Managed AD Customer
Customer creates Managed AD Domain in GCP (Their own Project)
VPC Peer between the two projects
Create a Domain Peer
(https://cloud.google.com/managed-microsoft-ad/docs/quickstart-domain-peering)
Enable the following API’s. This process is done on both projects, customer’s and Workspot.
Managed Microsoft AD
Cloud DNS
Compute Engine APIs
Configure domain peering
Run the same command on both projects.
gcloud active-directory peerings create PEERING-RESOURCE-NAME \
--domain=DOMAIN-NAME \
--authorized-network=VPC-NETWORK-NAME
Example:
gcloud active-directory peerings create sstp-workspot-managed-ad-peer --domain=projects/[customer project ID]/locations/global/domains/[customer’s domain name] --authorized-network=projects/[workspot’s customer project ID]/global/networks/[Workspot network name]
gcloud active-directory peerings create sstp-workspot-managed-ad-peer --domain=projects/proven-mercury-338020/locations/global/domains/ws.sspteam.com --authorized-network=projects/sixth-street-335719/global/networks/vpc-workspot
Check if peer is connected by running the following command:
gcloud active-directory peerings list
you should get a confirmation like this:
PEERING_NAME: sstp-workspot-managed-ad-peer
DOMAIN_NAME: projects/proven-mercury-338020/locations/global/domains/ws.sspteam.com
AUTHORIZED_NETWORK: projects/sixth-street-335719/global/networks/vpc-workspot
PEERING_STATE: CONNECTED
CREATE_TIME: 2022-03-29T21:07:46
You should now be able to join devices to the customer’s domain.
Troubleshooting:
If customer cannot reach Workspot VM’s. check that the email domain and AD domain are linked. If they’re not. Then have customer connect with Managed AD credentials. For the FTU of the WS Client, use username@managedaddomain and then use Active Directory credentials to authenticate.