Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable LDAPS via API / Azure CLI / PowerShell #40480

ivanignatiev opened this issue Oct 10, 2019 — with · 4 comments


Copy link

@ivanignatiev ivanignatiev commented Oct 10, 2019 — with


Is it possible to enable LDAPS and upload the certificate by PowerShell or Azure CLI ?

If yes then how?

Document Details

Do not edit this section. It is required for ➟ GitHub issue linking.


This comment has been minimized.

Copy link

@shashishailaj shashishailaj commented Oct 10, 2019

@ivanignatiev Thank you for your query . We will investigate and update this thread.


This comment has been minimized.

Copy link

@ivanignatiev ivanignatiev commented Oct 10, 2019

Regarding to the swagger specification of Domain Services API I have arrived to make a correct JSON to create a AAD DS with LDAPS enabled:

az resource create  --subscription <subscriotion-id> \
                                --resource-group <resource-group-name> \
                                --name <managed-domain-name> \
                                --resource-type 'Microsoft.AAD/DomainServices' \
                                --properties <<EOF
                            "DomainName"  : "<managed-domain-name>" , 
                            "SubnetId"    : "<subnet-id>”,
                            "domainSecuritySettings": {
                                "ntlmV1": "Enabled",
                                "tlsV1": "Disabled",
                                "syncNtlmPasswords": "Enabled"
                            "ldapsSettings" : {
                                "ldaps": "Enabled",
                                "pfxCertificate": "<pfx-content-inbase64>”,
                                "pfxCertificatePassword": "<pfx-password>",
                                "externalAccess": "Disabled"

Swagger Specification:

Please, add it to the documentation.

@shashishailaj shashishailaj removed their assignment Oct 14, 2019

This comment has been minimized.

Copy link

@shashishailaj shashishailaj commented Oct 14, 2019

@iainfoulds @MikeStephens-MS Could you please review this request and help make changes to the documentation as requested by the customer ?


This comment has been minimized.

Copy link

@iainfoulds iainfoulds commented Oct 15, 2019

Thanks for the suggestion, @ivanignatiev

There's on-going engineering work to improve the tooling experience to give more control of deployments and configuration, initially mostly focused on PowerShell. This CLI approach should work just fine, but isn't necessarily something we'd want to expose in the docs at this time. This feedback remains at the bottom of the doc so others can find it if they're wanting to replicate it.

We do show deploying an Azure AD DS managed domain using PowerShell and will certainly update the docs as improved command-line experiences are available, such as with the Azure CLI.

For now, #please-close

@PRMerger19 PRMerger19 closed this Oct 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.