Manage trusts

This topic shows you how to manage a one-way trust relationship between an on-premises domain and a Managed Microsoft AD domain. It assumes you have already completed the steps in creating a one-way trust.

Validating a trust

To validate the trust, complete the following steps.

Console

  1. Open the Managed Microsoft AD page in the Google Cloud console.
    Open the Managed Microsoft AD page

  2. Select the domain to validate.

  3. On the domain details page, select the Trust relationships tab.

  4. Click Validate Trust for trust relationship you want to validate.

  5. The trust state should change to Validating. Wait a few minutes for it to change to Connected or Disconnected.

If the trust state is Disconnected, you can obtain more information by describing the domain. For more information, see Manage domains.

gcloud

Run the following gcloud CLI command:

gcloud active-directory domains trusts validate-state domain \
    --target-domain-name=target-domain-name

Learn more about the validate command.

Monitoring trust health

Managed Microsoft AD periodically verifies the outbound trust state and logs this metric in Cloud Monitoring.

To view the log of the health of the trust, complete the following steps.

  1. Open the Managed Microsoft AD page in the Google Cloud console.
    Open the Managed Microsoft AD page

  2. In the Trust relationships table, in the Actions column for your trust, click .

  3. In the More menu, select Monitoring.

  4. On the Cloud Monitoring page, you can view a log of the trust's health.

Learn more about Monitoring.

Refreshing Name Suffix Routing for an on-premises trust

To refresh the Name Suffix Routing for an on-premises trust, complete the following steps.

  1. Log in to an on-premises domain controller using a Domain or Enterprise administrator account.

  2. Open Active Directory Domains and Trusts.

  3. Select the Trust tab. It displays outbound and inbound trusts.

  4. Select the trust with the Managed Microsoft AD domain.

  5. Click Properties.

  6. Navigate to Name Suffix Routing.

  7. Click Refresh to add the name suffixes in the Managed Microsoft AD domain.

  8. Click OK.

What's next