Set up Active Directory for SMB

Last reviewed 2023-05-08 UTC
  1. In the Google Cloud console, go to Cloud Volumes.

    Go to the Cloud Volumes page

  2. Select Active Directory connections, and then click Create.

  3. In the Create Active Directory Connection dialog, enter the information indicated in the following table.

    Required fields are marked with an asterisk (*). This table only shows fields relevant to SMB.

    Field Description CVS CVS-Performance
    Username*
    Password*
    Credentials for the AD account with permissions to create the computer account within the specified organizational unit. For details, see permissions needed to create AD machine accounts.
    Connection type*

    Specifies whether an AD connection can be used for volumes of the CVS service type or volumes of the CVS-Performance service type.

    You can mark existing AD connections with the AD connection type to avoid problems when creating new volumes or editing parameters of that AD connection. Specifying the wrong connection type for an existing AD connection can cause problems with creating new volumes or editing parameters of that AD connection.

    Domain* Fully qualified domain name for the AD domain.
    Site Name of an AD site. Limits discovery of AD domain controllers. Use when multiple AD connections in different regions are configured.
    DNS Servers*

    IP addresses for DNS servers (3 maximum) that are used for DNS-based domain controller discovery. The CVS-Performance service type checks all IP addresses listed. The CVS service type uses the first IP address listed.

    NetBIOS* Name of the created AD machine account. A 5-character random ID is generated automatically–for example, -6f9a).
    Organizational Unit LDAP path for the organizational unit where the computer account is created.
    Enable AES Encryption for AD authentication Enables AES-128 and AES-256 encryption for Kerberos-based communication with AD. Always enabled
    Region* Associates the AD connection that you're creating with a single region.
    Backup Users Domain users or groups to receive elevated file/folder privileges. Can be used for data migration, NetApp Global File Cache.
    Security Privilege Users Domain user accounts that require elevated privileges to manage security logs for the AD associated with Cloud Volumes Service. This list is specifically needed for the installation of a SQL server where binaries and system databases are stored on an SMB share. This option isn't required if you use an administrator user during installation.
  4. Click Save.