连接到 Managed Service for Microsoft Active Directory
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
本页面介绍了如何连接到 Managed Service for Microsoft Active Directory。
NetApp Volumes 支持代管式 Microsoft AD。
与 NetApp Volumes 类似,托管式 Microsoft AD 使用专用服务访问通道连接到客户项目。专用服务访问通道使用虚拟私有云 (VPC) 对等互连,这会阻止 VPC 之间的传递流量。NetApp Volumes 无法通过使用方 VPC 与托管式 Microsoft AD 通信,因此您需要使用网域对等互连来建立此连接。
对于 Flex 服务等级,请在政策中使用 169.254.169.254 作为 DNS 服务器 IP 地址。
对于标准、高级和极速服务级别,请按照使用 IP 地址进行 DNS 解析中的说明操作。
您将在 Active Directory 政策中使用 Cloud DNS 创建的入口点 IP 地址。
组织单位 (OU):托管式 Microsoft AD 默认情况下会将所有对象放入 OU=cloud 中。您需要为您的环境指定正确的组织部门参数。
例如,如果您有一个名为 engineering.example.com 的 Windows 网域,则要指定的默认组织部门为 CN=Computers,OU=Cloud,DC=engineering,DC=example,DC=com。
将 Active Directory 政策附加到要使用的存储池。
对于 Flex 服务等级,请通过创建使用 Active Directory 的卷来测试 Active Directory 政策连接。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-17。"],[],[],null,["# Connect to Managed Service for Microsoft Active Directory\n\nThis page provides instructions for how to connect to Managed Service for Microsoft Active Directory.\n\nNetApp Volumes supports Managed Microsoft AD.\n\nManaged Microsoft AD uses private services access to connect to consumer\nprojects, similar to NetApp Volumes. Private services access\nuses Virtual Private Cloud (VPC) peering, which blocks transitive traffic between\nVPCs. NetApp Volumes can't communicate with\nManaged Microsoft AD through a consumer VPC, so you\nneed a [domain peering](/managed-microsoft-ad/docs/quickstart-domain-peering) to\nestablish this connection.\n\nBefore you begin\n----------------\n\nMake sure you meet the prerequisites mentioned in\n[Managed Microsoft AD - Before you begin](/managed-microsoft-ad/docs/quickstart-domain-peering#before-you-begin).\n\nEstablish a domain peering\n--------------------------\n\nUse the following instructions to establish a domain peering:\n\n1. Identify the project name of the NetApp Volumes tenant project\n that owns your NetApp Volumes resources:\n\n ```\n gcloud compute networks peerings list --project=project_owning_NetAppVolumes --flatten=peerings --filter=\"peerings.name=sn-netapp-prod\"\n ```\n\n The `PEER_PROJECT` parameter shows the name of the NetApp Volumes\n tenant project. The `PEER_NETWORK` parameter shows the tenant project VPC\n name, which should be *netapp-prod-network*.\n2. Follow the instructions in\n [Configure domain peering](/managed-microsoft-ad/docs/quickstart-domain-peering#configure_domain_peering)\n to create a domain peering from Managed Microsoft AD to\n NetApp Volumes, using the tenant project ID and network you\n identified from the previous step.\n\n Note that you can only establish the peering from the domain resource project\n to the NetApp Volumes tenant project. The reverse peering\n from the VPC resource project\n (NetApp Volumes tenant project) to the domain resource project\n requires a support case with\n [Google Cloud Customer Care](https://cloud.google.com/support-hub/).\n3. Open a support case with\n [Google Cloud Customer Care](https://cloud.google.com/support-hub/) to establish\n the reverse peering from NetApp Volumes to Managed Microsoft AD.\n Provide the output of the following command to Google Cloud Customer Care to\n identify which peering to accept.\n\n ```\n gcloud active-directory peerings list --project=project_owning_ManagedAD\n ```\n4. After Google Cloud Customer Care establishes the two-way peering, the status of\n your peering shows **CONNECTED**. Verify the peering status:\n\n ```\n gcloud active-directory peerings list --project=project_owning_ManagedAD\n ```\n5. [Create an Active Directory policy](/netapp/volumes/docs/configure-and-use/active-directory/create-ad-policy)\n in the same region where you plan to create volumes using Managed Microsoft AD.\n You need to specify the following parameters:\n\n - **DNS servers** IP address:\n\n - For the Flex service level, use `169.254.169.254` for the DNS servers IP\n address in the policy.\n\n - For Standard, Premium, and Extreme service levels, follow the\n instructions in [Using IP address for DNS resolution](/managed-microsoft-ad/docs/connect-to-active-directory-domain#using_ip_address_for_dns_resolution).\n You will use the entry point IP addresses created by Cloud DNS in\n your Active Directory policy.\n\n - **Organizational Unit** (OU): Managed Microsoft AD puts all objects\n into `OU=cloud` by [default](/managed-microsoft-ad/docs/objects). You need\n to specify a correct organizational unit parameter for your environment.\n For example, if you have a Windows domain called\n *engineering.example.com* , the default organizational unit to\n specify would be `CN=Computers,OU=Cloud,DC=engineering,DC=example,DC=com`.\n\n6. Attach the Active Directory policy to the storage pool to be used.\n\n For the Flex service level, test Active Directory policy connection by\n creating a volume which uses the Active Directory.\n\n For Standard, Premium, and Extreme service levels, test\n [Active Directory policy connection](/netapp/volumes/docs/configure-and-use/active-directory/test-ad-policy-connection)\n before creating a volume.\n\nWhat's next\n-----------\n\n[Manage customer-managed encryption key policies](/netapp/volumes/docs/configure-and-use/cmek/cmek-overview)."]]
