Terhubung ke Layanan Terkelola untuk Microsoft Active Directory
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Halaman ini memberikan petunjuk tentang cara terhubung ke Managed Service for Microsoft Active Directory.
NetApp Volumes mendukung Microsoft AD Terkelola.
Managed Microsoft AD menggunakan akses layanan pribadi untuk terhubung ke project konsumen, mirip dengan NetApp Volumes. Akses layanan pribadi
menggunakan peering Virtual Private Cloud (VPC), yang memblokir traffic transitif antar-VPC. NetApp Volumes tidak dapat berkomunikasi dengan Managed Microsoft AD melalui VPC konsumen, jadi Anda memerlukan peering domain untuk membuat koneksi ini.
Gunakan petunjuk berikut untuk membuat peering domain:
Identifikasi nama project tenant NetApp Volumes yang memiliki resource NetApp Volumes Anda:
gcloud compute networks peerings list --project=project_owning_NetAppVolumes --flatten=peerings --filter="peerings.name=sn-netapp-prod"
Parameter PEER_PROJECT menampilkan nama project tenant NetApp Volumes. Parameter PEER_NETWORK menampilkan nama VPC project tenant, yang seharusnya adalah netapp-prod-network.
Ikuti petunjuk di
Mengonfigurasi peering domain
untuk membuat peering domain dari Managed Microsoft AD ke
NetApp Volumes, menggunakan ID project tenant dan jaringan yang
Anda identifikasi dari langkah sebelumnya.
Perhatikan bahwa Anda hanya dapat membuat peering dari project resource domain
ke project tenant NetApp Volumes. Peering terbalik dari project resource VPC (project tenant NetApp Volumes) ke project resource domain memerlukan kasus dukungan dengan Layanan Pelanggan Google Cloud.
Buka kasus dukungan dengan
Layanan Pelanggan Google Cloud untuk membuat
peering terbalik dari NetApp Volumes ke Managed Microsoft AD.
Berikan output perintah berikut kepada Customer Care Google Cloud untuk
mengidentifikasi peering mana yang akan diterima.
gcloud active-directory peerings list --project=project_owning_ManagedAD
Setelah Google Cloud Customer Care membuat peering dua arah, status peering Anda akan menampilkan TERHUBUNG. Verifikasi status peering:
gcloud active-directory peerings list --project=project_owning_ManagedAD
Buat kebijakan Active Directory
di region yang sama tempat Anda berencana membuat volume menggunakan Managed Microsoft AD.
Anda harus menentukan parameter berikut:
Alamat IP server DNS:
Untuk tingkat layanan Flex, gunakan 169.254.169.254 untuk alamat IP server DNS dalam kebijakan.
Untuk tingkat layanan Standard, Premium, dan Extreme, ikuti petunjuk di Menggunakan alamat IP untuk resolusi DNS.
Anda akan menggunakan alamat IP titik entri yang dibuat oleh Cloud DNS dalam kebijakan Active Directory Anda.
Unit Organisasi (OU): Managed Microsoft AD menempatkan semua objek
ke dalam OU=cloud secara default. Anda perlu
menentukan parameter unit organisasi yang benar untuk lingkungan Anda.
Misalnya, jika Anda memiliki domain Windows bernama
engineering.example.com, unit organisasi default yang
harus ditentukan adalah CN=Computers,OU=Cloud,DC=engineering,DC=example,DC=com.
Lampirkan kebijakan Active Directory ke kumpulan penyimpanan yang akan digunakan.
