az ad ds
Note
This reference is part of the ad extension for the Azure CLI (version 2.15.0 or higher). The extension will automatically install the first time you run an az ad ds command. Learn more about extensions.
This command group is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Manage domain service with azure active directory.
Commands
Name | Description | Type | Status |
---|---|---|---|
az ad ds create |
Create a new domain service with the specified parameters. |
Extension | Experimental |
az ad ds delete |
The Delete Domain Service operation deletes an existing Domain Service. |
Extension | Experimental |
az ad ds list |
List domain services in resource group or in subscription. |
Extension | Experimental |
az ad ds show |
Get the specified domain service. |
Extension | Experimental |
az ad ds update |
Update the existing deployment properties for domain service. |
Extension | Experimental |
az ad ds wait |
Place the CLI in a waiting state until a condition of the ad ds is met. |
Extension | Experimental |
az ad ds create
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Create a new domain service with the specified parameters.
az ad ds create --domain
--name
--replica-sets
--resource-group
[--domain-config-type {FullySynced, ResourceTrusting}]
[--external-access {Disabled, Enabled}]
[--filtered-sync {Disabled, Enabled}]
[--ldaps {Disabled, Enabled}]
[--no-wait]
[--notify-dc-admins {Disabled, Enabled}]
[--notify-global-admins {Disabled, Enabled}]
[--notify-others]
[--ntlm-v1 {Disabled, Enabled}]
[--pfx-cert]
[--pfx-cert-pwd]
[--resource-forest {Disabled, Enabled}]
[--settings]
[--sku {Enterprise, Premium, Standard}]
[--sync-kerberos-pwd {Disabled, Enabled}]
[--sync-ntlm-pwd {Disabled, Enabled}]
[--sync-on-prem-pwd {Disabled, Enabled}]
[--tags]
[--tls-v1 {Disabled, Enabled}]
Examples
Create Domain Service
az ad ds create --domain "TestDS.com" --replica-sets location="West US" subnet-id="<subnetId>" --name "TestDS.com" --resource-group "rg"
Create Domain Service with specified settings (Line breaks for legibility only)
az ad ds create --domain "TestDS.com" --replica-sets location="West US" subnet-id="<subnetId>" --name "TestDS.com" --resource-group "rg"
--ntlm-v1 "Enabled" --sync-ntlm-pwd "Enabled" --tls-v1 "Disabled" --filtered-sync "Enabled" --external-access "Enabled"
--ldaps "Enabled" --pfx-cert "cert or path to cert" --pfx-cert-pwd "<pfxCertificatePassword>"
--notify-others "a@gmail.com" "b@gmail.com" --notify-dc-admins "Enabled" --notify-global-admins "Enabled"
Required Parameters
The name of the Azure domain that the user would like to deploy Domain Services to.
The name of the domain service.
List of ReplicaSets.
Usage: --replica-sets location=XX subnet-id=XX
location: Virtual network location subnet-id: The id of the subnet that Domain Services will be deployed on.
Multiple actions can be specified by using more than one --replica-sets argument.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Domain Configuration Type.
A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled.
Enabled or Disabled flag to turn on Group-based filtered sync.
A flag to determine whether or not Secure LDAP is enabled or disabled.
Do not wait for the long-running operation to finish.
Should domain controller admins be notified.
Should global admins be notified.
The list of additional recipients.
A flag to determine whether or not NtlmV1 is enabled or disabled.
The certificate required to configure Secure LDAP. The parameter passed here should be the file path to the certificate pfx file or a base64encoded representation of the certificate pfx file.
The password to decrypt the provided Secure LDAP certificate pfx file.
Resource Forest.
List of settings for Resource Forest. This can be either a JSON-formatted string or the location to a file containing the JSON object.
The format of the settings JSON object for Resource Forest: [ { "trusted_domain_fqdn": "XX", "trust_direction": "XX", "friendly_name": "XX", "remote_dns_ips": "XX", "trust_password": "XX" }, ...n ].
Sku Type.
A flag to determine whether or not SyncKerberosPasswords is enabled or disabled.
A flag to determine whether or not SyncNtlmPasswords is enabled or disabled.
