Partage via


az arcdata ad-connector

Note

This reference is part of the arcdata extension for the Azure CLI (version 2.3.1 or higher). The extension will automatically install the first time you run an az arcdata ad-connector command. Learn more about extensions.

Manage Active Directory authentication for Azure Arc data services.

Commands

Name Description Type Status
az arcdata ad-connector create

Create a new Active Directory connector.

Extension GA
az arcdata ad-connector delete

Delete an existing Active Directory connector.

Extension GA
az arcdata ad-connector list

List all Active Directory connectors.

Extension GA
az arcdata ad-connector show

Get the details of an existing Active Directory connector.

Extension GA
az arcdata ad-connector update

Update the settings of an existing Active Directory connector.

Extension GA

az arcdata ad-connector create

Create a new Active Directory connector.

az arcdata ad-connector create --account-provisioning
                               --name
                               --nameserver-addresses
                               --realm
                               [--data-controller-name]
                               [--dns-domain-name]
                               [--dns-replicas]
                               [--domain-service-account-secret]
                               [--k8s-namespace]
                               [--netbios-domain-name]
                               [--no-wait]
                               [--ou-distinguished-name]
                               [--prefer-k8s-dns]
                               [--primary-ad-dc-hostname]
                               [--resource-group]
                               [--secondary-ad-dc-hostnames]
                               [--use-k8s]

Examples

Ex 1 - Deploy a new Active Directory connector using the Kubernetes API.

az arcdata ad-connector create --name arcadc  --k8s-namespace arc  --realm CONTOSO.LOCAL  --account-provisioning manual --primary-ad-dc-hostname azdc01.contoso.local  --secondary-ad-dc-hostnames "azdc02.contoso.local, azdc03.contoso.local"  --netbios-domain-name CONTOSO  --dns-domain-name contoso.local  --nameserver-addresses 10.10.10.11,10.10.10.12,10.10.10.13  --dns-replicas 2  --prefer-k8s-dns false  --use-k8s

Ex 2 - Deploy a new Active Directory connector through Azure Resource Manager (ARM).

az arcdata ad-connector create  --name arcadc --resource-group rg-name --data-controller-name dc-name --realm CONTOSO.LOCAL  --account-provisioning manual --primary-ad-dc-hostname azdc01.contoso.local  --secondary-ad-dc-hostnames "azdc02.contoso.local, azdc03.contoso.local"  --netbios-domain-name CONTOSO  --dns-domain-name contoso.local  --nameserver-addresses 10.10.10.11,10.10.10.12,10.10.10.13  --dns-replicas 2  --prefer-k8s-dns false

Required Parameters

--account-provisioning

Value indicating whether service account provisioning for data services should be automatic or manual. Allowed values are: 'manual' or 'automatic'.

--name -n

The name of the Active Directory connector.

--nameserver-addresses

List of Active Directory DNS server IP addresses separated by ',' (e.g. 10.10.10.11,10.10.10.12,10.10.10.13).

--realm

The name of the Active Directory domain in uppercase (e.g CONTOSO.LOCAL).

Optional Parameters

--data-controller-name

The name of the Arc data controller associated with this Active Directory connector.

--dns-domain-name

The DNS domain name (e.g. contoso.com).

--dns-replicas

The number of copies for DNS proxy service.

Default value: 1
--domain-service-account-secret

The name of the Kubernetes secret containing the credentials for the pre-created Active Directory account with permissions to create and manage accounts in the given OU. Alternatively, setting the 'DOMAIN_SERVICE_ACCOUNT_USERNAME' and 'DOMAIN_SERVICE_ACCOUNT_PASSWORD' env variables will create this secret automatically.

--k8s-namespace -k

The Kubernetes namespace to deploy the Active Directory connector.

--netbios-domain-name

The NETBIOS name of the Active Directory domain (e.g. CONTOSO).

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--ou-distinguished-name

The distinguished name of the pre-created Organizational Unit (OU) in the Active Directory domain. (e.g. OU=arcou,DC=contoso,DC=com).

--prefer-k8s-dns

Use Kubernetes DNS Server responses over the Active Directory DNS server responses for IP address lookup. Allowed values are 'true' or 'false'.

Default value: true
--primary-ad-dc-hostname

The hostname of the primary AD domain controller.

--resource-group -g

The Azure resource group of the Arc data controller associated with this Active Directory connector.

--secondary-ad-dc-hostnames

List of the hostnames of the secondary Active Directory domain controller separated by ','(e.g. azdc02.contoso.local,azdc03.contoso.local).

--use-k8s

Use local Kubernetes APIs to perform this action.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az arcdata ad-connector delete

Delete an existing Active Directory connector.

az arcdata ad-connector delete --name
                               [--data-controller-name]
                               [--k8s-namespace]
                               [--no-wait]
                               [--resource-group]
                               [--use-k8s]

Examples

Ex 1 - Delete an existing Active Directory connector using the Kubernetes API.

az arcdata ad-connector delete --name arcadc --k8s-namespace arc  --use-k8s

Ex 2 - Delete an existing Active Directory connector through Azure Resource Manager (ARM).

az arcdata ad-connector delete --name arcadc --resource-group rg-name  --data-controller-name dc-name

Required Parameters

--name -n

The name of the Active Directory connector.

