News

Google Launches Beta of Managed Active Directory Service

• By Kurt Mackie
• August 30, 2019

Google is test-driving a new service that effectively makes it a managed service provider of Microsoft's Active Directory product.

The company on Thursday announced that its Managed Service for Microsoft Active Directory is now in the beta stage. The service puts Google in the position of taking care of the patching and maintenance of Microsoft's identity and access management service. Organizations get access to "actual Active Directory" from various Google datacenters around the globe. The service can be used in "hybrid" scenarios (a company's premises plus cloud) or as a standalone cloud-based service.

Google has been working on its managed AD service for the past year and a half, according to a Google video explanation (requires sign-up) by Siddharth Bhai, a product manager at Google Cloud Platform (GCP). The service was introduced as an alpha release back in April.

Managed Service for Microsoft Active Directory is a fully managed service that's "highly available in multiple regions around the world," according to Bhai. It automatically patches servers and takes snapshots for recovery purposes, and will monitor and replace any domain controllers that fail, he added. The service automatically runs diagnostics every few minutes to assess the health of the AD domains, and it takes backups every day, he added.

An organization's AD domain will run isolated in a separate project on Google's datacenters with the Managed Service for Microsoft Active Directory service, Bhai indicated. It comes with a preconfigured account for one admin, which can be expanded. It's possible to create "one-way or two-way AD trusts, with one or more AD forests," he said.

Organizations can use familiar management tools with the service, such as Microsoft's Group Policy or Remote Server Administration Tools, Google's announcement indicated. The information about the health of AD domain controllers is monitored via integration with the Stackdriver solution, which shows the performance of the service over time. Google's AD service also integrates with a Cloud Audit Logging service.

Google's AD service will enable "easy domain joins." It's also possible to use Google's AD service to control remote access to Windows clients using the Remote Desktop Protocol (RDP).

In addition, virtual machines will automatically discover the managed AD domains using the service and no client side changes are needed, according to Bhai. If an organization has Linux virtual machines that work with AD, they'll work with the GCP managed AD service, he added.

Google is planning to add a service-level agreement governing service uptime to its Managed Service Microsoft AD offering when the product reaches the "general availability" commercial-release stage. It's not clear when it'll be commercially released.