pulumi-azure-kotlin/com.pulumi.azure.domainservices.kotlin/ServiceArgs

ServiceArgs

data class ServiceArgs(val domainConfigurationType: Output<String>? = null, val domainName: Output<String>? = null, val filteredSyncEnabled: Output<Boolean>? = null, val initialReplicaSet: Output<ServiceInitialReplicaSetArgs>? = null, val location: Output<String>? = null, val name: Output<String>? = null, val notifications: Output<ServiceNotificationsArgs>? = null, val resourceGroupName: Output<String>? = null, val secureLdap: Output<ServiceSecureLdapArgs>? = null, val security: Output<ServiceSecurityArgs>? = null, val sku: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<ServiceArgs>

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.VirtualNetwork;
import com.pulumi.azure.network.VirtualNetworkArgs;
import com.pulumi.azure.network.Subnet;
import com.pulumi.azure.network.SubnetArgs;
import com.pulumi.azure.network.NetworkSecurityGroup;
import com.pulumi.azure.network.NetworkSecurityGroupArgs;
import com.pulumi.azure.network.inputs.NetworkSecurityGroupSecurityRuleArgs;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
import com.pulumi.azuread.Group;
import com.pulumi.azuread.GroupArgs;
import com.pulumi.azuread.User;
import com.pulumi.azuread.UserArgs;
import com.pulumi.azuread.GroupMember;
import com.pulumi.azuread.GroupMemberArgs;
import com.pulumi.azuread.ServicePrincipal;
import com.pulumi.azuread.ServicePrincipalArgs;
import com.pulumi.azure.domainservices.Service;
import com.pulumi.azure.domainservices.ServiceArgs;
import com.pulumi.azure.domainservices.inputs.ServiceInitialReplicaSetArgs;
import com.pulumi.azure.domainservices.inputs.ServiceNotificationsArgs;
import com.pulumi.azure.domainservices.inputs.ServiceSecurityArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var deployResourceGroup = new ResourceGroup("deployResourceGroup", ResourceGroupArgs.builder()
            .location("West Europe")
            .build());
        var deployVirtualNetwork = new VirtualNetwork("deployVirtualNetwork", VirtualNetworkArgs.builder()
            .location(deployResourceGroup.location())
            .resourceGroupName(deployResourceGroup.name())
            .addressSpaces("10.0.1.0/16")
            .build());
        var deploySubnet = new Subnet("deploySubnet", SubnetArgs.builder()
            .resourceGroupName(deployResourceGroup.name())
            .virtualNetworkName(deployVirtualNetwork.name())
            .addressPrefixes("10.0.1.0/24")
            .build());
        var deployNetworkSecurityGroup = new NetworkSecurityGroup("deployNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
            .location(deployResourceGroup.location())
            .resourceGroupName(deployResourceGroup.name())
            .securityRules(
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowSyncWithAzureAD")
                    .priority(101)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("443")
                    .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
                    .destinationAddressPrefix("*")
                    .build(),
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowRD")
                    .priority(201)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("3389")
                    .sourceAddressPrefix("CorpNetSaw")
                    .destinationAddressPrefix("*")
                    .build(),
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowPSRemoting")
                    .priority(301)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("5986")
                    .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
                    .destinationAddressPrefix("*")
                    .build(),
                NetworkSecurityGroupSecurityRuleArgs.builder()
                    .name("AllowLDAPS")
                    .priority(401)
                    .direction("Inbound")
                    .access("Allow")
                    .protocol("Tcp")
                    .sourcePortRange("*")
                    .destinationPortRange("636")
                    .sourceAddressPrefix("*")
                    .destinationAddressPrefix("*")
                    .build())
            .build());
        var deploySubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("deploySubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()
            .subnetId(deploySubnet.id())
            .networkSecurityGroupId(deployNetworkSecurityGroup.id())
            .build());
        var dcAdmins = new Group("dcAdmins", GroupArgs.builder()
            .displayName("AAD DC Administrators")
            .securityEnabled(true)
            .build());
        var adminUser = new User("adminUser", UserArgs.builder()
            .userPrincipalName("dc-admin@hashicorp-example.com")
            .displayName("DC Administrator")
            .password("Pa55w0Rd!!1")
            .build());
        var adminGroupMember = new GroupMember("adminGroupMember", GroupMemberArgs.builder()
            .groupObjectId(dcAdmins.objectId())
            .memberObjectId(adminUser.objectId())
            .build());
        var exampleServicePrincipal = new ServicePrincipal("exampleServicePrincipal", ServicePrincipalArgs.builder()
            .applicationId("2565bd9d-da50-47d4-8b85-4c97f669dc36")
            .build());
        var aadds = new ResourceGroup("aadds", ResourceGroupArgs.builder()
            .location("westeurope")
            .build());
        var exampleService = new Service("exampleService", ServiceArgs.builder()
            .location(aadds.location())
            .resourceGroupName(aadds.name())
            .domainName("widgetslogin.net")
            .sku("Enterprise")
            .filteredSyncEnabled(false)
            .initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
                .subnetId(deploySubnet.id())
                .build())
            .notifications(ServiceNotificationsArgs.builder()
                .additionalRecipients(
                    "notifyA@example.net",
                    "notifyB@example.org")
                .notifyDcAdmins(true)
                .notifyGlobalAdmins(true)
                .build())
            .security(ServiceSecurityArgs.builder()
                .syncKerberosPasswords(true)
                .syncNtlmPasswords(true)
                .syncOnPremPasswords(true)
                .build())
            .tags(Map.of("Environment", "prod"))
            .build(), CustomResourceOptions.builder()
                .dependsOn(
                    exampleServicePrincipal,
                    deploySubnetNetworkSecurityGroupAssociation)
                .build());
    }
}
Content copied to clipboard