Optional Parameters

--data-controller-name

The name of the Arc data controller associated with this Active Directory connector.

--k8s-namespace -k

The Kubernetes namespace containing the Active Directory connector.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--resource-group -g

The Azure resource group of the Arc data controller associated with this Active Directory connector.

--use-k8s

Use local Kubernetes APIs to perform this action.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az arcdata ad-connector list

List all Active Directory connectors.

az arcdata ad-connector list [--data-controller-name]
                             [--k8s-namespace]
                             [--resource-group]
                             [--use-k8s]

Examples

Ex 1 - List all Active Directory connectors in a given Kubernetes namespace using the Kubernetes API.

az arcdata ad-connector list --k8s-namespace arc --use-k8s

Ex 2 - List all Active Directory connectors associated with a given Arc data controller by querying Azure Resource Manager (ARM).

az arcdata ad-connector list --resource-group rg-name --data-controller-name dc-name

Optional Parameters

--data-controller-name

The name of the Arc data controller associated with the Active Directory connectors.

--k8s-namespace -k

The Kubernetes namespace containing the Active Directory connectors.

--resource-group -g

The Azure resource group containing the Active Directory connectors.

--use-k8s

Use local Kubernetes APIs to perform this action.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az arcdata ad-connector show

Get the details of an existing Active Directory connector.

az arcdata ad-connector show --name
                             [--data-controller-name]
                             [--k8s-namespace]
                             [--resource-group]
                             [--use-k8s]

Examples

Ex 1 - Get an existing Active Directory connector using the Kubernetes API.

az arcdata ad-connector show --name arcadc --k8s-namespace arc --use-k8s

Ex 2 - Get an existing Active Directory connector by querying Azure Resource Manager (ARM).

az arcdata ad-connector show --name arcadc --resource-group rg-name --data-controller-name dc-name

Required Parameters

--name -n

The name of the Active Directory connector.

Optional Parameters

--data-controller-name

The name of the Arc data controller associated with this Active Directory connector.

--k8s-namespace -k

The Kubernetes namespace containing the Active Directory connector.

--resource-group -g

The Azure resource group of the Arc data controller associated with this Active Directory connector.

--use-k8s

Use local Kubernetes APIs to perform this action.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az arcdata ad-connector update

Update the settings of an existing Active Directory connector.

az arcdata ad-connector update --name
                               [--data-controller-name]
                               [--dns-replicas]
                               [--domain-service-account-secret]
                               [--k8s-namespace]
                               [--nameserver-addresses]
                               [--no-wait]
                               [--prefer-k8s-dns]
                               [--primary-ad-dc-hostname]
                               [--resource-group]
                               [--secondary-ad-dc-hostnames]
                               [--use-k8s]

Examples

Ex 1 - Update an existing Active Directory connector using the Kubernetes API.

az arcdata ad-connector update --name arcadc  --k8s-namespace arc  --primary-ad-dc-hostname azdc01.contoso.local --secondary-ad-dc-hostname "azdc02.contoso.local, azdc03.contoso.local"  --nameserver-addresses 10.10.10.11,10.10.10.12,10.10.10.13 --dns-replicas 2  --prefer-k8s-dns false  --use-k8s

Ex 2 - Update an existing Active Directory connector through Azure Resource Manager (ARM).

az arcdata ad-connector update --name arcadc --resource-group rg-name --data-controller-name dc-name --primary-ad-dc-hostname azdc01.contoso.local --secondary-ad-dc-hostname "azdc02.contoso.local, azdc03.contoso.local" --nameserver-addresses 10.10.10.11,10.10.10.12,10.10.10.13 --dns-replicas 2 --prefer-k8s-dns false

Required Parameters

--name -n

The name of the Active Directory connector.

Optional Parameters

--data-controller-name

The name of the Arc data controller associated with this Active Directory connector.

--dns-replicas

The number of copies for DNS proxy service.

--domain-service-account-secret

The name of the Kubernetes secret containing the credentials for the pre-created Active Directory account with permissions to create and manage accounts in the given OU.

--k8s-namespace -k

The Kubernetes namespace containing Active Directory connector.

--nameserver-addresses

List of Active Directory DNS server IP addresses separated by ',' (e.g. 10.10.10.11,10.10.10.12,10.10.10.13).

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--prefer-k8s-dns

Use Kubernetes DNS Server responses over the Active Directory DNS server responses for IP address lookup. Allowed values are 'true' or 'false'.

--primary-ad-dc-hostname

The hostname of the primary AD domain controller.

--resource-group -g

The Azure resource group of the Arc data controller associated with this Active Directory connector.

--secondary-ad-dc-hostnames

List of the hostnames of the secondary Active Directory domain controller separated by ','(e.g. azdc02.contoso.local,azdc03.contoso.local).

--use-k8s

Use local Kubernetes APIs to perform this action.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.