FAQ

This page provides answers to some common questions that are asked about Google Cloud's Managed Service for Microsoft Active Directory.

What user do I use to manage Managed Microsoft AD?

When setting up Managed Microsoft AD, a delegated administrator account is created to manage Managed Microsoft AD. This user does not have Domain Administrator and Enterprise Administrator rights, as those rights are reserved for use by the service.

How can I manage Organizational Units (OU)?

Managed Microsoft AD creates the Cloud and Cloud Service Objects OU. Learn about pre-created objects and how to manage these objects.

How can I manage Group Policy Objects (GPO)?

By default, Managed Microsoft AD creates the Cloud Service Default Computer Policy GPO and links it to the Cloud OU. If you need more than one GPO, custom GPOs can be created and added to the Cloud OU, or to any OUs you create under Cloud. Learn more about GPOs.

How are domain controllers deployed?

Domain controllers are created as VMs in dedicated Virtual Private Cloud (VPC) networks. The domain controller VPCs are then connected to other existing VPCs using VPC Network Peering.

For detailed information, see Deploying Active Directory.

When I create a new Managed Microsoft AD domain, what IP range should I choose?

Managed Microsoft AD requires a minimum of /24 range, such as 10.1.0.0/24, that isn't already a subnet on your authorized network VPC.

Learn more about selecting IP address ranges.

Where can I view the domain controller event logs?

You can use Managed Microsoft AD Audit Logs.

What should I expect during maintenance for a domain controller VM?

The AD domain remains available during patches and updates. Learn about how Managed Microsoft AD handles patching

Can I restore my Active Directory data after a failure?

Managed Microsoft AD stores regular backups in order to recover the Active Directory domain, if necessary. Backups are taken twice a day and stored outside the domain controllers. These can be utilized by Managed Microsoft AD to perform disaster recovery, should it become necessary.

Currently, you cannot directly restore Active Directory data. To request that your Active Directory data be restored from a backup, contact support.

Can I extend the Active Directory directory service schema?

While extending the Active Directory schema for the Managed Microsoft AD domain (forest) is not currently supported, Managed Microsoft AD can be used with existing Active Directory domains (forests) that have schema extensions.

What time server do Managed Microsoft AD domain controllers use?

Managed Microsoft AD domain controllers sync time from the metadata.google.internal time server, as do all the Compute Engine instances. Learn about Compute Engine NTP.

Do I need to a create a separate project for each Managed Microsoft AD domain?

No, you do not need separate Google Cloud projects. You can create multiple independent domains in this same project.