This page describes the steps for managing the Active Directory objects for your Managed Service for Microsoft Active Directory domain.
Before you begin
Before managing your Active Directory objects, you should complete the following steps:
To manage your Active Directory objects:
Use RDP to connect to the Windows VM that is joined to your Managed Microsoft AD domain.
Open the Active Directory Users and Computers console (dsa.msc).
Select the Active Directory domain name to expand the item.
Use the Organizational Units (OUs) provided by Managed Microsoft AD to manage your Active Directory objects. Note that you have full control of the objects in the
Cloud OU, but you can only update some attributes of the objects in the
Cloud Service Objects OU.
Managed Microsoft AD provides two Organizational Units (OUs),
Cloud Service Objects.
Cloud is created in your Managed Microsoft AD domain to
host all of your AD objects. You are granted full administrative access to this
OU. Use the
Cloud OU to create users, groups, computers, or further sub-OUs.
Cloud Service Objects OU hosts AD objects created and managed by
Managed Microsoft AD. Only Google Cloud can create objects under
this OU, but you can update some of their attributes.
Learn more about the groups under the Cloud Service Objects OU.
Note that you can only manage the
Cloud Service Objects OUs.
Managed Microsoft AD reserves Active Directory object creation for other
OUs. This has the added benefit of increased security, and makes it easier to
administer AD policies that apply to OUs.