Connect to Managed Service for Microsoft Active Directory

This page provides instructions for how to connect to Managed Service for Microsoft Active Directory.

NetApp Volumes supports (Managed Microsoft AD).

Managed Microsoft AD uses private services access to connect to consumer projects, similar to NetApp Volumes. Private services access uses Virtual Private Cloud (VPC) peering, which blocks transitive traffic between VPCs. NetApp Volumes can't communicate with Managed Microsoft AD through a consumer VPC, so you need a domain peering to establish this connection.

Before you begin

Make sure you meet the prerequisites mentioned in Managed Microsoft AD - Before you begin.

Establish a domain peering

Use the following instructions to establish a domain peering:

  1. Identify the project name of the NetApp Volumes tenant project that owns your NetApp Volumes resources:

    gcloud --project project_owning_NetAppVolumes compute networks peerings list --flatten=peerings --filter="peerings.name=sn-netapp-prod"

    The PEER_PROJECT parameter shows the name of the NetApp Volumes tenant project. The PEER_NETWORK parameter shows the tenant project VPC name, which should be netapp-prod-network.

  2. Follow the instructions in Configure domain peering to create a domain peering from Managed Microsoft AD to NetApp Volumes, using the tenant project ID and network you identified from the previous step.

    Note that you can only establish the peering from the domain resource project to the NetApp Volumes tenant project. The reverse peering from the VPC resource project (NetApp Volumes tenant project) to the domain resource project requires a support case with Google Cloud Customer Care.

  3. Open a support case with Google Cloud Customer Care to establish the reverse peering from NetApp Volumes to Managed Microsoft AD. Provide the output of the following command to Google Cloud Customer Care to identify which peering to accept.

    gcloud --project= project_owning_ManagedAD active-directory peerings list

  4. After Google Cloud Customer Care establishes the two-way peering, the status of your peering shows CONNECTED. Verify the peering status:

    gcloud --project= project_owning_ManagedAD active-directory peerings list

  5. Create an Active Directory policy in the same region where you plan to create volumes using Managed Microsoft AD. You need to specify the following parameters:

    • DNS servers IP address:

      • For the Flex service level, use 169.254.169.254 for the DNS servers IP address in the policy.

      • For Standard, Premium, and Extreme service levels, follow the instructions in Using IP address for DNS resolution. You will use the entry point IP addresses created by Cloud DNS in your Active Directory policy.

    • Organizational Unit (OU): Managed Microsoft AD puts all objects into OU=cloud by default. You need to specify a correct organizational unit parameter for your environment. For example, if you have a Windows domain called engineering.example.com, the default organizational unit to specify would be CN=Computers,OU=Cloud,DC=engineering,DC=example,DC=com.

  6. Attach the Active Directory policy to the storage pool to be used.

    For the Flex service level, test Active Directory policy connection by creating a volume which uses the Active Directory.

    For Standard, Premium, and Extreme service levels, test Active Directory policy connection before creating a volume.

What's next

Read about volume snapshots.