Skip to main content

azure_active_directory_domain_service resource

Use the azure_active_directory_domain_service InSpec audit resource to test the properties of an Azure Active Directory service within a tenant.

Azure REST API version, endpoint, and HTTP client parameters

This resource interacts with API versions supported by the resource provider. You can specify the api_version as a resource parameter to use a specific version of the Azure REST API. If you don’t specify an API version, this resource uses the latest version available. For more information about API versioning, see the azure_generic_resource.

By default, this resource uses the azure_cloud global endpoint and default HTTP client settings. You can override these settings if you need to connect to a different Azure environment (such as Azure Government or Azure China). For more information about configuration options, see the resource pack README.

Syntax

describe azure_active_directory_domain_service(id: 'example.com') do
  it { should exist }
end

Parameters

Either one of the following parameters is mandatory.

id
Domain ID.

For example, example.com

Properties

id
The fully qualified name of the domain. Key, immutable, not nullable, and unique.
authenticationType
Indicates the configured authentication type for the domain. The value is either Managed or Federated.
availabilityStatus
This property is always null except when the verify action is used.
isAdminManaged
The value of the property is false if the DNS record management of the domain has been delegated to Microsoft 365.
isDefault
true if this is the default domain used for user creation. There is only one default domain per company. Not nullable.
isInitial
true if this is the initial domain created by Microsoft Online Services (companyname.onmicrosoft.com). There is only one initial domain per company.
isRoot
true if the domain is a verified root domain. Otherwise, false if the domain is a subdomain or unverified.
isVerified
true if the domain has completed domain ownership verification.
passwordNotificationWindowInDays
Specifies the number of days before a user receives notification that their password will expire. A default value of 14 days will be used if the property is not set.
passwordValidityPeriodInDays
Specifies the length of time that a password is valid before it must be changed. A default value of 90 days will be used if the property is not set.
supportedServices
The capabilities assigned to the domain.
state
Status of asynchronous operations scheduled for the domain.

Examples

Test if an active directory domain is referenced with a valid ID:

describe azure_active_directory_domain_service(id: 'example.com') do
  it { should exist }
end

Test if an active directory domain is referenced with an invalid ID:

describe azure_active_directory_domain_service(id: 'example.com') do
  it { should_not exist }
end

Matchers

For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.

exists

describe azure_active_directory_domain_service(id: 'example.onmicrosoft.com') do
  it { should exist }
end

Azure permissions

Graph resources require specific privileges granted to your service principal. Please refer to the Microsoft Documentation for information on how to grant these permissions to your application.

Thank you for your feedback!

×