Manages an Administrative Unit within Azure Active Directory.
The following API permissions are required in order to use this resource.
When authenticated with a service principal, this resource requires one of the following application roles: AdministrativeUnit.ReadWrite.All
or Directory.ReadWrite.All
When authenticated with a user principal, this resource requires one of the following directory roles: Privileged Role Administrator
or Global Administrator
resource "azuread_administrative_unit" "example" {
display_name = "Example-AU"
description = "Just an example"
hidden_membership_enabled = false
}
The following arguments are supported:
description
- (Optional) The description of the administrative unit.display_name
- (Required) The display name of the administrative unit.members
- (Optional) A set of object IDs of members who should be present in this administrative unit. Supported object types are Users or Groups.hidden_membership_enabled
- (Optional) Whether the administrative unit and its members are hidden or publicly viewable in the directory.In addition to all arguments above, the following attributes are exported:
object_id
- The object ID of the administrative unit.Administrative units can be imported using their object ID, e.g.
terraform import azuread_administrative_unit.example 00000000-0000-0000-0000-000000000000