Manage domain peerings

This article shows you how to do the following tasks in Managed Service for Microsoft Active Directory (Managed Microsoft AD):

  • List the domain peerings available in your project.
  • Get information about a specific domain peering.
  • Update labels for your domain peering.
  • Delete domain peerings which you no longer need.

Before you begin

List domain peerings

To list the domain peerings available in a project, follow these steps:

Console

  1. In the Google Cloud console, go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD
  2. Click the Peerings tab to view the list of domain peerings.

gcloud

Run the following gcloud CLI command: 

gcloud active-directory peerings list

You receive a response with the list of domain peerings.

PEERING_NAME   DOMAIN_NAME                                                 AUTHORIZED_NETWORK                              PEERING_STATE   CREATE_TIME
mypeering      projects/my-project/locations/global/domains/mydomain.com   project/my-project/global/networks/my-network   CONNECTED       2021-01-01T22:00:00

Get domain peering information

You can retrieve all the information specific to a domain peering including its current state, name, domain resource, authorized network. This information is useful in multiple scenarios such as verifying if a domain peering is configured with the intended resources and checking the status of domain peering.

To retrieve the information about a domain peering, follow these steps:

Console

  1. In the Google Cloud console, go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD
  2. Click the Peerings tab to view the information about domain peerings.

gcloud

Run the following gcloud CLI command:

gcloud active-directory peerings describe [PEERING_NAME]

Replace [PEERING_NAME] with the name of your domain peering. For example, mypeering.

You receive a YAML as a response describing the peering.

authorizedNetwork: projects/my-project/global/networks/my-vpc
createTime: '2019-03-27T22:35:58.135726571Z'
domainResource: projects/my-project/locations/global/domains/ad.mycompany.com
name: projects/my-project/locations/global/peerings/mypeering
state: CONNECTED
updateTime: '2019-03-29T23:58:12.249298693Z'

Possible domain peering states include:

State Description
STATE_UNSPECIFIED Not set.
CREATING The domain peering is being created.
CONNECTED The domain peering is connected and fully usable.
DELETING The domain peering is being deleted.
DISCONNECTED The domain peering isn't connected yet. There are a few possible causes:
  • If the state of the domain resource project is `DISCONNECTED`, it means that the domain peering isn't yet created from the VPC resource project.
  • If the state of the VPC resource project is `DISCONNECTED`, it means that the domain peering isn't yet created from the domain resource project.

Update labels for a domain peering

You can update the labels for an existing domain peering. To update the labels for a domain peering, follow these steps:

Console

  1. In the Google Cloud console, go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD
  2. Click the Peerings tab.
  3. Select the checkbox next to the domain peering that you want to update.
  4. Click Labels.
  5. In the Labels for resource pane, do the following:
    1. To add a new label, click Add label, and then enter the key-value pairs.
    2. To modify an existing label, enter a new value for the required key-value pair.
    3. To delete a label, click Delete item next to the key-value pair that you want to delete.
  6. Click Save.

gcloud

Run the following gcloud CLI command:

gcloud active-directory peerings update [PEERING_NAME] \
  --update-labels=[KEY]=[VALUE],[KEY]=[VALUE] \
  --remove-labels=[KEY],[KEY]

Replace the following:

  • [PEERING_NAME]: The name of your domain peering. For example, mypeering.
  • [KEY] and [VALUE]: The key-value pair that you want to add, modify, or delete. For example, count=8.
  • --update-labels: You can use this flag to specify the key-value pairs that you want to add or modify. If a key already exists, Managed Microsoft AD modifies the existing value. Otherwise, it adds a new label.
  • --remove-labels: You can use this flag to specify the labels that you want to delete.

Delete a domain peering

To delete a domain peering, follow these steps:

Console

  1. In the Google Cloud console, go to the Managed Microsoft AD page.
    Go to Managed Microsoft AD
  2. Click the Peerings tab.
  3. Click Menu next to the domain peering that you want to remove.
  4. Select Delete.
  5. In the Delete peering dialog, enter the name of your peering resource.
  6. Click Delete.

gcloud

Run the following gcloud CLI command: 

gcloud active-directory peerings delete [PEERING_NAME]

Replace [PEERING_NAME] with the name of your domain peering. For example, mypeering.

What's next