This topic shows you how to join a Windows VM to a Managed Microsoft AD domain.
Before you begin
Before you begin, be sure you have completed the following tasks:
Create an Active Directory domain as explained in Quickstart: Creating a domain.
-
- Create the VM with a version of Windows that is supported by Managed Microsoft AD.
- Create the VM in the project that hosts your Managed Microsoft AD domain. (If there is a Shared VPC that is an authorized network, you can also create the VM in any of its service projects.)
- Create the VM on a VPC network that is peered with the Managed Microsoft AD domain.
Joining a Windows VM to a domain
To connect to a domain for the first time, you must configure the necessary settings and tools, and then join your VM to the domain. You only need to complete these additional steps once per Managed Microsoft AD domain.
To join your VM to the domain:
On the Windows VM, open the Add Roles and Features Wizard.
To enable the Active Directory Domain Service (AD DS) tools, in the Add Roles and Features Wizard, select the following checkboxes:
- Role Administration Tools
- AD DS and AD LDS Tools
- Active Directory module for Windows PowerShell
- AD DS Tools
- Active Directory Administrative Center
- AD DS Snap-Ins and Command-Line Tools
- Group Policy Management Console (GPMC) (optional)
- DNS Manager (optional)
Close the wizard.
Join the Windows VM to the Managed Microsoft AD domain.
To join the VM to the domain, you need the following information:
The domain name of your Managed Microsoft AD domain.
The username and password for an account that has the permissions that are required to join a VM to the domain. By default, members of the
Cloud Service Domain Join Accountsgroup have this permission. Learn about the groups that Managed Microsoft AD creates for you.
You can now manage Active Directory objects for your Managed Microsoft AD domain.
What's next
- Connect to a Managed Microsoft AD domain.
- Learn about the delegated administrator account.