Managing Active Directory objects

This page describes the steps for managing the Active Directory objects for your Managed Service for Microsoft Active Directory domain.

Before you begin

Before managing your Active Directory objects, you should complete the following steps:

• Create a Managed Microsoft AD domain.
• Join your Windows VM to the domain.

Managing objects

To manage your Active Directory objects, do the following:

1. Connect to the Windows VM that is joined to your Managed Microsoft AD domain by using RDP. For more information, see Connecting to Windows VMs by using RDP.

2. Open the Active Directory Users and Computers console (dsa.msc).

3. Select the Active Directory domain name, and expand the item.

4. To manage your Active Directory objects, use the Organizational Units (OUs) provided by Managed Microsoft AD. Although you have full control of the objects in the Cloud OU, you can update only some attributes of the objects in the Cloud Service Objects OU.

Organizational Units

Managed Microsoft AD provides two Organizational Units (OUs), Cloud and Cloud Service Objects.

Cloud is created in your Managed Microsoft AD domain to host all of your AD objects. You are granted full administrative access to this OU. Use the Cloud OU to create users, groups, computers, or further sub-OUs.

The Cloud Service Objects OU hosts AD objects that are created and managed by Managed Microsoft AD. Only Google Cloud can create objects under this OU, but you can update some of their attributes.

For more information about the groups under the Cloud Service Objects OU, see Groups.

You can manage only the Cloud and Cloud Service Objects OUs. Managed Microsoft AD reserves Active Directory object creation for other OUs. This provides the added benefit of increased security, and helps you to administer AD policies that apply to OUs.