This page describes the steps for managing the Active Directory objects for your Managed Service for Microsoft Active Directory domain.
Before you begin
Before managing your Active Directory objects, you should complete the following steps:
To manage your Active Directory objects, do the following:
Connect to the Windows VM that is joined to your Managed Microsoft AD domain by using RDP. For more information, see Connecting to Windows VMs by using RDP.
Open the Active Directory Users and Computers console (
Select the Active Directory domain name, and expand the item.
To manage your Active Directory objects, use the Organizational Units (OUs) provided by Managed Microsoft AD. Although you have full control of the objects in the
CloudOU, you can update only some attributes of the objects in the
Cloud Service ObjectsOU.
Managed Microsoft AD provides two Organizational Units (OUs),
Cloud Service Objects.
Cloud is created in your Managed Microsoft AD domain to
host all of your AD objects. You are granted full administrative access to this
OU. Use the
Cloud OU to create users, groups, computers, or further sub-OUs.
Cloud Service Objects OU hosts AD objects that are created and managed by
Managed Microsoft AD. Only Google Cloud can create objects under
this OU, but you can update some of their attributes.
For more information about the groups under the Cloud Service Objects OU, see Groups.
You can manage only the
Cloud Service Objects OUs.
Managed Microsoft AD reserves Active Directory object creation for other
OUs. This provides the added benefit of increased security, and helps you to
administer AD policies that apply to OUs.