Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
com.pulumi.azure.domainservices.kotlin.ReplicaSet.kt Maven / Gradle / Ivy
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.azure.domainservices.kotlin
import com.pulumi.core.Output
import com.pulumi.kotlin.KotlinCustomResource
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.ResourceMapper
import com.pulumi.kotlin.options.CustomResourceOptions
import com.pulumi.kotlin.options.CustomResourceOptionsBuilder
import com.pulumi.resources.Resource
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
/**
* Builder for [ReplicaSet].
*/
@PulumiTagMarker
public class ReplicaSetResourceBuilder internal constructor() {
public var name: String? = null
public var args: ReplicaSetArgs = ReplicaSetArgs()
public var opts: CustomResourceOptions = CustomResourceOptions()
/**
* @param name The _unique_ name of the resulting resource.
*/
public fun name(`value`: String) {
this.name = value
}
/**
* @param block The arguments to use to populate this resource's properties.
*/
public suspend fun args(block: suspend ReplicaSetArgsBuilder.() -> Unit) {
val builder = ReplicaSetArgsBuilder()
block(builder)
this.args = builder.build()
}
/**
* @param block A bag of options that control this resource's behavior.
*/
public suspend fun opts(block: suspend CustomResourceOptionsBuilder.() -> Unit) {
this.opts = com.pulumi.kotlin.options.CustomResourceOptions.opts(block)
}
internal fun build(): ReplicaSet {
val builtJavaResource = com.pulumi.azure.domainservices.ReplicaSet(
this.name,
this.args.toJava(),
this.opts.toJava(),
)
return ReplicaSet(builtJavaResource)
}
}
/**
* Manages a Replica Set for an Active Directory Domain Service.
* ## Example Usage
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as azure from "@pulumi/azure";
* import * as azuread from "@pulumi/azuread";
* const primary = new azure.core.ResourceGroup("primary", {
* name: "aadds-primary-rg",
* location: "West Europe",
* });
* const primaryVirtualNetwork = new azure.network.VirtualNetwork("primary", {
* name: "aadds-primary-vnet",
* location: primary.location,
* resourceGroupName: primary.name,
* addressSpaces: ["10.0.1.0/16"],
* });
* const primarySubnet = new azure.network.Subnet("primary", {
* name: "aadds-primary-subnet",
* resourceGroupName: primary.name,
* virtualNetworkName: primaryVirtualNetwork.name,
* addressPrefixes: ["10.0.1.0/24"],
* });
* const primaryNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("primary", {
* name: "aadds-primary-nsg",
* location: primary.location,
* resourceGroupName: primary.name,
* securityRules: [
* {
* name: "AllowSyncWithAzureAD",
* priority: 101,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "443",
* sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
* destinationAddressPrefix: "*",
* },
* {
* name: "AllowRD",
* priority: 201,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "3389",
* sourceAddressPrefix: "CorpNetSaw",
* destinationAddressPrefix: "*",
* },
* {
* name: "AllowPSRemoting",
* priority: 301,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "5986",
* sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
* destinationAddressPrefix: "*",
* },
* {
* name: "AllowLDAPS",
* priority: 401,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "636",
* sourceAddressPrefix: "*",
* destinationAddressPrefix: "*",
* },
* ],
* });
* const primarySubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("primary", {
* subnetId: primarySubnet.id,
* networkSecurityGroupId: primaryNetworkSecurityGroup.id,
* });
* const dcAdmins = new azuread.Group("dc_admins", {
* displayName: "aad-dc-administrators",
* securityEnabled: true,
* });
* const admin = new azuread.User("admin", {
* userPrincipalName: "[email protected] ",
* displayName: "DC Administrator",
* password: "Pa55w0Rd!!1",
* });
* const adminGroupMember = new azuread.GroupMember("admin", {
* groupObjectId: dcAdmins.objectId,
* memberObjectId: admin.objectId,
* });
* const example = new azuread.ServicePrincipal("example", {applicationId: "2565bd9d-da50-47d4-8b85-4c97f669dc36"});
* const aadds = new azure.core.ResourceGroup("aadds", {
* name: "aadds-rg",
* location: "westeurope",
* });
* const exampleService = new azure.domainservices.Service("example", {
* name: "example-aadds",
* location: aadds.location,
* resourceGroupName: aadds.name,
* domainName: "widgetslogin.net",
* sku: "Enterprise",
* filteredSyncEnabled: false,
* initialReplicaSet: {
* location: primaryVirtualNetwork.location,
* subnetId: primarySubnet.id,
* },
* notifications: {
* additionalRecipients: [
* "[email protected] ",
* "[email protected] ",
* ],
* notifyDcAdmins: true,
* notifyGlobalAdmins: true,
* },
* security: {
* syncKerberosPasswords: true,
* syncNtlmPasswords: true,
* syncOnPremPasswords: true,
* },
* tags: {
* Environment: "prod",
* },
* }, {
* dependsOn: [
* example,
* primarySubnetNetworkSecurityGroupAssociation,
* ],
* });
* const replica = new azure.core.ResourceGroup("replica", {
* name: "aadds-replica-rg",
* location: "North Europe",
* });
* const replicaVirtualNetwork = new azure.network.VirtualNetwork("replica", {
* name: "aadds-replica-vnet",
* location: replica.location,
* resourceGroupName: replica.name,
* addressSpaces: ["10.20.0.0/16"],
* });
* const aaddsReplica = new azure.network.Subnet("aadds_replica", {
* name: "aadds-replica-subnet",
* resourceGroupName: replica.name,
* virtualNetworkName: replicaVirtualNetwork.name,
* addressPrefixes: ["10.20.0.0/24"],
* });
* const aaddsReplicaNetworkSecurityGroup = new azure.network.NetworkSecurityGroup("aadds_replica", {
* name: "aadds-replica-nsg",
* location: replica.location,
* resourceGroupName: replica.name,
* securityRules: [
* {
* name: "AllowSyncWithAzureAD",
* priority: 101,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "443",
* sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
* destinationAddressPrefix: "*",
* },
* {
* name: "AllowRD",
* priority: 201,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "3389",
* sourceAddressPrefix: "CorpNetSaw",
* destinationAddressPrefix: "*",
* },
* {
* name: "AllowPSRemoting",
