Create a domain

This topic shows you how to create a domain with Managed Service for Microsoft Active Directory.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

  2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Google Cloud project.

  4. Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.

    Enable the APIs

    5.

  5. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  6. Make sure that billing is enabled for your Google Cloud project.

  7. Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.

    Enable the APIs

    8.
  8. Create a new Virtual Private Cloud (VPC) network to deploy your domain to, or use an existing one. Managed Microsoft AD doesn't support legacy networks. Note down your VPC network's full resource name, which you have to specify during the domain creation process. It is in the following format: projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME
    • Before you create a VPC network, make sure that you read Select VPC networks.
    • Make sure that you enable the APIs and create the VPC in the same project where you have enabled billing.

Gather information

You need the following information to create your domain:

  • A fully qualified domain name (FQDN)

    such as ad.mycompany.com. For more information, see Microsoft's naming conventions in Active Directory.

  • A private IP address range that is not in use by any of the VPC subnetworks—for example, 172.16.0.0/24, 192.168.0.0/24, or 10.1.0.0/24. Ideally, you should select a range that is not in use by any of the VPC subnetworks where you can use the domain. For more information, see Select IP address ranges.

  • A region to deploy the domain controller to—for example, us-central1. When you create a domain, you can deploy the domain controller in only one region. After you create the domain, you can add more regions to the domain.

    For information about the supported regions, see Regions.

  • A delegated administrator account username. You can either use the default username (setupadmin) or modify it. However, you can't change this username after you complete the domain creation.

  • The full resource name of the authorized VPC network, which is in the following format: projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME

Create the domain

To create a domain, complete the following steps:

Console

  1. Go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD

  2. Select Create New AD Domain.

  3. On the Create new domain page, enter the gathered information.

    • Enter the Fully qualified domain name (FQDN) for your domain.
    • In the Network details section, select your VPC network name from the list. Select OK.
    • In the CIDR Range section, enter the IP address range for your domain.
    • In the Regions section, select a region from the list in which you want to deploy the domain controller.
    • In the Admin name field of the Delegated admin section, use the default username (setupadmin) or enter a username for your delegated administrator account.

This is your only opportunity to change the username for the delegated administrator account. After domain creation, you can't change the username for the delegated administrator account.

  1. Select Create domain.

It can take up to 60 minutes to create a domain. When the domain creation is complete, you receive a notification in the Google Cloud console.

You can view the status of this operation at any time under Notifications in the Google Cloud console. If the domain creation fails, click See all activities under Notifications to view the error message.

gcloud

Run the following gcloud CLI command:

gcloud active-directory domains create FULLY_QUALIFIED_DOMAIN_NAME \
--reserved-ip-range=CIDR_RANGE --region=REGION \
--authorized-networks=projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME

Replace the placeholder variables with the gathered information.

You receive the following response that indicates domain creation has started:

Create request issued for: FULLY_QUALIFIED_DOMAIN_NAME
Waiting for operation-1554140234884-5857b78a1a49e-02bc63a3-77e5c7ee to complete...

It can take up to 60 minutes to create a domain. The gcloud CLI operation status updates when the domain creation is complete.

If the domain creation fails, the gcloud CLI displays an error message on the command line.

You can repeat this process to create multiple independent domains in the same project.

If you want to increase the number of independent domains that you can create in the same project, you can contact Google Cloud support.

To make the domain available on a network in a different project, you can configure domain peering.

For information about the errors that you might encounter while creating a domain, see Unable to create a Managed Microsoft AD domain.

What's next