Create a domain with Managed Service for Microsoft Active Directory
This topic shows you how to create a domain with Managed Service for Microsoft Active Directory.
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.
-
Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project.
-
Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.
-
Create a new Virtual Private Cloud (VPC)
network to deploy your domain to, or use an existing one.
Legacy networks are not supported. Take note
of your VPC network's full name. You need it for the domain
creation process. It should match the following
format:
projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME
Gathering information
You need the following information to create your domain:
A fully qualified domain name (FQDN); for example,
ad.mycompany.com. Learn more about Microsoft's naming conventions in Active Directory.A private CIDR IP range not in use by any of the VPC's subnetworks; for example,
172.16.0.0/24,192.168.0.0/24, or10.1.0.0/24. Ideally, select a range not in use of any of the VPC subnetworks where the domain might be used. Learn more about selecting IP ranges.A region to deploy the domain controller to; for example,
us-central1. Learn more about currently supported regions.A delegated administrator account username. You can define this username or use the default,
setupadmin. Note that this username cannot be changed after domain creation.The complete name of the authorized VPC network. It should match the following format:
projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME
Creating the domain
After you complete the prerequisites and gather your domain information, you can create the domain.
Console
Go to the Managed Microsoft AD page in the Google Cloud console.
Go to the Managed Microsoft AD pageSelect Create New AD Domain.
On the Create new domain page, enter the information you gathered.
- Enter the Fully qualified domain name (FQDN) for your domain.
- Under Network details, select your VPC network name from the list. Select OK.
- Enter the CIDR Range for your domain controller.
- Under Regions, select a region from the list to deploy the domain controller to.
- Under Delegated Admin, you can enter an Admin name or use the
default,
setupadmin.
Select Create domain.
It can take up to 60 minutes to create a domain. You'll receive a notification in Google Cloud console when the creation is finished.
gcloud
Run the following gcloud CLI command. Replace the placeholder variables with the information you gathered.
gcloud active-directory domains create FULLY_QUALIFIED_DOMAIN_NAME \ --reserved-ip-range=CIDR_RANGE --region=REGION \ --authorized-networks=projects/PROJECT_ID/global/networks/VPC_NETWORK_NAME
You receive the following response that indicates domain creation has started:
Create request issued for: FULLY_QUALIFIED_DOMAIN_NAME Waiting for operation-1554140234884-5857b78a1a49e-02bc63a3-77e5c7ee to complete...
It can take up to 60 minutes to create a domain. The gcloud operation status
updates when domain creation is complete.
Congratulations! You created a domain using Managed Service for Microsoft Active Directory. Note that you can repeat the process to create multiple independent domains in this same project.