* priority: 301,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "5986",
* sourceAddressPrefix: "AzureActiveDirectoryDomainServices",
* destinationAddressPrefix: "*",
* },
* {
* name: "AllowLDAPS",
* priority: 401,
* direction: "Inbound",
* access: "Allow",
* protocol: "Tcp",
* sourcePortRange: "*",
* destinationPortRange: "636",
* sourceAddressPrefix: "*",
* destinationAddressPrefix: "*",
* },
* ],
* });
* const replicaSubnetNetworkSecurityGroupAssociation = new azure.network.SubnetNetworkSecurityGroupAssociation("replica", {
* subnetId: aaddsReplica.id,
* networkSecurityGroupId: aaddsReplicaNetworkSecurityGroup.id,
* });
* const primaryReplica = new azure.network.VirtualNetworkPeering("primary_replica", {
* name: "aadds-primary-replica",
* resourceGroupName: primaryVirtualNetwork.resourceGroupName,
* virtualNetworkName: primaryVirtualNetwork.name,
* remoteVirtualNetworkId: replicaVirtualNetwork.id,
* allowForwardedTraffic: true,
* allowGatewayTransit: false,
* allowVirtualNetworkAccess: true,
* useRemoteGateways: false,
* });
* const replicaPrimary = new azure.network.VirtualNetworkPeering("replica_primary", {
* name: "aadds-replica-primary",
* resourceGroupName: replicaVirtualNetwork.resourceGroupName,
* virtualNetworkName: replicaVirtualNetwork.name,
* remoteVirtualNetworkId: primaryVirtualNetwork.id,
* allowForwardedTraffic: true,
* allowGatewayTransit: false,
* allowVirtualNetworkAccess: true,
* useRemoteGateways: false,
* });
* const replicaVirtualNetworkDnsServers = new azure.network.VirtualNetworkDnsServers("replica", {
* virtualNetworkId: replicaVirtualNetwork.id,
* dnsServers: exampleService.initialReplicaSet.apply(initialReplicaSet => initialReplicaSet.domainControllerIpAddresses),
* });
* const replicaReplicaSet = new azure.domainservices.ReplicaSet("replica", {
* domainServiceId: exampleService.id,
* location: replica.location,
* subnetId: aaddsReplica.id,
* }, {
* dependsOn: [
* replicaSubnetNetworkSecurityGroupAssociation,
* primaryReplica,
* replicaPrimary,
* ],
* });
* ```
* ```python
* import pulumi
* import pulumi_azure as azure
* import pulumi_azuread as azuread
* primary = azure.core.ResourceGroup("primary",
* name="aadds-primary-rg",
* location="West Europe")
* primary_virtual_network = azure.network.VirtualNetwork("primary",
* name="aadds-primary-vnet",
* location=primary.location,
* resource_group_name=primary.name,
* address_spaces=["10.0.1.0/16"])
* primary_subnet = azure.network.Subnet("primary",
* name="aadds-primary-subnet",
* resource_group_name=primary.name,
* virtual_network_name=primary_virtual_network.name,
* address_prefixes=["10.0.1.0/24"])
* primary_network_security_group = azure.network.NetworkSecurityGroup("primary",
* name="aadds-primary-nsg",
* location=primary.location,
* resource_group_name=primary.name,
* security_rules=[
* {
* "name": "AllowSyncWithAzureAD",
* "priority": 101,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "443",
* "source_address_prefix": "AzureActiveDirectoryDomainServices",
* "destination_address_prefix": "*",
* },
* {
* "name": "AllowRD",
* "priority": 201,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "3389",
* "source_address_prefix": "CorpNetSaw",
* "destination_address_prefix": "*",
* },
* {
* "name": "AllowPSRemoting",
* "priority": 301,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "5986",
* "source_address_prefix": "AzureActiveDirectoryDomainServices",
* "destination_address_prefix": "*",
* },
* {
* "name": "AllowLDAPS",
* "priority": 401,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "636",
* "source_address_prefix": "*",
* "destination_address_prefix": "*",
* },
* ])
* primary_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("primary",
* subnet_id=primary_subnet.id,
* network_security_group_id=primary_network_security_group.id)
* dc_admins = azuread.Group("dc_admins",
* display_name="aad-dc-administrators",
* security_enabled=True)
* admin = azuread.User("admin",
* user_principal_name="[email protected] ",
* display_name="DC Administrator",
* password="Pa55w0Rd!!1")
* admin_group_member = azuread.GroupMember("admin",
* group_object_id=dc_admins.object_id,
* member_object_id=admin.object_id)
* example = azuread.ServicePrincipal("example", application_id="2565bd9d-da50-47d4-8b85-4c97f669dc36")
* aadds = azure.core.ResourceGroup("aadds",
* name="aadds-rg",
* location="westeurope")
* example_service = azure.domainservices.Service("example",
* name="example-aadds",
* location=aadds.location,
* resource_group_name=aadds.name,
* domain_name="widgetslogin.net",
* sku="Enterprise",
* filtered_sync_enabled=False,
* initial_replica_set={
* "location": primary_virtual_network.location,
* "subnet_id": primary_subnet.id,
* },
* notifications={
* "additional_recipients": [
* "[email protected] ",
* "[email protected] ",
* ],
* "notify_dc_admins": True,
* "notify_global_admins": True,
* },
* security={
* "sync_kerberos_passwords": True,
* "sync_ntlm_passwords": True,
* "sync_on_prem_passwords": True,
* },
* tags={
* "Environment": "prod",
* },
* opts = pulumi.ResourceOptions(depends_on=[
* example,
* primary_subnet_network_security_group_association,
* ]))
* replica = azure.core.ResourceGroup("replica",
* name="aadds-replica-rg",
* location="North Europe")
* replica_virtual_network = azure.network.VirtualNetwork("replica",
* name="aadds-replica-vnet",
* location=replica.location,
* resource_group_name=replica.name,
* address_spaces=["10.20.0.0/16"])
* aadds_replica = azure.network.Subnet("aadds_replica",
* name="aadds-replica-subnet",
* resource_group_name=replica.name,
* virtual_network_name=replica_virtual_network.name,
* address_prefixes=["10.20.0.0/24"])
* aadds_replica_network_security_group = azure.network.NetworkSecurityGroup("aadds_replica",
* name="aadds-replica-nsg",
* location=replica.location,
* resource_group_name=replica.name,
* security_rules=[
* {
* "name": "AllowSyncWithAzureAD",
* "priority": 101,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "443",
* "source_address_prefix": "AzureActiveDirectoryDomainServices",
* "destination_address_prefix": "*",
* },
* {
* "name": "AllowRD",
* "priority": 201,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "3389",
