Deploy domain controllers in additional regions

This page provides a list of regions that you can add to your domain in Managed Service for Microsoft Active Directory (Managed Microsoft AD). This page also shows you how to add or remove a region from your domain.

Managed Microsoft AD supports multiple regions. Combined with the multi-regional nature of Virtual Private Clouds, you can quickly scale your Active Directory infrastructure across Google Cloud.

Before you begin

Before you add or remove domain controllers to additional regions, make sure that you have any one of the following IAM user roles:

  • Google Cloud Managed Identities Domain Admin (roles/managedidentities.domainAdmin)
  • Google Cloud Managed Identities Admin (roles/managedidentities.admin)

For more information, see Cloud Managed Identities roles.

For information about granting an IAM role to a principal, see Grant a single role.

Regions

Managed Microsoft AD supports the following regions:

Region name Region description
africa-south1 Johannesburg
asia-east1 Taiwan
asia-east2 Hong Kong
asia-northeast1 Tokyo
asia-northeast2 Osaka
asia-northeast3 Seoul
asia-south1 Mumbai
asia-south2 Delhi
asia-southeast1 Singapore
asia-southeast2 Jakarta
australia-southeast1 Sydney
australia-southeast2 Melbourne
europe-central2 Warsaw
europe-north1 Finland
europe-southwest1 Madrid
europe-west1 Belgium
europe-west2 London
europe-west3 Frankfurt
europe-west4 Netherlands
europe-west6 Zürich
europe-west8 Milan
europe-west9 Paris
europe-west10 Berlin
europe-west12 Turin
me-central1 Doha
me-central2 Dammam
me-west1 Tel Aviv
northamerica-northeast1 Montréal
northamerica-northeast2 Toronto
southamerica-east1 São Paulo
us-central1 Iowa
us-east1 South Carolina
us-east4 Northern Virginia
us-east5 Columbus
us-south1 Dallas
us-west1 Oregon
us-west2 Los Angeles
us-west3 Salt Lake City
us-west4 Las Vegas

Add a region

Managed Microsoft AD uses a single Active Directory site. The site is not constrained to a specific VPC subnet; it spans all regions and subnets of your VPC. For example, consider you have domain controllers located in us-west1 and your VPC spans us-west1, us-east1, and us-central1. Your domain is available in all these three regions and not limited to us-west1.

However, to increase availability and be resilient to regional outages, we recommend that you deploy domain controllers in additional regions. Each domain supports up to 4 regions.

You can only add domain controllers to the supported regions. Note that doesn't affect the access to your Managed Microsoft AD domain, which is available in all regions where your VPC has a presence.

To add domain controllers to an additional region, do the following:

Console

  1. In the Google Cloud console, go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD

  2. Select the domain to add a region to, then click Edit.

  3. Click Add Region and choose the region to add from the menu.

  4. Select Save Changes.

gcloud

Run the following command:

gcloud active-directory domains update DOMAIN_NAME \
  --add-region=REGION

Replace the following:

  • DOMAIN_NAME: The name of your domain. For example, ad.mycompany.com.
  • REGION: The region to add. For example, us-west1.

Remove a region

As your business needs evolve, you can easily retire domain controllers from a region. All the data is replicated, so removing a region doesn't result in data loss.

To remove domain controllers from a region, do the following:

Console

  1. In the Google Cloud console, go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD

  2. Select the domain to remove a region from, then click Edit.

  3. Under the Regions section, click the Delete icon next to the region that you want to remove.

  4. Select Save Changes.

gcloud

Run the following command:

gcloud active-directory domains update DOMAIN_NAME \
  --remove-region=REGION

Replace the following:

  • DOMAIN_NAME: The name of your domain. For example, ad.mycompany.com.
  • REGION: The region to remove. For example, us-west1.

What's next