datadot
commented
1 year ago Please find debug output below, seems that AZ CLI is sending "Standard" sku parameter, so maybe this is happening in the API?
az ad ds create --domain {} --name {} --replica-sets location="West Europe" subnet-id="{}" --resource-group {} --sku Standard --debug
cli.knack.cli: Command arguments: ['ad', 'ds', 'create', '--domain', '{}', '--name', '{}', '--replica-sets', 'location=West Europe', 'subnet-id={}', '--resource-group', '{}', '--sku', 'Standard', '--debug']
cli.knack.cli: __init__ debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x103a40310>, <function OutputProducer.on_global_arguments at 0x103aa9090>, <function CLIQuery.on_global_arguments at 0x103ace4d0>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'ad': ['azure.cli.command_modules.role', 'azext_ad']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: role 0.002 17 61
cli.azure.cli.core: Total (1) 0.002 17 61
cli.azure.cli.core: These extensions are not installed and will be skipped: ['azext_ai_examples', 'azext_next']
cli.azure.cli.core: Loading extensions:
cli.azure.cli.core: Name Load Time Groups Commands Directory
cli.azure.cli.core: ad 0.001 2 6 /Users//.azure/cliextensions/ad
cli.azure.cli.core: Total (1) 0.001 2 6
cli.azure.cli.core: Loaded 18 groups, 67 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : ad ds create
cli.azure.cli.core: Command table: ad ds create
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x104653520>]
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/Users//.azure/commands/2023-02-28.09-32-52.ad_ds_create.82472.log'.
az_command_data_logger: command args: ad ds create --domain {} --name {} --replica-sets {} {} --resource-group {} --sku {} --debug
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x104673eb0>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x1046c2560>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x1046c2680>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x103aa9120>, <function CLIQuery.handle_query_parameter at 0x103ace560>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x1046c25f0>]
az_command_data_logger: extension name: ad
az_command_data_logger: extension version: 0.1.0
Command group 'ad ds' is experimental and under development. Reference and support levels: https://aka.ms/CLI_refstatus
cli.azure.cli.core.commands.client_factory: Getting management service client client_type=DomainServicesResourceProvider
cli.azure.cli.core.auth.persistence: build_persistence: location='/Users/.azure/msal_token_cache.json', encrypt=False
cli.azure.cli.core.auth.binary_cache: load: /Users/.azure/msal_http_cache.bin
urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/xxx/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/xxx/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/xxx/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/xxx/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/xxx/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/xxx/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/xxx/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
msal.application: Broker enabled? False
cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), claims=None, kwargs={}
msal.application: Cache hit an AT
msal.telemetry: Generate or reuse correlation_id: 24f4b99a-85ea-475d-b1f0-9ffa3674d40c
cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/xxx/resourceGroups/{}/providers/Microsoft.AAD/domainServices/{}?api-version=2020-01-01'
cli.azure.cli.core.sdk.policies: Request method: 'PUT'
cli.azure.cli.core.sdk.policies: Request headers:
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json'
cli.azure.cli.core.sdk.policies: 'Accept': 'application/json'
cli.azure.cli.core.sdk.policies: 'Content-Length': '345'
cli.azure.cli.core.sdk.policies: 'x-ms-client-request-id': 'df526e14-b74a-11ed-82fc-12f9d94ef2d9'
cli.azure.cli.core.sdk.policies: 'CommandName': 'ad ds create'
cli.azure.cli.core.sdk.policies: 'ParameterSetName': '--domain --name --replica-sets --resource-group --sku --debug'
cli.azure.cli.core.sdk.policies: 'User-Agent': 'AZURECLI/2.45.0 (HOMEBREW) azsdk-python-domainservicesresourceprovider/unknown Python/3.10.10 (macOS-13.2.1-arm64-arm-64bit)'
cli.azure.cli.core.sdk.policies: 'Authorization': '*****'
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"location": "West Europe", "properties": {"domainName": "{}", "replicaSets": [{"location": "West Europe", "subnetId": "{}"}], "sku": "Standard"}}
urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
urllib3.connectionpool: https://management.azure.com:443 "PUT /subscriptions/xxx/resourceGroups/{}/providers/Microsoft.AAD/domainServices/{}?api-version=2020-01-01 HTTP/1.1" 201 1022
cli.azure.cli.core.sdk.policies: Response status: 201
cli.azure.cli.core.sdk.policies: Response headers:
cli.azure.cli.core.sdk.policies: 'Cache-Control': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Pragma': 'no-cache'
cli.azure.cli.core.sdk.policies: 'Content-Length': '1022'
cli.azure.cli.core.sdk.policies: 'Content-Type': 'application/json; charset=utf-8'
cli.azure.cli.core.sdk.policies: 'Expires': '-1'
cli.azure.cli.core.sdk.policies: 'ETag': 'W/"datetime\'2023-02-28T09%3A32%3A53.798653Z\'"'
cli.azure.cli.core.sdk.policies: 'x-ms-request-id': '30814c97-4591-4078-a1da-3a338547090c'
cli.azure.cli.core.sdk.policies: 'Azure-AsyncOperation': 'https://management.azure.com/subscriptions/xxx/providers/Microsoft.AAD/locations/westeurope/operationResults/xxx?api-version=2020-01-01'
cli.azure.cli.core.sdk.policies: 'x-ms-ratelimit-remaining-subscription-writes': '1199'
cli.azure.cli.core.sdk.policies: 'x-ms-correlation-request-id': 'e59f6c0c-f712-4ad2-90dd-7793532a7bd5'
cli.azure.cli.core.sdk.policies: 'x-ms-routing-request-id': 'UKSOUTH:20230228T093305Z:xxx'
cli.azure.cli.core.sdk.policies: 'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
cli.azure.cli.core.sdk.policies: 'X-Content-Type-Options': 'nosniff'
cli.azure.cli.core.sdk.policies: 'Date': 'Tue, 28 Feb 2023 09:33:04 GMT'
cli.azure.cli.core.sdk.policies: Response content:
cli.azure.cli.core.sdk.policies: {"id":"/subscriptions/xxx/resourceGroups/{}/providers/Microsoft.AAD/domainServices/{}","name":"{}","type":"Microsoft.AAD/domainServices","etag":"W/\"datetime'2023-02-28T09%3A32%3A53.798653Z'\"","location":"West Europe","properties":{"version":2,"tenantId":"xxx","domainName":"[]","deploymentId":"xxx","syncOwner":"xxx","replicaSets":[{"replicaSetId":"xxx","location":"West Europe","subnetId":"{}"}],"domainSecuritySettings":{"ntlmV1":"Disabled","tlsV1":"Enabled","syncNtlmPasswords":"Enabled","syncKerberosPasswords":"Enabled","syncOnPremPasswords":"Enabled"},"sku":"Standard","provisioningState":"Creating"}}
ghost
yonzhan
SaurabhSharma-MSFT
Portal displays the same -
Portal
Describe the bug
Command Name
az ad ds create Extension Name: ad. Version: 0.1.0.Errors:
When setting SKU to
StandardActive Directory Domain Services is created with aEnterpriseSKU. This is an issue as it is not possible to downgrade from Enterprise to Standard.To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
az ad ds create --domain {} --name {} --replica-sets {} {} --resource-group {} --sku StandardExpected Behavior
Create an Active Directory Domain Service with a Standard SKU.
Environment Summary
Additional Context