* "source_address_prefix": "CorpNetSaw",
* "destination_address_prefix": "*",
* },
* {
* "name": "AllowPSRemoting",
* "priority": 301,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "5986",
* "source_address_prefix": "AzureActiveDirectoryDomainServices",
* "destination_address_prefix": "*",
* },
* {
* "name": "AllowLDAPS",
* "priority": 401,
* "direction": "Inbound",
* "access": "Allow",
* "protocol": "Tcp",
* "source_port_range": "*",
* "destination_port_range": "636",
* "source_address_prefix": "*",
* "destination_address_prefix": "*",
* },
* ])
* replica_subnet_network_security_group_association = azure.network.SubnetNetworkSecurityGroupAssociation("replica",
* subnet_id=aadds_replica.id,
* network_security_group_id=aadds_replica_network_security_group.id)
* primary_replica = azure.network.VirtualNetworkPeering("primary_replica",
* name="aadds-primary-replica",
* resource_group_name=primary_virtual_network.resource_group_name,
* virtual_network_name=primary_virtual_network.name,
* remote_virtual_network_id=replica_virtual_network.id,
* allow_forwarded_traffic=True,
* allow_gateway_transit=False,
* allow_virtual_network_access=True,
* use_remote_gateways=False)
* replica_primary = azure.network.VirtualNetworkPeering("replica_primary",
* name="aadds-replica-primary",
* resource_group_name=replica_virtual_network.resource_group_name,
* virtual_network_name=replica_virtual_network.name,
* remote_virtual_network_id=primary_virtual_network.id,
* allow_forwarded_traffic=True,
* allow_gateway_transit=False,
* allow_virtual_network_access=True,
* use_remote_gateways=False)
* replica_virtual_network_dns_servers = azure.network.VirtualNetworkDnsServers("replica",
* virtual_network_id=replica_virtual_network.id,
* dns_servers=example_service.initial_replica_set.domain_controller_ip_addresses)
* replica_replica_set = azure.domainservices.ReplicaSet("replica",
* domain_service_id=example_service.id,
* location=replica.location,
* subnet_id=aadds_replica.id,
* opts = pulumi.ResourceOptions(depends_on=[
* replica_subnet_network_security_group_association,
* primary_replica,
* replica_primary,
* ]))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Azure = Pulumi.Azure;
* using AzureAD = Pulumi.AzureAD;
* return await Deployment.RunAsync(() =>
* {
* var primary = new Azure.Core.ResourceGroup("primary", new()
* {
* Name = "aadds-primary-rg",
* Location = "West Europe",
* });
* var primaryVirtualNetwork = new Azure.Network.VirtualNetwork("primary", new()
* {
* Name = "aadds-primary-vnet",
* Location = primary.Location,
* ResourceGroupName = primary.Name,
* AddressSpaces = new[]
* {
* "10.0.1.0/16",
* },
* });
* var primarySubnet = new Azure.Network.Subnet("primary", new()
* {
* Name = "aadds-primary-subnet",
* ResourceGroupName = primary.Name,
* VirtualNetworkName = primaryVirtualNetwork.Name,
* AddressPrefixes = new[]
* {
* "10.0.1.0/24",
* },
* });
* var primaryNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("primary", new()
* {
* Name = "aadds-primary-nsg",
* Location = primary.Location,
* ResourceGroupName = primary.Name,
* SecurityRules = new[]
* {
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowSyncWithAzureAD",
* Priority = 101,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "443",
* SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
* DestinationAddressPrefix = "*",
* },
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowRD",
* Priority = 201,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "3389",
* SourceAddressPrefix = "CorpNetSaw",
* DestinationAddressPrefix = "*",
* },
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowPSRemoting",
* Priority = 301,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "5986",
* SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
* DestinationAddressPrefix = "*",
* },
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowLDAPS",
* Priority = 401,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "636",
* SourceAddressPrefix = "*",
* DestinationAddressPrefix = "*",
* },
* },
* });
* var primarySubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("primary", new()
* {
* SubnetId = primarySubnet.Id,
* NetworkSecurityGroupId = primaryNetworkSecurityGroup.Id,
* });
* var dcAdmins = new AzureAD.Group("dc_admins", new()
* {
* DisplayName = "aad-dc-administrators",
* SecurityEnabled = true,
* });
* var admin = new AzureAD.User("admin", new()
* {
* UserPrincipalName = "[email protected] ",
* DisplayName = "DC Administrator",
* Password = "Pa55w0Rd!!1",
* });
* var adminGroupMember = new AzureAD.GroupMember("admin", new()
* {
* GroupObjectId = dcAdmins.ObjectId,
* MemberObjectId = admin.ObjectId,
* });
* var example = new AzureAD.ServicePrincipal("example", new()
* {
* ApplicationId = "2565bd9d-da50-47d4-8b85-4c97f669dc36",
* });
* var aadds = new Azure.Core.ResourceGroup("aadds", new()
* {
* Name = "aadds-rg",
* Location = "westeurope",
* });
* var exampleService = new Azure.DomainServices.Service("example", new()
* {
* Name = "example-aadds",
* Location = aadds.Location,
* ResourceGroupName = aadds.Name,
* DomainName = "widgetslogin.net",
* Sku = "Enterprise",
* FilteredSyncEnabled = false,
* InitialReplicaSet = new Azure.DomainServices.Inputs.ServiceInitialReplicaSetArgs
* {
* Location = primaryVirtualNetwork.Location,
* SubnetId = primarySubnet.Id,
* },
* Notifications = new Azure.DomainServices.Inputs.ServiceNotificationsArgs
* {
* AdditionalRecipients = new[]
* {
* "[email protected] ",
* "[email protected] ",
* },
* NotifyDcAdmins = true,
* NotifyGlobalAdmins = true,
* },
* Security = new Azure.DomainServices.Inputs.ServiceSecurityArgs
* {
* SyncKerberosPasswords = true,
* SyncNtlmPasswords = true,
* SyncOnPremPasswords = true,
* },
* Tags =
* {
* { "Environment", "prod" },
* },
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* example,
* primarySubnetNetworkSecurityGroupAssociation,
* },
* });
* var replica = new Azure.Core.ResourceGroup("replica", new()
* {
* Name = "aadds-replica-rg",
* Location = "North Europe",
* });
* var replicaVirtualNetwork = new Azure.Network.VirtualNetwork("replica", new()
