Microsoft.NetApp netAppAccounts 2023-05-01-preview

Bicep resource definition

The netAppAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.NetApp/netAppAccounts resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.NetApp/netAppAccounts@2023-05-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  }
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  properties: {
    activeDirectories: [
      {
        activeDirectoryId: 'string'
        administrators: [
          'string'
        ]
        adName: 'string'
        aesEncryption: bool
        allowLocalNfsUsersWithLdap: bool
        backupOperators: [
          'string'
        ]
        dns: 'string'
        domain: 'string'
        encryptDCConnections: bool
        kdcIP: 'string'
        ldapOverTLS: bool
        ldapSearchScope: {
          groupDN: 'string'
          groupMembershipFilter: 'string'
          userDN: 'string'
        }
        ldapSigning: bool
        organizationalUnit: 'string'
        password: 'string'
        preferredServersForLdapClient: 'string'
        securityOperators: [
          'string'
        ]
        serverRootCACertificate: 'string'
        site: 'string'
        smbServerName: 'string'
        username: 'string'
      }
    ]
    encryption: {
      identity: {
        userAssignedIdentity: 'string'
      }
      keySource: 'string'
      keyVaultProperties: {
        keyName: 'string'
        keyVaultResourceId: 'string'
        keyVaultUri: 'string'
      }
    }
    nfsV4IDDomain: 'string'
  }
}

Property values

netAppAccounts

Name Description Value
name The resource name string (required)

Character limit: 1-128

Valid characters:
Alphanumerics, underscores, and hyphens.

Start with alphanumeric.
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
identity The identity used for the resource. ManagedServiceIdentity
properties NetApp Account properties AccountProperties

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

UserAssignedIdentities

Name Description Value
{customized property} UserAssignedIdentity

UserAssignedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

AccountProperties

Name Description Value
activeDirectories Active Directories ActiveDirectory[]
encryption Encryption settings AccountEncryption
nfsV4IDDomain Domain for NFSv4 user ID mapping. This property will be set for all NetApp accounts in the subscription and region and only affect non ldap NFSv4 volumes. string

Constraints:
Max length = 255
Pattern = ^[a-zA-Z0-9][a-zA-Z0-9.-]{0,253}[a-zA-Z0-9]$

ActiveDirectory

Name Description Value
activeDirectoryId Id of the Active Directory string
administrators Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
adName Name of the active directory machine. This optional parameter is used only while creating kerberos volume string

Constraints:
Min length = 1
Max length = 64
aesEncryption If enabled, AES encryption will be enabled for SMB communication. bool
allowLocalNfsUsersWithLdap If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. bool
backupOperators Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
dns Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
domain Name of the Active Directory domain string
encryptDCConnections If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. bool
kdcIP kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
ldapOverTLS Specifies whether or not the LDAP traffic needs to be secured via TLS. bool
ldapSearchScope LDAP Search scope options LdapSearchScopeOpt
ldapSigning Specifies whether or not the LDAP traffic needs to be signed. bool
organizationalUnit The Organizational Unit (OU) within the Windows Active Directory string
password Plain text password of Active Directory domain administrator, value is masked in the response string

Constraints:
Max length = 64
Sensitive value. Pass in as a secure parameter.
preferredServersForLdapClient Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed. string

Constraints:
Max length = 32
Pattern = ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))?)?$
securityOperators Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
serverRootCACertificate When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. string

Constraints:
Min length = 1
Max length = 10240
Sensitive value. Pass in as a secure parameter.
site The Active Directory site the service will limit Domain Controller discovery to string
smbServerName NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes string
username A domain user account with permission to create machine accounts string

LdapSearchScopeOpt

Name Description Value
groupDN This specifies the group DN, which overrides the base DN for group lookups. string

Constraints:
Max length = 255
groupMembershipFilter This specifies the custom LDAP search filter to be used when looking up group membership from LDAP server. string

Constraints:
Max length = 255
userDN This specifies the user DN, which overrides the base DN for user lookups. string

Constraints:
Max length = 255

AccountEncryption

Name Description Value
identity Identity used to authenticate to KeyVault. Applicable if keySource is 'Microsoft.KeyVault'. EncryptionIdentity
keySource The encryption keySource (provider). Possible values (case-insensitive): Microsoft.NetApp, Microsoft.KeyVault 'Microsoft.KeyVault'
'Microsoft.NetApp'
keyVaultProperties Properties provided by KeVault. Applicable if keySource is 'Microsoft.KeyVault'. KeyVaultProperties

