Import of azurerm_active_directory_domain_service into terraform state fails when existing Azure AD Domain Services is on Standard SKU

[Theragus]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

theragus@Theragus-MacBookPro % terraform -v
Terraform v1.0.3
on darwin_amd64
+ provider registry.terraform.io/hashicorp/azurerm v2.69.0

Affected Resource(s)

• azurerm_active_directory_domain_service

Terraform Configuration Files

resource "azurerm_active_directory_domain_service" "RATAGS-aadds" {
  name = "intdomainde"
  domain_name = "int.domain.de"
  location = "Germany West Central"
  sku = "Standard"
  filtered_sync_enabled = false
  resource_group_name = azurerm_resource_group.resourcegroupname.name
  initial_replica_set {
    subnet_id = azurerm_subnet.Resource-vnet1-subnet-aadds-subnet.id
  }
}

Debug Output

Panic Output

Expected Behaviour

Succesful import of existing azurerm_active_directory_domain_service into the state.

Actual Behaviour

terraform exits with an error:

│ Error: parsing Resource ID "/subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourcegroupname/providers/Microsoft.AAD/domainServices/int.domain.de": ID was missing the `initialReplicaSetId` element

Steps to Reproduce

1. create an Azure AD Domain Services Domain outside of terraform with all prerequisites in a Standard SKU
2. write terraform config for Azure AD Domain Servces
3. import existing Azure AD Domain Services with terraform import

Important Factoids

References

• 0000

[tombuildsstuff]

Looks like the docs for this are wrong since we're using the Initial Replica Set ID as the Domain Service ID here:

/subscriptions/%s/resourceGroups/%s/providers/Microsoft.AAD/domainServices/%s/initialReplicaSetId/%s

[Theragus]

Hi @tombuildsstuff, i just realized that this resource type has been added in the latest version 2.69.0 which was literally released 3 days ago. i was looking out for https://github.com/terraform-providers/terraform-provider-azurerm/pull/10782 for quite some time and since its so new theres probably still a bunch of other issues.

To follow up with this issue, i tried doing an import with your comment on initialReplicaSetId in one of our enviroments and i got the error that this was not found on the azure site.

Also the resource address in azure is showing the resource address without the /initialReplicaSetId/ path at the end

theragus@Theragus-MacBookPro % terraform import azurerm_active_directory_domain_service.AADDS/subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/AADDS/providers/Microsoft.AAD/domainServices/int.domain.de/initialReplicaSetId/48066e1d-4e8c-42fb-aeef-2d40c5fa6940
Acquiring state lock. This may take a few moments...
╷
│ Error: Cannot import non-existent remote object
│ 
│ While attempting to import an existing object to "azurerm_active_directory_domain_service.AADDS", the provider detected that no object exists with the given id. Only pre-existing objects can be imported; check that the id is correct and that it is associated with the
│ provider's configured region or endpoint, or use "terraform apply" to create a new remote object for this resource.
╵

[tombuildsstuff]

@manicminer since you've got the context would you mind taking a look at this?

[enorlando]

I am also encountering the same issue when I try and import an existing Azure AD Domain Service into terraform. I am running standard SKU and so no replica sets.

[manicminer]

Hi @Theragus, @enorlando

Thanks for reporting this! You are correct, there is a documentation bug for this resource - the resource ID format isn't shown in full. In order to import a domain service, you'll need to use the following format (the missing segment is at the end):

/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/aaacctest-tbamford/providers/Microsoft.AAD/domainServices/never.gonna.give.you.up/initialReplicaSetId/e85553b0-e107-4cd1-8020-796f3cf283af

Apart from the obscured subscription ID, this is the exact command I used to import a Standard SKU domain service that I created in the portal. Note that whilst the portal doesn't show any replica sets when using the Standard SKU, it does have one (and only one). You can get the replica set ID by peeking at the API responses in your browser inspector - unfortunately the portal doesn't show it anywhere.

Can you give this a try and advise if this allows you to import? We'll get a documentation fix out shortly. Thanks!

[Theragus]

Hi @manicminer, Thank you for pointing this out, I've now found the initial replica set by inspecting the browser requests as you suggested and I was now able to successfully import the AADDS into the terraform state.

[enorlando]

Hi @manicminer Thank you for the direction. After following your suggestion I too was able to successfully import the Azure AD Domain Services into terraform. Thanks!

[github-actions[bot]]

This functionality has been released in v2.72.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.