* {
* Name = "aadds-replica-vnet",
* Location = replica.Location,
* ResourceGroupName = replica.Name,
* AddressSpaces = new[]
* {
* "10.20.0.0/16",
* },
* });
* var aaddsReplica = new Azure.Network.Subnet("aadds_replica", new()
* {
* Name = "aadds-replica-subnet",
* ResourceGroupName = replica.Name,
* VirtualNetworkName = replicaVirtualNetwork.Name,
* AddressPrefixes = new[]
* {
* "10.20.0.0/24",
* },
* });
* var aaddsReplicaNetworkSecurityGroup = new Azure.Network.NetworkSecurityGroup("aadds_replica", new()
* {
* Name = "aadds-replica-nsg",
* Location = replica.Location,
* ResourceGroupName = replica.Name,
* SecurityRules = new[]
* {
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowSyncWithAzureAD",
* Priority = 101,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "443",
* SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
* DestinationAddressPrefix = "*",
* },
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowRD",
* Priority = 201,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "3389",
* SourceAddressPrefix = "CorpNetSaw",
* DestinationAddressPrefix = "*",
* },
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowPSRemoting",
* Priority = 301,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "5986",
* SourceAddressPrefix = "AzureActiveDirectoryDomainServices",
* DestinationAddressPrefix = "*",
* },
* new Azure.Network.Inputs.NetworkSecurityGroupSecurityRuleArgs
* {
* Name = "AllowLDAPS",
* Priority = 401,
* Direction = "Inbound",
* Access = "Allow",
* Protocol = "Tcp",
* SourcePortRange = "*",
* DestinationPortRange = "636",
* SourceAddressPrefix = "*",
* DestinationAddressPrefix = "*",
* },
* },
* });
* var replicaSubnetNetworkSecurityGroupAssociation = new Azure.Network.SubnetNetworkSecurityGroupAssociation("replica", new()
* {
* SubnetId = aaddsReplica.Id,
* NetworkSecurityGroupId = aaddsReplicaNetworkSecurityGroup.Id,
* });
* var primaryReplica = new Azure.Network.VirtualNetworkPeering("primary_replica", new()
* {
* Name = "aadds-primary-replica",
* ResourceGroupName = primaryVirtualNetwork.ResourceGroupName,
* VirtualNetworkName = primaryVirtualNetwork.Name,
* RemoteVirtualNetworkId = replicaVirtualNetwork.Id,
* AllowForwardedTraffic = true,
* AllowGatewayTransit = false,
* AllowVirtualNetworkAccess = true,
* UseRemoteGateways = false,
* });
* var replicaPrimary = new Azure.Network.VirtualNetworkPeering("replica_primary", new()
* {
* Name = "aadds-replica-primary",
* ResourceGroupName = replicaVirtualNetwork.ResourceGroupName,
* VirtualNetworkName = replicaVirtualNetwork.Name,
* RemoteVirtualNetworkId = primaryVirtualNetwork.Id,
* AllowForwardedTraffic = true,
* AllowGatewayTransit = false,
* AllowVirtualNetworkAccess = true,
* UseRemoteGateways = false,
* });
* var replicaVirtualNetworkDnsServers = new Azure.Network.VirtualNetworkDnsServers("replica", new()
* {
* VirtualNetworkId = replicaVirtualNetwork.Id,
* DnsServers = exampleService.InitialReplicaSet.Apply(initialReplicaSet => initialReplicaSet.DomainControllerIpAddresses),
* });
* var replicaReplicaSet = new Azure.DomainServices.ReplicaSet("replica", new()
* {
* DomainServiceId = exampleService.Id,
* Location = replica.Location,
* SubnetId = aaddsReplica.Id,
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* replicaSubnetNetworkSecurityGroupAssociation,
* primaryReplica,
* replicaPrimary,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/domainservices"
* "github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
* "github.com/pulumi/pulumi-azuread/sdk/v5/go/azuread"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* primary, err := core.NewResourceGroup(ctx, "primary", &core.ResourceGroupArgs{
* Name: pulumi.String("aadds-primary-rg"),
* Location: pulumi.String("West Europe"),
* })
* if err != nil {
* return err
* }
* primaryVirtualNetwork, err := network.NewVirtualNetwork(ctx, "primary", &network.VirtualNetworkArgs{
* Name: pulumi.String("aadds-primary-vnet"),
* Location: primary.Location,
* ResourceGroupName: primary.Name,
* AddressSpaces: pulumi.StringArray{
* pulumi.String("10.0.1.0/16"),
* },
* })
* if err != nil {
* return err
* }
* primarySubnet, err := network.NewSubnet(ctx, "primary", &network.SubnetArgs{
* Name: pulumi.String("aadds-primary-subnet"),
* ResourceGroupName: primary.Name,
* VirtualNetworkName: primaryVirtualNetwork.Name,
* AddressPrefixes: pulumi.StringArray{
* pulumi.String("10.0.1.0/24"),
* },
* })
* if err != nil {
* return err
* }
* primaryNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "primary", &network.NetworkSecurityGroupArgs{
* Name: pulumi.String("aadds-primary-nsg"),
* Location: primary.Location,
* ResourceGroupName: primary.Name,
* SecurityRules: network.NetworkSecurityGroupSecurityRuleArray{
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowSyncWithAzureAD"),
* Priority: pulumi.Int(101),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("443"),
* SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowRD"),
* Priority: pulumi.Int(201),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("3389"),
* SourceAddressPrefix: pulumi.String("CorpNetSaw"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowPSRemoting"),
* Priority: pulumi.Int(301),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("5986"),
* SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowLDAPS"),
* Priority: pulumi.Int(401),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("636"),
* SourceAddressPrefix: pulumi.String("*"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* },
* })
* if err != nil {
* return err
* }
* primarySubnetNetworkSecurityGroupAssociation, err := network.NewSubnetNetworkSecurityGroupAssociation(ctx, "primary", &network.SubnetNetworkSecurityGroupAssociationArgs{
* SubnetId: primarySubnet.ID(),
* NetworkSecurityGroupId: primaryNetworkSecurityGroup.ID(),
* })
* if err != nil {
* return err
* }
* dcAdmins, err := azuread.NewGroup(ctx, "dc_admins", &azuread.GroupArgs{
* DisplayName: pulumi.String("aad-dc-administrators"),
* SecurityEnabled: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* admin, err := azuread.NewUser(ctx, "admin", &azuread.UserArgs{