EncryptionIdentity

Name Description Value
userAssignedIdentity The ARM resource identifier of the user assigned identity used to authenticate with key vault. Applicable if identity.type has 'UserAssigned'. It should match key of identity.userAssignedIdentities. string

KeyVaultProperties

Name Description Value
keyName The name of KeyVault key. string (required)
keyVaultResourceId The resource ID of KeyVault. string (required)
keyVaultUri The Uri of KeyVault. string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create new ANF resource with NFSV3/NFSv4.1 volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with NFSV3 or NFSv4.1 protocol. They are all deployed together with Azure Virtual Network and Delegated subnet that are required for any volume to be created
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.

ARM template resource definition

The netAppAccounts resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.NetApp/netAppAccounts resource, add the following JSON to your template.

{
  "type": "Microsoft.NetApp/netAppAccounts",
  "apiVersion": "2023-05-01-preview",
  "name": "string",
  "location": "string",
  "tags": {
    "tagName1": "tagValue1",
    "tagName2": "tagValue2"
  },
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {}
    }
  },
  "properties": {
    "activeDirectories": [
      {
        "activeDirectoryId": "string",
        "administrators": [ "string" ],
        "adName": "string",
        "aesEncryption": "bool",
        "allowLocalNfsUsersWithLdap": "bool",
        "backupOperators": [ "string" ],
        "dns": "string",
        "domain": "string",
        "encryptDCConnections": "bool",
        "kdcIP": "string",
        "ldapOverTLS": "bool",
        "ldapSearchScope": {
          "groupDN": "string",
          "groupMembershipFilter": "string",
          "userDN": "string"
        },
        "ldapSigning": "bool",
        "organizationalUnit": "string",
        "password": "string",
        "preferredServersForLdapClient": "string",
        "securityOperators": [ "string" ],
        "serverRootCACertificate": "string",
        "site": "string",
        "smbServerName": "string",
        "username": "string"
      }
    ],
    "encryption": {
      "identity": {
        "userAssignedIdentity": "string"
      },
      "keySource": "string",
      "keyVaultProperties": {
        "keyName": "string",
        "keyVaultResourceId": "string",
        "keyVaultUri": "string"
      }
    },
    "nfsV4IDDomain": "string"
  }
}

Property values

netAppAccounts

Name Description Value
type The resource type 'Microsoft.NetApp/netAppAccounts'
apiVersion The resource api version '2023-05-01-preview'
name The resource name string (required)

Character limit: 1-128

Valid characters:
Alphanumerics, underscores, and hyphens.

Start with alphanumeric.
location The geo-location where the resource lives string (required)
tags Resource tags. Dictionary of tag names and values. See Tags in templates
identity The identity used for the resource. ManagedServiceIdentity
properties NetApp Account properties AccountProperties

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). 'None'
'SystemAssigned'
'SystemAssigned,UserAssigned'
'UserAssigned' (required)
userAssignedIdentities The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. UserAssignedIdentities

UserAssignedIdentities

Name Description Value
{customized property} UserAssignedIdentity

UserAssignedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

AccountProperties

Name Description Value
activeDirectories Active Directories ActiveDirectory[]
encryption Encryption settings AccountEncryption
nfsV4IDDomain Domain for NFSv4 user ID mapping. This property will be set for all NetApp accounts in the subscription and region and only affect non ldap NFSv4 volumes. string

Constraints:
Max length = 255
Pattern = ^[a-zA-Z0-9][a-zA-Z0-9.-]{0,253}[a-zA-Z0-9]$

ActiveDirectory

Name Description Value
activeDirectoryId Id of the Active Directory string
administrators Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
adName Name of the active directory machine. This optional parameter is used only while creating kerberos volume string

Constraints:
Min length = 1
Max length = 64
aesEncryption If enabled, AES encryption will be enabled for SMB communication. bool
allowLocalNfsUsersWithLdap If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. bool
backupOperators Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
dns Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
domain Name of the Active Directory domain string
encryptDCConnections If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. bool
kdcIP kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
ldapOverTLS Specifies whether or not the LDAP traffic needs to be secured via TLS. bool
ldapSearchScope LDAP Search scope options LdapSearchScopeOpt
ldapSigning Specifies whether or not the LDAP traffic needs to be signed. bool
organizationalUnit The Organizational Unit (OU) within the Windows Active Directory string
password Plain text password of Active Directory domain administrator, value is masked in the response string