A flag to determine whether or not SyncOnPremPasswords is enabled or disabled.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
A flag to determine whether or not TlsV1 is enabled or disabled.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az ad ds delete
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
The Delete Domain Service operation deletes an existing Domain Service.
az ad ds delete [--ids]
[--name]
[--no-wait]
[--resource-group]
[--yes]
Examples
Delete Domain Service
az ad ds delete --name "TestDomainService.com" --resource-group "TestResourceGroup"
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the domain service.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az ad ds list
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
List domain services in resource group or in subscription.
az ad ds list [--resource-group]
Examples
List Domain Service By Group
az ad ds list --resource-group "TestResourceGroup"
List Domain Service By Sub
az ad ds list
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az ad ds show
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Get the specified domain service.
az ad ds show [--ids]
[--name]
[--resource-group]
Examples
Get Domain Service
az ad ds show --name "TestDomainService.com" --resource-group "TestResourceGroup"
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the domain service.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az ad ds update
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update the existing deployment properties for domain service.
az ad ds update [--domain-config-type {FullySynced, ResourceTrusting}]
[--external-access {Disabled, Enabled}]
[--filtered-sync {Disabled, Enabled}]
[--ids]
[--ldaps {Disabled, Enabled}]
[--name]
[--no-wait]
[--notify-dc-admins {Disabled, Enabled}]
[--notify-global-admins {Disabled, Enabled}]
[--notify-others]
[--ntlm-v1 {Disabled, Enabled}]
[--pfx-cert]
[--pfx-cert-pwd]
[--replica-sets]
[--resource-forest {Disabled, Enabled}]
[--resource-group]
[--settings]
[--sku {Enterprise, Premium, Standard}]
[--sync-kerberos-pwd {Disabled, Enabled}]
[--sync-ntlm-pwd {Disabled, Enabled}]
[--sync-on-prem-pwd {Disabled, Enabled}]
[--tags]
[--tls-v1 {Disabled, Enabled}]
Examples
Update sku
az ad ds update --name "TestDS.com" --resource-group "rg" --sku "Enterprise"
Update domain security settings
az ad ds update --name "TestDS.com" --resource-group "rg" --ntlm-v1 "Enabled" --tls-v1 "Disabled"
Update ldaps settings
az ad ds update --name "TestDS.com" --resource-group "rg" --external-access "Enabled" --ldaps "Enabled" --pfx-cert "MIIDPDCCAiSg..." --pfx-cert-pwd "<pfxCertificatePassword>"
Update notification settings
az ad ds update --name "TestDS.com" --resource-group "rg" --notify-dc-admins "Enabled" --notify-global-admins "Disabled"
Optional Parameters
Domain Configuration Type.
A flag to determine whether or not Secure LDAP access over the internet is enabled or disabled.
Enabled or Disabled flag to turn on Group-based filtered sync.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
A flag to determine whether or not Secure LDAP is enabled or disabled.
The name of the domain service.
Do not wait for the long-running operation to finish.
Should domain controller admins be notified.
Should global admins be notified.
The list of additional recipients.
A flag to determine whether or not NtlmV1 is enabled or disabled.
The certificate required to configure Secure LDAP. The parameter passed here should be the file path to the certificate pfx file or a base64encoded representation of the certificate pfx file.
The password to decrypt the provided Secure LDAP certificate pfx file.
List of ReplicaSets.
Usage: --replica-sets location=XX subnet-id=XX
location: Virtual network location subnet-id: The id of the subnet that Domain Services will be deployed on.
Multiple actions can be specified by using more than one --replica-sets argument.
Resource Forest.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
List of settings for Resource Forest. This can be either a JSON-formatted string or the location to a file containing the JSON object.
The format of the settings JSON object for Resource Forest: [ { "trusted_domain_fqdn": "XX", "trust_direction": "XX", "friendly_name": "XX", "remote_dns_ips": "XX", "trust_password": "XX" }, ...n ].
Sku Type.
A flag to determine whether or not SyncKerberosPasswords is enabled or disabled.
A flag to determine whether or not SyncNtlmPasswords is enabled or disabled.
A flag to determine whether or not SyncOnPremPasswords is enabled or disabled.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
A flag to determine whether or not TlsV1 is enabled or disabled.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.
az ad ds wait
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Place the CLI in a waiting state until a condition of the ad ds is met.
az ad ds wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--resource-group]
[--timeout]
[--updated]
Examples
Pause executing next line of CLI script until the ad ds is successfully created.
az ad ds wait --name "TestDomainService.com" --resource-group "TestResourceGroup" --created
Pause executing next line of CLI script until the ad ds is successfully updated.
az ad ds wait --name "TestDomainService.com" --resource-group "TestResourceGroup" --updated
Pause executing next line of CLI script until the ad ds is successfully deleted.
az ad ds wait --name "TestDomainService.com" --resource-group "TestResourceGroup" --deleted
Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
The name of the domain service.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID
.
Increase logging verbosity. Use --debug for full debug logs.