This page provides answers to some common questions that are asked about Google Cloud's Managed Service for Microsoft Active Directory.
What user do I use to manage Managed Microsoft AD?
When setting up Managed Microsoft AD, a delegated administrator account is created to manage Managed Microsoft AD. This user does not have Domain Administrator and Enterprise Administrator rights, as those rights are reserved for use by the service.
How can I manage Organizational Units (OU)?
How can I manage Group Policy Objects (GPO)?
By default, Managed Microsoft AD creates the
Cloud Service Default Computer
Policy GPO and links it to the
Cloud OU. If you need more than one GPO,
custom GPOs can be created and added to the
Cloud OU, or to any OUs you create
Cloud. Learn more about GPOs.
How are domain controllers deployed?
For detailed information, see Deploying Active Directory.
When I create a new Managed Microsoft AD domain, what IP range should I choose?
Managed Microsoft AD requires a minimum of /24 range, such as
that isn't already a subnet on your authorized network VPC.
Learn more about selecting IP address ranges.
Where can I view the domain controller event logs?
You can use Managed Microsoft AD Audit Logs.
What should I expect during maintenance for a domain controller VM?
The AD domain remains available during patches and updates. Learn about how Managed Microsoft AD handles patching
Can I restore my Active Directory data after a failure?
Managed Microsoft AD stores regular backups in order to recover the Active Directory domain, if necessary. Backups are taken twice a day and stored outside the domain controllers. These can be utilized by Managed Microsoft AD to perform disaster recovery, should it become necessary.
Currently, you cannot directly restore Active Directory data. To request that your Active Directory data be restored from a backup, contact support.
Can I extend the Active Directory directory service schema?
While extending the Active Directory schema for the Managed Microsoft AD domain (forest) is not currently supported, Managed Microsoft AD can be used with existing Active Directory domains (forests) that have schema extensions.
What time server do Managed Microsoft AD domain controllers use?
Managed Microsoft AD domain controllers sync time from the
metadata.google.internal time server, as do all the Compute Engine instances.
Compute Engine NTP.
Do I need to a create a separate project for each Managed Microsoft AD domain?
No, you do not need separate Google Cloud projects. You can create multiple independent domains in this same project.