This page shows how Managed Service for Microsoft Active Directory simplifies DNS configuration with its seamless integration with Cloud DNS.
Seamless DNS lookup with Managed Microsoft AD
Active Directory depends heavily on DNS for discoverability of the service and for name lookup of domain-joined network resources. But configuring DNS can be a complex and time-consuming process, and you can't use DHCP in Managed Microsoft AD. Managed Microsoft AD removes the need to configure individual clients or DHCP for Active Directory domain lookup by seamlessly integrating with Cloud DNS. As a result, VMs created on VPC networks for authorized networks are able to discover the Active Directory domain and on-premises VMs, without requiring client-side configuration changes on the individual VMs.
Compute Engine instances are preconfigured to use Cloud DNS for name resolution. Cloud DNS lets you create private DNS zones where you can specify name-to-IP mapping or forward requests for a domain namespace to another DNS server. Cloud DNS can also be configured to point to the DNS setting of another VPC network with DNS peering.
Managed Microsoft AD uses a private DNS zone and DNS peering to provide seamless integration. When you make a request for instance creation or for adding an authorized network, Managed Microsoft AD creates a private DNS zone in the tenant project hosting the VMs running Active Directory. This private DNS zone is provisioned to forward all requests for the Active Directory domain's fully qualified domain name (FQDN) to DNS servers running in your tenant project.
Then Managed Microsoft AD creates DNS peering between the authorized network and the VPC host AD domain and DNS, forwarding all requests for the AD domain namespace to the private DNS zone in the tenant project.
Figure 1. DNS lookup on Google Cloud with Managed Microsoft AD
Extending DNS resolution to on-premises networks
The integration of Managed Microsoft AD with Cloud DNS also lets on-premises resources discover Google Cloud resources joined to the Managed Microsoft AD. To enable this, create an inbound DNS policy.
Figure 2. Extending DNS resolution to on-premises resources
What's next
- Learn more about DNS setup and best practices.