* UserPrincipalName: pulumi.String("[email protected] "),
* DisplayName: pulumi.String("DC Administrator"),
* Password: pulumi.String("Pa55w0Rd!!1"),
* })
* if err != nil {
* return err
* }
* _, err = azuread.NewGroupMember(ctx, "admin", &azuread.GroupMemberArgs{
* GroupObjectId: dcAdmins.ObjectId,
* MemberObjectId: admin.ObjectId,
* })
* if err != nil {
* return err
* }
* example, err := azuread.NewServicePrincipal(ctx, "example", &azuread.ServicePrincipalArgs{
* ApplicationId: pulumi.String("2565bd9d-da50-47d4-8b85-4c97f669dc36"),
* })
* if err != nil {
* return err
* }
* aadds, err := core.NewResourceGroup(ctx, "aadds", &core.ResourceGroupArgs{
* Name: pulumi.String("aadds-rg"),
* Location: pulumi.String("westeurope"),
* })
* if err != nil {
* return err
* }
* exampleService, err := domainservices.NewService(ctx, "example", &domainservices.ServiceArgs{
* Name: pulumi.String("example-aadds"),
* Location: aadds.Location,
* ResourceGroupName: aadds.Name,
* DomainName: pulumi.String("widgetslogin.net"),
* Sku: pulumi.String("Enterprise"),
* FilteredSyncEnabled: pulumi.Bool(false),
* InitialReplicaSet: &domainservices.ServiceInitialReplicaSetArgs{
* Location: primaryVirtualNetwork.Location,
* SubnetId: primarySubnet.ID(),
* },
* Notifications: &domainservices.ServiceNotificationsArgs{
* AdditionalRecipients: pulumi.StringArray{
* pulumi.String("[email protected] "),
* pulumi.String("[email protected] "),
* },
* NotifyDcAdmins: pulumi.Bool(true),
* NotifyGlobalAdmins: pulumi.Bool(true),
* },
* Security: &domainservices.ServiceSecurityArgs{
* SyncKerberosPasswords: pulumi.Bool(true),
* SyncNtlmPasswords: pulumi.Bool(true),
* SyncOnPremPasswords: pulumi.Bool(true),
* },
* Tags: pulumi.StringMap{
* "Environment": pulumi.String("prod"),
* },
* }, pulumi.DependsOn([]pulumi.Resource{
* example,
* primarySubnetNetworkSecurityGroupAssociation,
* }))
* if err != nil {
* return err
* }
* replica, err := core.NewResourceGroup(ctx, "replica", &core.ResourceGroupArgs{
* Name: pulumi.String("aadds-replica-rg"),
* Location: pulumi.String("North Europe"),
* })
* if err != nil {
* return err
* }
* replicaVirtualNetwork, err := network.NewVirtualNetwork(ctx, "replica", &network.VirtualNetworkArgs{
* Name: pulumi.String("aadds-replica-vnet"),
* Location: replica.Location,
* ResourceGroupName: replica.Name,
* AddressSpaces: pulumi.StringArray{
* pulumi.String("10.20.0.0/16"),
* },
* })
* if err != nil {
* return err
* }
* aaddsReplica, err := network.NewSubnet(ctx, "aadds_replica", &network.SubnetArgs{
* Name: pulumi.String("aadds-replica-subnet"),
* ResourceGroupName: replica.Name,
* VirtualNetworkName: replicaVirtualNetwork.Name,
* AddressPrefixes: pulumi.StringArray{
* pulumi.String("10.20.0.0/24"),
* },
* })
* if err != nil {
* return err
* }
* aaddsReplicaNetworkSecurityGroup, err := network.NewNetworkSecurityGroup(ctx, "aadds_replica", &network.NetworkSecurityGroupArgs{
* Name: pulumi.String("aadds-replica-nsg"),
* Location: replica.Location,
* ResourceGroupName: replica.Name,
* SecurityRules: network.NetworkSecurityGroupSecurityRuleArray{
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowSyncWithAzureAD"),
* Priority: pulumi.Int(101),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("443"),
* SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowRD"),
* Priority: pulumi.Int(201),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("3389"),
* SourceAddressPrefix: pulumi.String("CorpNetSaw"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowPSRemoting"),
* Priority: pulumi.Int(301),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("5986"),
* SourceAddressPrefix: pulumi.String("AzureActiveDirectoryDomainServices"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* &network.NetworkSecurityGroupSecurityRuleArgs{
* Name: pulumi.String("AllowLDAPS"),
* Priority: pulumi.Int(401),
* Direction: pulumi.String("Inbound"),
* Access: pulumi.String("Allow"),
* Protocol: pulumi.String("Tcp"),
* SourcePortRange: pulumi.String("*"),
* DestinationPortRange: pulumi.String("636"),
* SourceAddressPrefix: pulumi.String("*"),
* DestinationAddressPrefix: pulumi.String("*"),
* },
* },
* })
* if err != nil {
* return err
* }
* replicaSubnetNetworkSecurityGroupAssociation, err := network.NewSubnetNetworkSecurityGroupAssociation(ctx, "replica", &network.SubnetNetworkSecurityGroupAssociationArgs{
* SubnetId: aaddsReplica.ID(),
* NetworkSecurityGroupId: aaddsReplicaNetworkSecurityGroup.ID(),
* })
* if err != nil {
* return err
* }
* primaryReplica, err := network.NewVirtualNetworkPeering(ctx, "primary_replica", &network.VirtualNetworkPeeringArgs{
* Name: pulumi.String("aadds-primary-replica"),
* ResourceGroupName: primaryVirtualNetwork.ResourceGroupName,
* VirtualNetworkName: primaryVirtualNetwork.Name,
* RemoteVirtualNetworkId: replicaVirtualNetwork.ID(),
* AllowForwardedTraffic: pulumi.Bool(true),
* AllowGatewayTransit: pulumi.Bool(false),
* AllowVirtualNetworkAccess: pulumi.Bool(true),
* UseRemoteGateways: pulumi.Bool(false),
* })
* if err != nil {
* return err
* }
* replicaPrimary, err := network.NewVirtualNetworkPeering(ctx, "replica_primary", &network.VirtualNetworkPeeringArgs{
* Name: pulumi.String("aadds-replica-primary"),
* ResourceGroupName: replicaVirtualNetwork.ResourceGroupName,
* VirtualNetworkName: replicaVirtualNetwork.Name,
* RemoteVirtualNetworkId: primaryVirtualNetwork.ID(),
* AllowForwardedTraffic: pulumi.Bool(true),
* AllowGatewayTransit: pulumi.Bool(false),
* AllowVirtualNetworkAccess: pulumi.Bool(true),
* UseRemoteGateways: pulumi.Bool(false),
* })
* if err != nil {
* return err
* }
* _, err = network.NewVirtualNetworkDnsServers(ctx, "replica", &network.VirtualNetworkDnsServersArgs{
* VirtualNetworkId: replicaVirtualNetwork.ID(),
* DnsServers: pulumi.StringArray(exampleService.InitialReplicaSet.ApplyT(func(initialReplicaSet domainservices.ServiceInitialReplicaSet) (interface{}, error) {
* return initialReplicaSet.DomainControllerIpAddresses, nil
* }).(pulumi.Interface{}Output)),
* })
* if err != nil {
* return err
* }
* _, err = domainservices.NewReplicaSet(ctx, "replica", &domainservices.ReplicaSetArgs{
