While Using Terraform to provision users and groups in Azure Active Directory
As we know Terraform is a declarative IaC language wchich, unlike procedural languages, allows for the provisioning of immutable-like infrastructure resources by pushing the intended configuration state in its plan to the target environment. This is made possible by maintaining the state of the created resources in a state backend.
- A side effect of this feature when executing the user provisioning code with a different set of users is the purging of existing users and replacing them with new ones:
Below there is the affected code:
As there is no Azure Active Directory sync with On-prem Active directory Is there a way that users/groups are not replaced in Azure AD, as we have 1000’s of users and 100’s of groups we don’t want to loose the data.