Import

Domain Services can be imported using the resource ID, together with the Replica Set ID that you wish to designate as the initial replica set, e.g.

$ pulumi import azure:domainservices/service:Service example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/initialReplicaSetId/00000000-0000-0000-0000-000000000000
Content copied to clipboard

Constructors

Link copied to clipboard
fun ServiceArgs(domainConfigurationType: Output<String>? = null, domainName: Output<String>? = null, filteredSyncEnabled: Output<Boolean>? = null, initialReplicaSet: Output<ServiceInitialReplicaSetArgs>? = null, location: Output<String>? = null, name: Output<String>? = null, notifications: Output<ServiceNotificationsArgs>? = null, resourceGroupName: Output<String>? = null, secureLdap: Output<ServiceSecureLdapArgs>? = null, security: Output<ServiceSecurityArgs>? = null, sku: Output<String>? = null, tags: Output<Map<String, String>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): ServiceArgs

Properties

Link copied to clipboard
val domainConfigurationType: Output<String>? = null

The configuration type of this Active Directory Domain. Possible values are FullySynced and ResourceTrusting. Changing this forces a new resource to be created.

Link copied to clipboard
val domainName: Output<String>? = null

The Active Directory domain to use. See official documentation for constraints and recommendations. Changing this forces a new resource to be created.

Link copied to clipboard
val filteredSyncEnabled: Output<Boolean>? = null

Whether to enable group-based filtered sync (also called scoped synchronisation). Defaults to false.

Link copied to clipboard
val initialReplicaSet: Output<ServiceInitialReplicaSetArgs>? = null

An initial_replica_set block as defined below. The initial replica set inherits the same location as the Domain Service resource.

Link copied to clipboard
val location: Output<String>? = null

The Azure location where the Domain Service exists. Changing this forces a new resource to be created.

Link copied to clipboard
val name: Output<String>? = null

The display name for your managed Active Directory Domain Service resource. Changing this forces a new resource to be created.

Link copied to clipboard
val notifications: Output<ServiceNotificationsArgs>? = null

A notifications block as defined below.

Link copied to clipboard
val resourceGroupName: Output<String>? = null

The name of the Resource Group in which the Domain Service should exist. Changing this forces a new resource to be created.

Link copied to clipboard
val secureLdap: Output<ServiceSecureLdapArgs>? = null

A secure_ldap block as defined below.

Link copied to clipboard
val security: Output<ServiceSecurityArgs>? = null

A security block as defined below.

Link copied to clipboard
val sku: Output<String>? = null

The SKU to use when provisioning the Domain Service resource. One of Standard, Enterprise or Premium.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

A mapping of tags assigned to the resource.