVirtualNetworkDnsServers = new VirtualNetworkDnsServers("replicaVirtualNetworkDnsServers", VirtualNetworkDnsServersArgs.builder()
.virtualNetworkId(replicaVirtualNetwork.id())
.dnsServers(exampleService.initialReplicaSet().applyValue(initialReplicaSet -> initialReplicaSet.domainControllerIpAddresses()))
.build());
var replicaReplicaSet = new ReplicaSet("replicaReplicaSet", ReplicaSetArgs.builder()
.domainServiceId(exampleService.id())
.location(replicaResourceGroup.location())
.subnetId(aaddsReplicaSubnet.id())
.build(), CustomResourceOptions.builder()
.dependsOn(
replicaSubnetNetworkSecurityGroupAssociation,
primaryReplica,
replicaPrimary)
.build());
}
}Content copied to clipboard
Import
Domain Service Replica Sets can be imported using the resource ID of the parent Domain Service and the Replica Set ID, e.g.
$ pulumi import azure:domainservices/replicaSet:ReplicaSet example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/replicaSets/00000000-0000-0000-0000-000000000000Content copied to clipboard