Untuk tingkat layanan Flex, uji koneksi kebijakan Active Directory dengan
membuat volume yang menggunakan Active Directory.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Connect to Managed Service for Microsoft Active Directory\n\nThis page provides instructions for how to connect to Managed Service for Microsoft Active Directory.\n\nNetApp Volumes supports Managed Microsoft AD.\n\nManaged Microsoft AD uses private services access to connect to consumer\nprojects, similar to NetApp Volumes. Private services access\nuses Virtual Private Cloud (VPC) peering, which blocks transitive traffic between\nVPCs. NetApp Volumes can't communicate with\nManaged Microsoft AD through a consumer VPC, so you\nneed a [domain peering](/managed-microsoft-ad/docs/quickstart-domain-peering) to\nestablish this connection.\n\nBefore you begin\n----------------\n\nMake sure you meet the prerequisites mentioned in\n[Managed Microsoft AD - Before you begin](/managed-microsoft-ad/docs/quickstart-domain-peering#before-you-begin).\n\nEstablish a domain peering\n--------------------------\n\nUse the following instructions to establish a domain peering:\n\n1. Identify the project name of the NetApp Volumes tenant project\n that owns your NetApp Volumes resources:\n\n ```\n gcloud compute networks peerings list --project=project_owning_NetAppVolumes --flatten=peerings --filter=\"peerings.name=sn-netapp-prod\"\n ```\n\n The `PEER_PROJECT` parameter shows the name of the NetApp Volumes\n tenant project. The `PEER_NETWORK` parameter shows the tenant project VPC\n name, which should be *netapp-prod-network*.\n2. Follow the instructions in\n [Configure domain peering](/managed-microsoft-ad/docs/quickstart-domain-peering#configure_domain_peering)\n to create a domain peering from Managed Microsoft AD to\n NetApp Volumes, using the tenant project ID and network you\n identified from the previous step.\n\n Note that you can only establish the peering from the domain resource project\n to the NetApp Volumes tenant project. The reverse peering\n from the VPC resource project\n (NetApp Volumes tenant project) to the domain resource project\n requires a support case with\n [Google Cloud Customer Care](https://cloud.google.com/support-hub/).\n3. Open a support case with\n [Google Cloud Customer Care](https://cloud.google.com/support-hub/) to establish\n the reverse peering from NetApp Volumes to Managed Microsoft AD.\n Provide the output of the following command to Google Cloud Customer Care to\n identify which peering to accept.\n\n ```\n gcloud active-directory peerings list --project=project_owning_ManagedAD\n ```\n4. After Google Cloud Customer Care establishes the two-way peering, the status of\n your peering shows **CONNECTED**. Verify the peering status:\n\n ```\n gcloud active-directory peerings list --project=project_owning_ManagedAD\n ```\n5. [Create an Active Directory policy](/netapp/volumes/docs/configure-and-use/active-directory/create-ad-policy)\n in the same region where you plan to create volumes using Managed Microsoft AD.\n You need to specify the following parameters:\n\n - **DNS servers** IP address:\n\n - For the Flex service level, use `169.254.169.254` for the DNS servers IP\n address in the policy.\n\n - For Standard, Premium, and Extreme service levels, follow the\n instructions in [Using IP address for DNS resolution](/managed-microsoft-ad/docs/connect-to-active-directory-domain#using_ip_address_for_dns_resolution).\n You will use the entry point IP addresses created by Cloud DNS in\n your Active Directory policy.\n\n - **Organizational Unit** (OU): Managed Microsoft AD puts all objects\n into `OU=cloud` by [default](/managed-microsoft-ad/docs/objects). You need\n to specify a correct organizational unit parameter for your environment.\n For example, if you have a Windows domain called\n *engineering.example.com* , the default organizational unit to\n specify would be `CN=Computers,OU=Cloud,DC=engineering,DC=example,DC=com`.\n\n6. Attach the Active Directory policy to the storage pool to be used.\n\n For the Flex service level, test Active Directory policy connection by\n creating a volume which uses the Active Directory.\n\n For Standard, Premium, and Extreme service levels, test\n [Active Directory policy connection](/netapp/volumes/docs/configure-and-use/active-directory/test-ad-policy-connection)\n before creating a volume.\n\nWhat's next\n-----------\n\n[Manage customer-managed encryption key policies](/netapp/volumes/docs/configure-and-use/cmek/cmek-overview)."]]
