A comprehensive Terraform template for deploying Microsoft Entra Domain Services (formerly Azure AD Domain Services) into Azure, providing a secure authentication infrastructure building block.
- 📖 Full Documentation - Comprehensive deployment guide
- 🚀 Deployment Summary - Project overview and features
- 🏗️ Architecture Guide - Technical architecture details
- 🔧 Configuration Guide - Configuration options and examples
- 🔍 Troubleshooting - Common issues and solutions
- 🛡️ Security Guide - Security best practices and compliance
-
Clone and Configure:
cp terraform.tfvars.example terraform.tfvars # Edit terraform.tfvars with your configuration -
Deploy:
terraform init terraform plan terraform apply
# Linux/macOS with Make
make test # Run all validations
make test-ci # Run CI validation (no Azure auth required)
make format # Format code
make security # Security scan
# Windows with PowerShell
.\scripts.ps1 test # Run all validations
.\scripts.ps1 test-ci # Run CI validation (no Azure auth required)
.\scripts.ps1 format # Format code
.\scripts.ps1 security # Security scan
.\scripts.ps1 help # Show all available commandsThe template includes terraform.tfvars.ci for automated testing:
- ✅ Works without Azure authentication
- ✅ Validates all Terraform syntax and logic
- ✅ Tests variable validations and constraints
- ✅ Generates plan output for review
# CI/CD testing command
ARM_SKIP_PROVIDER_REGISTRATION=true ARM_USE_CLI=false terraform plan -var-file="terraform.tfvars.ci"- ✅ Complete Domain Services Setup: Fully configured Entra Domain Services instance
- ✅ Network Security: Dedicated subnet with Network Security Groups
- ✅ High Availability: Support for replica sets across multiple regions
- ✅ Secure LDAP: Optional secure LDAP configuration with certificate management
- ✅ Monitoring & Diagnostics: Comprehensive logging and alerting
- ✅ Security Best Practices: Key Vault integration, encrypted communications
- ✅ CI/CD Ready: GitHub Actions and Azure DevOps pipelines included
- Azure Subscription with Contributor/Owner permissions
- Azure AD Tenant with Global Administrator rights
- Terraform v1.5.0+
- Valid domain name
# Use Makefile for common tasks
make test # Run all validations
make format # Format code
make security # Security scan
make docs # Generate documentation- GitHub Actions: Automatic validation, security scanning, and documentation
- Azure DevOps: Multi-stage pipeline with compliance checks
- Pre-commit Hooks: Quality gates for local development
├── main.tf # Core Terraform configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── monitoring.tf # Security and monitoring
├── terraform.tfvars.example # Example configuration
├── Makefile # Development commands
├── .github/workflows/ # GitHub Actions
├── azure-pipelines.yml # Azure DevOps pipeline
├── .pre-commit-config.yaml # Pre-commit hooks
└── docs/ # Documentation
├── README.md # Full documentation
├── DEPLOYMENT_SUMMARY.md # Project overview
├── ARCHITECTURE.md # Architecture details
├── CONFIGURATION.md # Configuration guide
├── TROUBLESHOOTING.md # Troubleshooting guide
└── SECURITY.md # Security best practices
- Fork the repository
- Create a feature branch
- Make your changes
- Test thoroughly with
make test - Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.