Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini menjelaskan cara kerja peering domain di Layanan Terkelola untuk Microsoft Active Directory (Managed Microsoft AD).
Microsoft AD Terkelola menawarkan domain Microsoft Active Directory yang sangat tersedia dan
telah di-hardening yang dihosting oleh Google Cloud. Jaringan yang diizinkan menyediakan Microsoft AD Terkelola di VPC Anda dalam project resource domain. Peering domain juga membuat Microsoft AD yang Terkelola tersedia untuk project non-resource domain, seperti project resource VPC.
Cara kerja peering domain
Microsoft AD Terkelola membuat resource peering domain di project resource domain dan project resource VPC. Hal ini memastikan bahwa
kedua project memiliki visibilitas ke peering dan operator yang sesuai telah memberikan
izin sebelum jaringan terhubung.
Setelah Anda berhasil mengonfigurasi peering domain, VPC Managed Microsoft AD akan melakukan peering dengan jaringan VPC dan membuat zona peering Cloud DNS untuk memberikan penemuan domain yang lancar.
Perbedaan peering domain dengan jaringan yang diizinkan
Domain Microsoft AD terkelola mendukung penambahan hingga 5 jaringan yang diizinkan dari project resource domain. Selain itu, peering
domain memungkinkan Anda menambahkan hingga 10 jaringan ke domain Microsoft AD Terkelola dari project lain.
Dengan peering domain Microsoft AD Terkelola, jaringan yang diotorisasi berasal dari project selain project resource domain. Fungsi ini
memberikan fleksibilitas untuk berbagi satu domain Microsoft AD Terkelola dengan beberapa project
dan jaringan di luar project resource domain. Hal ini memungkinkan Anda menggunakan
model deployment yang berbeda seperti hub dan spoke.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-08-11 UTC."],[],[],null,["# Domain peering overview\n\nThis page describes how domain peering works in Managed Service for Microsoft Active Directory (Managed Microsoft AD).\n\nManaged Microsoft AD offers highly available and\nhardened Microsoft Active Directory domains hosted by Google Cloud. Authorized networks make Managed Microsoft AD available on your VPC in the domain resource project. Domain peering makes Managed Microsoft AD available to non-domain-resource projects, such as VPC resource projects, as well.\n\nHow domain peering works\n------------------------\n\nManaged Microsoft AD creates a domain peering resource in both the domain\nresource project and the VPC resource project. This ensures that\nboth projects have visibility to peering and appropriate operators have provided\ntheir consent before networks are connected.\n\nAfter you have successfully configured a domain peering, Managed Microsoft AD VPC peers with the VPC networks and creates a Cloud DNS peering zone to provide seamless domain\ndiscovery.\n\nYou must configure domain peering only after you [create the domain](/managed-microsoft-ad/docs/create-domain). If a domain\nalready exists, you must\n[configure peering for both projects](/managed-microsoft-ad/docs/quickstart-domain-peering).\n| **Note:** When you configure multiple domain peerings with the same domain, VPC networks can communicate with domain controllers over the peered connection but can't communicate with each other. If there is a need for VPC networks to communicate with each other, you need to create a separate peering since VPC peerings are non-transitive.\n\nHow domain peering differs from authorized network\n--------------------------------------------------\n\nManaged Microsoft AD domain supports adding up to 5 authorized networks from the domain resource project. Additionally, domain\npeering lets you add up to 10 networks to the Managed Microsoft AD domain from other projects.\n\nWith Managed Microsoft AD domain peering, the authorized network originates\nfrom projects other than the domain resource project. This functionality\nprovides the flexibility of sharing a single Managed Microsoft AD domain with multiple projects\nand networks outside the domain resource project. This makes it possible to\nuse different deployment models such as hub and spoke.\n\nWhat's next\n-----------\n\n- [Create a domain](/managed-microsoft-ad/docs/quickstart-create-domain)\n- [Configure domain peering](/managed-microsoft-ad/docs/quickstart-domain-peering)"]]