* DomainServiceId: exampleService.ID(),
* Location: replica.Location,
* SubnetId: aaddsReplica.ID(),
* }, pulumi.DependsOn([]pulumi.Resource{
* replicaSubnetNetworkSecurityGroupAssociation,
* primaryReplica,
* replicaPrimary,
* }))
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.azure.core.ResourceGroup;
* import com.pulumi.azure.core.ResourceGroupArgs;
* import com.pulumi.azure.network.VirtualNetwork;
* import com.pulumi.azure.network.VirtualNetworkArgs;
* import com.pulumi.azure.network.Subnet;
* import com.pulumi.azure.network.SubnetArgs;
* import com.pulumi.azure.network.NetworkSecurityGroup;
* import com.pulumi.azure.network.NetworkSecurityGroupArgs;
* import com.pulumi.azure.network.inputs.NetworkSecurityGroupSecurityRuleArgs;
* import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociation;
* import com.pulumi.azure.network.SubnetNetworkSecurityGroupAssociationArgs;
* import com.pulumi.azuread.Group;
* import com.pulumi.azuread.GroupArgs;
* import com.pulumi.azuread.User;
* import com.pulumi.azuread.UserArgs;
* import com.pulumi.azuread.GroupMember;
* import com.pulumi.azuread.GroupMemberArgs;
* import com.pulumi.azuread.ServicePrincipal;
* import com.pulumi.azuread.ServicePrincipalArgs;
* import com.pulumi.azure.domainservices.Service;
* import com.pulumi.azure.domainservices.ServiceArgs;
* import com.pulumi.azure.domainservices.inputs.ServiceInitialReplicaSetArgs;
* import com.pulumi.azure.domainservices.inputs.ServiceNotificationsArgs;
* import com.pulumi.azure.domainservices.inputs.ServiceSecurityArgs;
* import com.pulumi.azure.network.VirtualNetworkPeering;
* import com.pulumi.azure.network.VirtualNetworkPeeringArgs;
* import com.pulumi.azure.network.VirtualNetworkDnsServers;
* import com.pulumi.azure.network.VirtualNetworkDnsServersArgs;
* import com.pulumi.azure.domainservices.ReplicaSet;
* import com.pulumi.azure.domainservices.ReplicaSetArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var primary = new ResourceGroup("primary", ResourceGroupArgs.builder()
* .name("aadds-primary-rg")
* .location("West Europe")
* .build());
* var primaryVirtualNetwork = new VirtualNetwork("primaryVirtualNetwork", VirtualNetworkArgs.builder()
* .name("aadds-primary-vnet")
* .location(primary.location())
* .resourceGroupName(primary.name())
* .addressSpaces("10.0.1.0/16")
* .build());
* var primarySubnet = new Subnet("primarySubnet", SubnetArgs.builder()
* .name("aadds-primary-subnet")
* .resourceGroupName(primary.name())
* .virtualNetworkName(primaryVirtualNetwork.name())
* .addressPrefixes("10.0.1.0/24")
* .build());
* var primaryNetworkSecurityGroup = new NetworkSecurityGroup("primaryNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
* .name("aadds-primary-nsg")
* .location(primary.location())
* .resourceGroupName(primary.name())
* .securityRules(
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowSyncWithAzureAD")
* .priority(101)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("443")
* .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
* .destinationAddressPrefix("*")
* .build(),
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowRD")
* .priority(201)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("3389")
* .sourceAddressPrefix("CorpNetSaw")
* .destinationAddressPrefix("*")
* .build(),
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowPSRemoting")
* .priority(301)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("5986")
* .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
* .destinationAddressPrefix("*")
* .build(),
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowLDAPS")
* .priority(401)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("636")
* .sourceAddressPrefix("*")
* .destinationAddressPrefix("*")
* .build())
* .build());
* var primarySubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("primarySubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()
* .subnetId(primarySubnet.id())
* .networkSecurityGroupId(primaryNetworkSecurityGroup.id())
* .build());
* var dcAdmins = new Group("dcAdmins", GroupArgs.builder()
* .displayName("aad-dc-administrators")
* .securityEnabled(true)
* .build());
* var admin = new User("admin", UserArgs.builder()
* .userPrincipalName("[email protected] ")
* .displayName("DC Administrator")
* .password("Pa55w0Rd!!1")
* .build());
* var adminGroupMember = new GroupMember("adminGroupMember", GroupMemberArgs.builder()
* .groupObjectId(dcAdmins.objectId())
* .memberObjectId(admin.objectId())
* .build());
* var example = new ServicePrincipal("example", ServicePrincipalArgs.builder()
* .applicationId("2565bd9d-da50-47d4-8b85-4c97f669dc36")
* .build());
* var aadds = new ResourceGroup("aadds", ResourceGroupArgs.builder()
* .name("aadds-rg")
* .location("westeurope")
* .build());
* var exampleService = new Service("exampleService", ServiceArgs.builder()
* .name("example-aadds")
* .location(aadds.location())
* .resourceGroupName(aadds.name())
* .domainName("widgetslogin.net")
* .sku("Enterprise")
* .filteredSyncEnabled(false)
* .initialReplicaSet(ServiceInitialReplicaSetArgs.builder()
* .location(primaryVirtualNetwork.location())
* .subnetId(primarySubnet.id())
* .build())
* .notifications(ServiceNotificationsArgs.builder()
* .additionalRecipients(
* "[email protected] ",
* "[email protected] ")
* .notifyDcAdmins(true)
* .notifyGlobalAdmins(true)
* .build())
* .security(ServiceSecurityArgs.builder()
* .syncKerberosPasswords(true)
* .syncNtlmPasswords(true)
* .syncOnPremPasswords(true)
* .build())
* .tags(Map.of("Environment", "prod"))
* .build(), CustomResourceOptions.builder()
* .dependsOn(
* example,
* primarySubnetNetworkSecurityGroupAssociation)
* .build());
* var replica = new ResourceGroup("replica", ResourceGroupArgs.builder()
* .name("aadds-replica-rg")
* .location("North Europe")
* .build());
* var replicaVirtualNetwork = new VirtualNetwork("replicaVirtualNetwork", VirtualNetworkArgs.builder()
* .name("aadds-replica-vnet")
* .location(replica.location())
* .resourceGroupName(replica.name())
* .addressSpaces("10.20.0.0/16")
* .build());
* var aaddsReplica = new Subnet("aaddsReplica", SubnetArgs.builder()
