Stay organized with collections
Save and categorize content based on your preferences.
This topic shows you how to manage a one-way trust relationship between an
on-premises domain and a Managed Microsoft AD domain. It assumes you
have already completed the steps in
creating a one-way trust.
Validating a trust
To validate the trust, complete the following steps.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Manage trusts\n\nThis topic shows you how to manage a one-way trust relationship between an\non-premises domain and a Managed Microsoft AD domain. It assumes you\nhave already completed the steps in\n[creating a one-way trust](/managed-microsoft-ad/docs/create-one-way-trust).\n\nValidating a trust\n------------------\n\nTo validate the trust, complete the following steps. \n\n### Console\n\n1. Open the Managed Microsoft AD page in the Google Cloud console.\n\n\n [Open the Managed Microsoft AD page](https://console.cloud.google.com/security/cloud-ad)\n\n2. Select the domain to validate.\n\n3. On the domain details page, select the **Trust relationships** tab.\n\n4. Click **Validate Trust** for trust relationship you want to validate.\n\n5. The trust state should change to **Validating** . Wait a few minutes for\n it to change to **Connected** or **Disconnected**.\n\nIf the trust state is **Disconnected** , you can obtain more information\nby describing the domain. For more information, see\n[Manage domains](/managed-microsoft-ad/docs/list-describe-delete-domains).\n\n### gcloud\n\nRun the following gcloud CLI command: \n\n```\ngcloud active-directory domains trusts validate-state domain \\\n --target-domain-name=target-domain-name\n```\n\nLearn more about the [`validate` command](/sdk/gcloud/reference/active-directory/domains/trusts/validate-state).\n\nMonitoring trust health\n-----------------------\n\nManaged Microsoft AD periodically verifies the outbound trust state and\nlogs this metric in Cloud Monitoring.\n\nTo view the log of the health of the trust, complete the following steps.\n\n1. Open the Managed Microsoft AD page in the Google Cloud console.\n\n\n [Open the Managed Microsoft AD page](https://console.cloud.google.com/security/cloud-ad)\n\n2. In the **Trust relationships** table, in the **Actions** column for your\n trust, click more_vert.\n\n3. In the **More** menu, select **Monitoring**.\n\n4. On the Cloud Monitoring page, you can view a log of the trust's health.\n\nLearn more about [Monitoring](/monitoring/docs).\n\nRefreshing Name Suffix Routing for an on-premises trust\n-------------------------------------------------------\n\nTo refresh the Name Suffix Routing for an on-premises trust, complete the\nfollowing steps.\n\n1. Log in to an on-premises domain controller using a Domain or Enterprise\n administrator account.\n\n2. Open **Active Directory Domains and Trusts**.\n\n3. Select the **Trust** tab. It displays outbound and inbound trusts.\n\n4. Select the trust with the Managed Microsoft AD domain.\n\n5. Click **Properties**.\n\n6. Navigate to **Name Suffix Routing**.\n\n7. Click **Refresh** to add the name suffixes in the\n Managed Microsoft AD domain.\n\n8. Click **OK**.\n\nWhat's next\n-----------\n\n- Learn how to [troubleshoot accessing a trust](/managed-microsoft-ad/docs/troubleshooting#trust_no_longer_works).\n- Learn how to [troubleshoot creating a trust](/managed-microsoft-ad/docs/troubleshooting#unable_to_create_trust)."]]
