Quickstart: Create a domain  |  Managed Microsoft AD Documentation  |  Google Cloud (2024)

Table of Contents
Before you begin Gather information Create the domain Console gcloud What's next Why Google Products and pricing Solutions Resources Engage

Sign in
  • Managed Microsoft AD

Contact Us Start free
  • Home
  • Managed Microsoft AD
  • Documentation
  • Guides
Stay organized with collections Save and categorize content based on your preferences.

This page shows you how to create a domain with Managed Service for Microsoft Active Directory.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.

    Enable the APIs

    5.

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.

    Enable the APIs

    8.
  8. Create a new Virtual Private Cloud (VPC) network to deploy your domain to, or use an existing one. Managed Microsoft AD doesn't support legacy networks. Note down your VPC network's full resource name, which you have to specify during the domain creation process. It is in the following format: projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME
    • Before you create a VPC network, make sure that you read Select VPC networks.
    • Make sure that you enable the APIs and create the VPC in the same project where you have enabled billing.

Gather information

You need the following information to create your domain:

  • A fully qualified domain name(FQDN) such as ad.example.com. For more information, see Microsoft's namingconventions in ActiveDirectory.

  • A private IP address range that is not in use by any of theVPC subnetworks—for example, 172.16.0.0/24,192.168.0.0/24, or 10.1.0.0/24. Ideally, you should select a range thatis not in use by any of the VPC subnetworks where you canuse the domain. For more information, see Select IP addressranges.

  • A region to deploy the domain controller to—forexample, us-central1. When you create a domain, you can deploy the domaincontroller in only one region. After you create the domain, you can adddomain controllers to additionalregions toincrease availability and be resilient to regional outages.

    For information about the supported regions, seeRegions.

  • A delegated administrator accountusername. You caneither use the default username (setupadmin) or modify it. However, youcan't change this username after you complete the domain creation.

  • The full resource name of the authorizedVPC network, which is in the following format:projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME

Create the domain

To create a domain, complete the following steps:

Console

  1. Go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD

  2. Select Create New AD Domain.

  3. On the Create new domain page, enter the gatheredinformation.

    • Enter the Fully qualified domain name (FQDN) for your domain.
    • In the Network details section, select your VPCnetwork name from the list. Select OK.
    • In the CIDR Range section, enter the IP address range for yourdomain.
    • In the Regions section, select a region from the list in whichyou want to deploy the domain controller.

    • In the Admin name field of the Delegated admin section, usethe default username (setupadmin) or enter a username for yourdelegated administrator account.

      This is your only opportunity to change the username for the delegatedadministrator account. After domain creation, you can't change the usernamefor the delegated administrator account.

  4. Select Create domain.

It can take up to 60 minutes to create a domain. When the domain creation iscomplete, you receive a notification in the Google Cloud console.

You can view the status of this operation at any time underNotifications in the Google Cloud console. If the domain creationfails, click See all activities under Notifications to view theerror message.

gcloud

Run the following gcloud CLI command:

gcloud active-directory domains create FULLY_QUALIFIED_DOMAIN_NAME \ --reserved-ip-range=CIDR_RANGE --region=REGION \ --authorized-networks=projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME

Replace the placeholder variables with the gatheredinformation.

You receive the following response that indicates domain creation hasstarted:

Create request issued for: FULLY_QUALIFIED_DOMAIN_NAMEWaiting for operation-1554140234884-5857b78a1a49e-02bc63a3-77e5c7ee to complete...

It can take up to 60 minutes to create a domain. The gcloud CLIoperation status updates when the domain creation is complete.

If the domain creation fails, the gcloud CLI displays an errormessage on the command line.

You can repeat this process to create multiple independent domains in the sameproject.

If you want to increase the number of independent domains that you can create inthe same project, you can contact Google Cloudsupport.

To make the domain available on a network in a different project, you canconfigure domain peering.

You can't create Active Directorysites in Managed Microsoft AD because Managed Microsoft AD doesn't supportthe Active Directory Sites and Services feature.

You can't create a childdomain in Managed Microsoft AD. Also, Managed Microsoft AD can't be part ofany other Active Directory domain deployed either on Google Cloud oron-premises. However, after you create a Managed Microsoft AD domain, youcan create a trust relationshipbetween the Managed Microsoft AD domain and any other non-Managed Microsoft AD domain.

For information about the errors that you might encounter while creating adomain, see Unable to create a Managed Microsoft ADdomain.

What's next

  • Join a Windows VM to a domain
  • Join a Linux VM to a domain
  • Connect to a Managed Microsoft AD domain
  • Configure domain peering
  • Deploy domain controllers in additional regions
  • Deploy Managed Microsoft AD with cross-project access using domain peering

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-03-26 UTC.

Quickstart: Create a domain  |  Managed Microsoft AD Documentation  |  Google Cloud (2024)
Top Articles
Most reliable and least reliable cars named in the US
What is a hyperscaler?
Iu Fraternities Ranked
Impressive Silver Monsey
Latest Posts
Jira Cloud vs. Server: main differences 2022
The importance of Partnership in business
Article information

Author: Edmund Hettinger DC

Last Updated:

Views: 5711

Rating: 4.8 / 5 (78 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Edmund Hettinger DC

Birthday: 1994-08-17

Address: 2033 Gerhold Pine, Port Jocelyn, VA 12101-5654

Phone: +8524399971620

Job: Central Manufacturing Supervisor

Hobby: Jogging, Metalworking, Tai chi, Shopping, Puzzles, Rock climbing, Crocheting

Introduction: My name is Edmund Hettinger DC, I am a adventurous, colorful, gifted, determined, precious, open, colorful person who loves writing and wants to share my knowledge and understanding with you.