* .name("aadds-replica-subnet")
* .resourceGroupName(replica.name())
* .virtualNetworkName(replicaVirtualNetwork.name())
* .addressPrefixes("10.20.0.0/24")
* .build());
* var aaddsReplicaNetworkSecurityGroup = new NetworkSecurityGroup("aaddsReplicaNetworkSecurityGroup", NetworkSecurityGroupArgs.builder()
* .name("aadds-replica-nsg")
* .location(replica.location())
* .resourceGroupName(replica.name())
* .securityRules(
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowSyncWithAzureAD")
* .priority(101)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("443")
* .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
* .destinationAddressPrefix("*")
* .build(),
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowRD")
* .priority(201)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("3389")
* .sourceAddressPrefix("CorpNetSaw")
* .destinationAddressPrefix("*")
* .build(),
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowPSRemoting")
* .priority(301)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("5986")
* .sourceAddressPrefix("AzureActiveDirectoryDomainServices")
* .destinationAddressPrefix("*")
* .build(),
* NetworkSecurityGroupSecurityRuleArgs.builder()
* .name("AllowLDAPS")
* .priority(401)
* .direction("Inbound")
* .access("Allow")
* .protocol("Tcp")
* .sourcePortRange("*")
* .destinationPortRange("636")
* .sourceAddressPrefix("*")
* .destinationAddressPrefix("*")
* .build())
* .build());
* var replicaSubnetNetworkSecurityGroupAssociation = new SubnetNetworkSecurityGroupAssociation("replicaSubnetNetworkSecurityGroupAssociation", SubnetNetworkSecurityGroupAssociationArgs.builder()
* .subnetId(aaddsReplica.id())
* .networkSecurityGroupId(aaddsReplicaNetworkSecurityGroup.id())
* .build());
* var primaryReplica = new VirtualNetworkPeering("primaryReplica", VirtualNetworkPeeringArgs.builder()
* .name("aadds-primary-replica")
* .resourceGroupName(primaryVirtualNetwork.resourceGroupName())
* .virtualNetworkName(primaryVirtualNetwork.name())
* .remoteVirtualNetworkId(replicaVirtualNetwork.id())
* .allowForwardedTraffic(true)
* .allowGatewayTransit(false)
* .allowVirtualNetworkAccess(true)
* .useRemoteGateways(false)
* .build());
* var replicaPrimary = new VirtualNetworkPeering("replicaPrimary", VirtualNetworkPeeringArgs.builder()
* .name("aadds-replica-primary")
* .resourceGroupName(replicaVirtualNetwork.resourceGroupName())
* .virtualNetworkName(replicaVirtualNetwork.name())
* .remoteVirtualNetworkId(primaryVirtualNetwork.id())
* .allowForwardedTraffic(true)
* .allowGatewayTransit(false)
* .allowVirtualNetworkAccess(true)
* .useRemoteGateways(false)
* .build());
* var replicaVirtualNetworkDnsServers = new VirtualNetworkDnsServers("replicaVirtualNetworkDnsServers", VirtualNetworkDnsServersArgs.builder()
* .virtualNetworkId(replicaVirtualNetwork.id())
* .dnsServers(exampleService.initialReplicaSet().applyValue(initialReplicaSet -> initialReplicaSet.domainControllerIpAddresses()))
* .build());
* var replicaReplicaSet = new ReplicaSet("replicaReplicaSet", ReplicaSetArgs.builder()
* .domainServiceId(exampleService.id())
* .location(replica.location())
* .subnetId(aaddsReplica.id())
* .build(), CustomResourceOptions.builder()
* .dependsOn(
* replicaSubnetNetworkSecurityGroupAssociation,
* primaryReplica,
* replicaPrimary)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* primary:
* type: azure:core:ResourceGroup
* properties:
* name: aadds-primary-rg
* location: West Europe
* primaryVirtualNetwork:
* type: azure:network:VirtualNetwork
* name: primary
* properties:
* name: aadds-primary-vnet
* location: ${primary.location}
* resourceGroupName: ${primary.name}
* addressSpaces:
* - 10.0.1.0/16
* primarySubnet:
* type: azure:network:Subnet
* name: primary
* properties:
* name: aadds-primary-subnet
* resourceGroupName: ${primary.name}
* virtualNetworkName: ${primaryVirtualNetwork.name}
* addressPrefixes:
* - 10.0.1.0/24
* primaryNetworkSecurityGroup:
* type: azure:network:NetworkSecurityGroup
* name: primary
* properties:
* name: aadds-primary-nsg
* location: ${primary.location}
* resourceGroupName: ${primary.name}
* securityRules:
* - name: AllowSyncWithAzureAD
* priority: 101
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '443'
* sourceAddressPrefix: AzureActiveDirectoryDomainServices
* destinationAddressPrefix: '*'
* - name: AllowRD
* priority: 201
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '3389'
* sourceAddressPrefix: CorpNetSaw
* destinationAddressPrefix: '*'
* - name: AllowPSRemoting
* priority: 301
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '5986'
* sourceAddressPrefix: AzureActiveDirectoryDomainServices
* destinationAddressPrefix: '*'
* - name: AllowLDAPS
* priority: 401
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '636'
* sourceAddressPrefix: '*'
* destinationAddressPrefix: '*'
* primarySubnetNetworkSecurityGroupAssociation:
* type: azure:network:SubnetNetworkSecurityGroupAssociation
* name: primary
* properties:
* subnetId: ${primarySubnet.id}
* networkSecurityGroupId: ${primaryNetworkSecurityGroup.id}
* dcAdmins:
* type: azuread:Group
* name: dc_admins
* properties:
* displayName: aad-dc-administrators
* securityEnabled: true
* admin:
* type: azuread:User
* properties:
* userPrincipalName: [email protected]
* displayName: DC Administrator
* password: Pa55w0Rd!!1
* adminGroupMember:
* type: azuread:GroupMember
* name: admin
* properties:
* groupObjectId: ${dcAdmins.objectId}
* memberObjectId: ${admin.objectId}
* example:
* type: azuread:ServicePrincipal
* properties:
* applicationId: 2565bd9d-da50-47d4-8b85-4c97f669dc36
* aadds:
* type: azure:core:ResourceGroup
* properties:
* name: aadds-rg
* location: westeurope
* exampleService:
* type: azure:domainservices:Service
* name: example
* properties:
* name: example-aadds
* location: ${aadds.location}
* resourceGroupName: ${aadds.name}
* domainName: widgetslogin.net
* sku: Enterprise
* filteredSyncEnabled: false
* initialReplicaSet:
* location: ${primaryVirtualNetwork.location}
* subnetId: ${primarySubnet.id}
* notifications:
* additionalRecipients:
* - [email protected]
* - [email protected]