Constraints:
Max length = 64
Sensitive value. Pass in as a secure parameter.
preferredServersForLdapClient Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed. string

Constraints:
Max length = 32
Pattern = ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))?)?$
securityOperators Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
serverRootCACertificate When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. string

Constraints:
Min length = 1
Max length = 10240
Sensitive value. Pass in as a secure parameter.
site The Active Directory site the service will limit Domain Controller discovery to string
smbServerName NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes string
username A domain user account with permission to create machine accounts string

LdapSearchScopeOpt

Name Description Value
groupDN This specifies the group DN, which overrides the base DN for group lookups. string

Constraints:
Max length = 255
groupMembershipFilter This specifies the custom LDAP search filter to be used when looking up group membership from LDAP server. string

Constraints:
Max length = 255
userDN This specifies the user DN, which overrides the base DN for user lookups. string

Constraints:
Max length = 255

AccountEncryption

Name Description Value
identity Identity used to authenticate to KeyVault. Applicable if keySource is 'Microsoft.KeyVault'. EncryptionIdentity
keySource The encryption keySource (provider). Possible values (case-insensitive): Microsoft.NetApp, Microsoft.KeyVault 'Microsoft.KeyVault'
'Microsoft.NetApp'
keyVaultProperties Properties provided by KeVault. Applicable if keySource is 'Microsoft.KeyVault'. KeyVaultProperties

EncryptionIdentity

Name Description Value
userAssignedIdentity The ARM resource identifier of the user assigned identity used to authenticate with key vault. Applicable if identity.type has 'UserAssigned'. It should match key of identity.userAssignedIdentities. string

KeyVaultProperties

Name Description Value
keyName The name of KeyVault key. string (required)
keyVaultResourceId The resource ID of KeyVault. string (required)
keyVaultUri The Uri of KeyVault. string (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create new ANF resource with NFSV3/NFSv4.1 volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with NFSV3 or NFSv4.1 protocol. They are all deployed together with Azure Virtual Network and Delegated subnet that are required for any volume to be created
Create new ANF resource with SMB volume

Deploy to Azure
This template allows you to create a new Azure NetApp Files resource with a single Capacity pool and single volume configured with SMB protocol.

Terraform (AzAPI provider) resource definition

The netAppAccounts resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.NetApp/netAppAccounts resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.NetApp/netAppAccounts@2023-05-01-preview"
  name = "string"
  location = "string"
  parent_id = "string"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  identity {
    type = "string"
    identity_ids = []
  }
  body = jsonencode({
    properties = {
      activeDirectories = [
        {
          activeDirectoryId = "string"
          administrators = [
            "string"
          ]
          adName = "string"
          aesEncryption = bool
          allowLocalNfsUsersWithLdap = bool
          backupOperators = [
            "string"
          ]
          dns = "string"
          domain = "string"
          encryptDCConnections = bool
          kdcIP = "string"
          ldapOverTLS = bool
          ldapSearchScope = {
            groupDN = "string"
            groupMembershipFilter = "string"
            userDN = "string"
          }
          ldapSigning = bool
          organizationalUnit = "string"
          password = "string"
          preferredServersForLdapClient = "string"
          securityOperators = [
            "string"
          ]
          serverRootCACertificate = "string"
          site = "string"
          smbServerName = "string"
          username = "string"
        }
      ]
      encryption = {
        identity = {
          userAssignedIdentity = "string"
        }
        keySource = "string"
        keyVaultProperties = {
          keyName = "string"
          keyVaultResourceId = "string"
          keyVaultUri = "string"
        }
      }
      nfsV4IDDomain = "string"
    }
  })
}

Property values

netAppAccounts

Name Description Value
type The resource type "Microsoft.NetApp/netAppAccounts@2023-05-01-preview"
name The resource name string (required)

Character limit: 1-128

Valid characters:
Alphanumerics, underscores, and hyphens.

Start with alphanumeric.
location The geo-location where the resource lives string (required)
parent_id To deploy to a resource group, use the ID of that resource group. string (required)
tags Resource tags. Dictionary of tag names and values.
identity The identity used for the resource. ManagedServiceIdentity
properties NetApp Account properties AccountProperties

ManagedServiceIdentity

Name Description Value
type Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). "SystemAssigned"
"SystemAssigned,UserAssigned"
"UserAssigned" (required)
identity_ids The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. Array of user identity IDs.

