Google Cloud is named a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021 report. Get the report.

Managed Service for Microsoft Active Directory

Use a highly available, hardened service running actual Microsoft® Active Directory (AD).

View documentation for this product.


Managed Service for Microsoft Active Directory (AD) is a highly available, hardened Google Cloud service running actual Microsoft AD that enables you to manage authentication and authorization for your AD-dependent workloads, automate AD server maintenance and security configuration, and connect your on-premises AD domain to the cloud.

Compatibility with AD-dependent apps

Use a service with actual Microsoft Active Directory domain controllers, so your work isn’t slowed down by application compatibility worries. Your IT and security teams can use built-in Active Directory features and standard AD administration tools.

Virtually maintenance-free

Enable your IT and security teams to focus on higher-value tasks, knowing that the service is highly available, automatically patched, configured with secure defaults, and protected by appropriate network firewall rules.

Multi-region and hybrid identity support

Connect your on-premises Active Directory domain to Google Cloud or deploy a standalone domain in multiple regions for your cloud-based workloads, including VMs and applications. Your choice.


An actual AD domain

Decrease compatibility issues using a service that runs real Microsoft Active Directory domain controllers on the latest Windows Server builds. Integrate with Cloud DNS to enable automatic domain discovery for VMs.

Familiar features and tools

Enable your IT and security teams to use standard Active Directory features, such as Group Policy, and familiar administration tools, such as Remote Server Administration Tools (RSAT), to manage the domain.

Highly available

Have more confidence in the availability of your domain controllers knowing that the service runs in a highly available configuration, similar to this topology, in multiple regions.

Automatic patching

Give IT teams more time by allowing the service to automatically patch servers, take AD snapshots for recovery, monitor for issues, and replace domain controllers that fail.


Make Active Directory infrastructure less prone to misconfiguration, knowing that the service is hardened with secure defaults and appropriate network firewall rules.

Multi-regional infrastructure

Deploy the service in a specific region and allow your apps and VMs in that or other regions access the domain over a low-latency Virtual Private Cloud (VPC). Expand the service to additional regions as needed.

Flexible deployment

Achieve a higher flexibility by being able to connect Managed Service for Microsoft AD with your existing on-premises domain or run the service as a standalone domain.


Using Managed Service for Microsoft AD is priced at $0.40 per managed Active Domain per hour per region. For more details, currency other than USD, and pricing examples, check out the pricing page.

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Need help getting started?
Work with a trusted partner
Continue browsing