* notifyDcAdmins: true
* notifyGlobalAdmins: true
* security:
* syncKerberosPasswords: true
* syncNtlmPasswords: true
* syncOnPremPasswords: true
* tags:
* Environment: prod
* options:
* dependson:
* - ${example}
* - ${primarySubnetNetworkSecurityGroupAssociation}
* replica:
* type: azure:core:ResourceGroup
* properties:
* name: aadds-replica-rg
* location: North Europe
* replicaVirtualNetwork:
* type: azure:network:VirtualNetwork
* name: replica
* properties:
* name: aadds-replica-vnet
* location: ${replica.location}
* resourceGroupName: ${replica.name}
* addressSpaces:
* - 10.20.0.0/16
* aaddsReplica:
* type: azure:network:Subnet
* name: aadds_replica
* properties:
* name: aadds-replica-subnet
* resourceGroupName: ${replica.name}
* virtualNetworkName: ${replicaVirtualNetwork.name}
* addressPrefixes:
* - 10.20.0.0/24
* aaddsReplicaNetworkSecurityGroup:
* type: azure:network:NetworkSecurityGroup
* name: aadds_replica
* properties:
* name: aadds-replica-nsg
* location: ${replica.location}
* resourceGroupName: ${replica.name}
* securityRules:
* - name: AllowSyncWithAzureAD
* priority: 101
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '443'
* sourceAddressPrefix: AzureActiveDirectoryDomainServices
* destinationAddressPrefix: '*'
* - name: AllowRD
* priority: 201
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '3389'
* sourceAddressPrefix: CorpNetSaw
* destinationAddressPrefix: '*'
* - name: AllowPSRemoting
* priority: 301
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '5986'
* sourceAddressPrefix: AzureActiveDirectoryDomainServices
* destinationAddressPrefix: '*'
* - name: AllowLDAPS
* priority: 401
* direction: Inbound
* access: Allow
* protocol: Tcp
* sourcePortRange: '*'
* destinationPortRange: '636'
* sourceAddressPrefix: '*'
* destinationAddressPrefix: '*'
* replicaSubnetNetworkSecurityGroupAssociation:
* type: azure:network:SubnetNetworkSecurityGroupAssociation
* name: replica
* properties:
* subnetId: ${aaddsReplica.id}
* networkSecurityGroupId: ${aaddsReplicaNetworkSecurityGroup.id}
* primaryReplica:
* type: azure:network:VirtualNetworkPeering
* name: primary_replica
* properties:
* name: aadds-primary-replica
* resourceGroupName: ${primaryVirtualNetwork.resourceGroupName}
* virtualNetworkName: ${primaryVirtualNetwork.name}
* remoteVirtualNetworkId: ${replicaVirtualNetwork.id}
* allowForwardedTraffic: true
* allowGatewayTransit: false
* allowVirtualNetworkAccess: true
* useRemoteGateways: false
* replicaPrimary:
* type: azure:network:VirtualNetworkPeering
* name: replica_primary
* properties:
* name: aadds-replica-primary
* resourceGroupName: ${replicaVirtualNetwork.resourceGroupName}
* virtualNetworkName: ${replicaVirtualNetwork.name}
* remoteVirtualNetworkId: ${primaryVirtualNetwork.id}
* allowForwardedTraffic: true
* allowGatewayTransit: false
* allowVirtualNetworkAccess: true
* useRemoteGateways: false
* replicaVirtualNetworkDnsServers:
* type: azure:network:VirtualNetworkDnsServers
* name: replica
* properties:
* virtualNetworkId: ${replicaVirtualNetwork.id}
* dnsServers: ${exampleService.initialReplicaSet.domainControllerIpAddresses}
* replicaReplicaSet:
* type: azure:domainservices:ReplicaSet
* name: replica
* properties:
* domainServiceId: ${exampleService.id}
* location: ${replica.location}
* subnetId: ${aaddsReplica.id}
* options:
* dependson:
* - ${replicaSubnetNetworkSecurityGroupAssociation}
* - ${primaryReplica}
* - ${replicaPrimary}
* ```
*
* ## Import
* Domain Service Replica Sets can be imported using the resource ID of the parent Domain Service and the Replica Set ID, e.g.
* ```sh
* $ pulumi import azure:domainservices/replicaSet:ReplicaSet example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.AAD/domainServices/instance1/replicaSets/00000000-0000-0000-0000-000000000000
* ```
*/
public class ReplicaSet internal constructor(
override val javaResource: com.pulumi.azure.domainservices.ReplicaSet,
) : KotlinCustomResource(javaResource, ReplicaSetMapper) {
/**
* A list of subnet IP addresses for the domain controllers in this Replica Set, typically two.
*/
public val domainControllerIpAddresses: Output>
get() = javaResource.domainControllerIpAddresses().applyValue({ args0 ->
args0.map({ args0 ->
args0
})
})
/**
* The ID of the Domain Service for which to create this Replica Set. Changing this forces a new resource to be created.
*/
public val domainServiceId: Output
get() = javaResource.domainServiceId().applyValue({ args0 -> args0 })
/**
* The publicly routable IP address for the domain controllers in this Replica Set.
*/
public val externalAccessIpAddress: Output
get() = javaResource.externalAccessIpAddress().applyValue({ args0 -> args0 })
/**
* The Azure location where this Replica Set should exist. Changing this forces a new resource to be created.
*/
public val location: Output
get() = javaResource.location().applyValue({ args0 -> args0 })
/**
* The current service status for the replica set.
*/
public val serviceStatus: Output
get() = javaResource.serviceStatus().applyValue({ args0 -> args0 })
/**
* The ID of the subnet in which to place this Replica Set. Changing this forces a new resource to be created.
*/
public val subnetId: Output
get() = javaResource.subnetId().applyValue({ args0 -> args0 })
}
public object ReplicaSetMapper : ResourceMapper {
override fun supportsMappingOfType(javaResource: Resource): Boolean =
com.pulumi.azure.domainservices.ReplicaSet::class == javaResource::class
override fun map(javaResource: Resource): ReplicaSet = ReplicaSet(
javaResource as
com.pulumi.azure.domainservices.ReplicaSet,
)
}
/**
* @see [ReplicaSet].
* @param name The _unique_ name of the resulting resource.
* @param block Builder for [ReplicaSet].
*/
public suspend fun replicaSet(name: String, block: suspend ReplicaSetResourceBuilder.() -> Unit): ReplicaSet {
val builder = ReplicaSetResourceBuilder()
builder.name(name)
block(builder)
return builder.build()
}
/**
* @see [ReplicaSet].
* @param name The _unique_ name of the resulting resource.
*/
public fun replicaSet(name: String): ReplicaSet {
val builder = ReplicaSetResourceBuilder()
builder.name(name)
return builder.build()
}
