Quickstart: Configuring domain peering

This topic shows you how to configure domain peering with Managed Service for Microsoft Active Directory.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Enable the Managed Microsoft AD, Cloud DNS, and Compute Engine APIs.

    Enable the APIs

  5. Make sure that you have created a Managed Microsoft AD domain.
  6. Make sure the IP ranges assigned to Managed Microsoft AD and any authorized networks don't overlap.

Gathering information

You need the following information to create your domain:

  • A full resource name for your Managed Microsoft AD domain, in the form of: projects/PROJECT-ID/locations/global/domains/DOMAIN-NAME.
  • A full resource name for your VPC network, in the form of: projects/PROJECT-ID/global/networks/NETWORK-NAME.

Configuring domain peering

After you complete the prerequisites and gather your domain information, you can create the domain.

gcloud

Run the following gcloud tool command. Replace the placeholder variables with the information you gathered.

gcloud beta active-directory peerings create PEERING-RESOURCE-NAME \
--domain-resource=DOMAIN-RESOURCE-NAME  \
--authorized-networks=VPC-NETWORK-NAME

You receive the following response that indicates domain creation has started:

Create request issued for: PEERING-RESOURCE-NAME
Waiting for operation-1842751234221-5857b78a1a49e-02bc63a3-77e5c7ee to complete...

Once the operation is complete, configure domain peering in a non-resource project; in other words, the project hosting the VPC. Run the following gcloud tool command. Replace the placeholder variables with the information you gathered.

gcloud beta active-directory peerings create PEERING-RESOURCE-NAME \
--domain-resource=DOMAIN-RESOURCE-NAME  \
--authorized-networks=VPC-NETWORK-NAME
--project=VPC-RESOURCE-PROJECT-ID

You receive the following response that indicates domain peering has started:

Create request issued for: PEERING-RESOURCE-NAME
Waiting for operation-1842751821453-5857b78a1a49e-02bc63a3-77e5c7ee to complete...

Congratulations! You configured domain peering using Managed Microsoft AD. Note that you can repeat the process to create multiple domain peerings in a project of your choice.

What's next