UserAssignedIdentities

Name Description Value
{customized property} UserAssignedIdentity

UserAssignedIdentity

This object doesn't contain any properties to set during deployment. All properties are ReadOnly.

AccountProperties

Name Description Value
activeDirectories Active Directories ActiveDirectory[]
encryption Encryption settings AccountEncryption
nfsV4IDDomain Domain for NFSv4 user ID mapping. This property will be set for all NetApp accounts in the subscription and region and only affect non ldap NFSv4 volumes. string

Constraints:
Max length = 255
Pattern = ^[a-zA-Z0-9][a-zA-Z0-9.-]{0,253}[a-zA-Z0-9]$

ActiveDirectory

Name Description Value
activeDirectoryId Id of the Active Directory string
administrators Users to be added to the Built-in Administrators active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
adName Name of the active directory machine. This optional parameter is used only while creating kerberos volume string

Constraints:
Min length = 1
Max length = 64
aesEncryption If enabled, AES encryption will be enabled for SMB communication. bool
allowLocalNfsUsersWithLdap If enabled, NFS client local users can also (in addition to LDAP users) access the NFS volumes. bool
backupOperators Users to be added to the Built-in Backup Operator active directory group. A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
dns Comma separated list of DNS server IP addresses (IPv4 only) for the Active Directory domain string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
domain Name of the Active Directory domain string
encryptDCConnections If enabled, Traffic between the SMB server to Domain Controller (DC) will be encrypted. bool
kdcIP kdc server IP addresses for the active directory machine. This optional parameter is used only while creating kerberos volume. string

Constraints:
Pattern = ^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))*$
ldapOverTLS Specifies whether or not the LDAP traffic needs to be secured via TLS. bool
ldapSearchScope LDAP Search scope options LdapSearchScopeOpt
ldapSigning Specifies whether or not the LDAP traffic needs to be signed. bool
organizationalUnit The Organizational Unit (OU) within the Windows Active Directory string
password Plain text password of Active Directory domain administrator, value is masked in the response string

Constraints:
Max length = 64
Sensitive value. Pass in as a secure parameter.
preferredServersForLdapClient Comma separated list of IPv4 addresses of preferred servers for LDAP client. At most two comma separated IPv4 addresses can be passed. string

Constraints:
Max length = 32
Pattern = ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)((, ?)(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))?)?$
securityOperators Domain Users in the Active directory to be given SeSecurityPrivilege privilege (Needed for SMB Continuously available shares for SQL). A list of unique usernames without domain specifier string[]

Constraints:
Min length = 1
Max length = 255
serverRootCACertificate When LDAP over SSL/TLS is enabled, the LDAP client is required to have base64 encoded Active Directory Certificate Service's self-signed root CA certificate, this optional parameter is used only for dual protocol with LDAP user-mapping volumes. string

Constraints:
Min length = 1
Max length = 10240
Sensitive value. Pass in as a secure parameter.
site The Active Directory site the service will limit Domain Controller discovery to string
smbServerName NetBIOS name of the SMB server. This name will be registered as a computer account in the AD and used to mount volumes string
username A domain user account with permission to create machine accounts string

LdapSearchScopeOpt

Name Description Value
groupDN This specifies the group DN, which overrides the base DN for group lookups. string

Constraints:
Max length = 255
groupMembershipFilter This specifies the custom LDAP search filter to be used when looking up group membership from LDAP server. string

Constraints:
Max length = 255
userDN This specifies the user DN, which overrides the base DN for user lookups. string

Constraints:
Max length = 255

AccountEncryption

Name Description Value
identity Identity used to authenticate to KeyVault. Applicable if keySource is 'Microsoft.KeyVault'. EncryptionIdentity
keySource The encryption keySource (provider). Possible values (case-insensitive): Microsoft.NetApp, Microsoft.KeyVault "Microsoft.KeyVault"
"Microsoft.NetApp"
keyVaultProperties Properties provided by KeVault. Applicable if keySource is 'Microsoft.KeyVault'. KeyVaultProperties

EncryptionIdentity

Name Description Value
userAssignedIdentity The ARM resource identifier of the user assigned identity used to authenticate with key vault. Applicable if identity.type has 'UserAssigned'. It should match key of identity.userAssignedIdentities. string

KeyVaultProperties

Name Description Value
keyName The name of KeyVault key. string (required)
keyVaultResourceId The resource ID of KeyVault. string (required)
keyVaultUri The Uri of KeyVault. string (required)