Managing Active Directory objects

This page describes the steps for managing the Active Directory objects for your Managed Service for Microsoft Active Directory domain.

Before you begin

Before managing your Active Directory objects, you should complete the following steps:

• Create a Managed Microsoft AD domain.
• Join your Windows VM to the domain.

Managing objects

To manage your Active Directory objects:

1. Use RDP to connect to the Windows VM that is joined to your Managed Microsoft AD domain.

2. Open the Active Directory Users and Computers console (dsa.msc).

3. Select the Active Directory domain name to expand the item.

4. Use the Organizational Units (OUs) provided by Managed Microsoft AD to manage your Active Directory objects. Note that you have full control of the objects in the Cloud OU, but you can only update some attributes of the objects in the Cloud Service Objects OU.

Organizational Units

Managed Microsoft AD provides two Organizational Units (OUs), Cloud and Cloud Service Objects.

Cloud is created in your Managed Microsoft AD domain to host all of your AD objects. You are granted full administrative access to this OU. Use the Cloud OU to create users, groups, computers, or further sub-OUs.

The Cloud Service Objects OU hosts AD objects created and managed by Managed Microsoft AD. Only Google Cloud can create objects under this OU, but you can update some of their attributes.

Learn more about the groups under the Cloud Service Objects OU.

Note that you can only manage the Cloud and Cloud Service Objects OUs. Managed Microsoft AD reserves Active Directory object creation for other OUs. This has the added benefit of increased security, and makes it easier to administer AD policies that apply to OUs.