Managed Service for Microsoft Active Directory (Managed Microsoft AD) is a Google Cloud service that offers highly available, hardened Microsoft Active Directory running on Windows virtual machines. We recently added on-demand backup and schema extension capabilities that can help Google Cloud users more easily and effectively manage AD tasks.

Managed Microsoft AD is a fully managed service with automated AD server updates, maintenance, and security configuration, and needs no hardware management or patching. The service is constantly evolving, adding new capabilities to effectively manage your cloud-based, AD-dependent workloads. Here’s a closer look at the benefits for Google Cloud users of the new on-demand backup and schema extension capabilities.

Partner with aster.cloud
for your next big idea.
Let us know here.

From our partners:

CITI.IO :: Business. Institutions. Society. Global Political Economy.

CYBERPOGO.COM :: For the Arts, Sciences, and Technology.

DADAHACKS.COM :: Parenting For The Rest Of Us.

ZEDISTA.COM :: Entertainment. Sports. Culture. Escape.

TAKUMAKU.COM :: For The Hearth And Home.

ASTER.CLOUD :: From The Cloud And Beyond.

LIWAIWAI.COM :: Intelligence, Inside and Outside.

GLOBALCLOUDPLATFORMS.COM :: For The World's Computing Needs.

FIREGULAMAN.COM :: For The Fire In The Belly Of The Coder.

ASTERCASTER.COM :: Supra Astra. Beyond The Stars.

BARTDAY.COM :: Prosperity For Everyone.

Flexibility to manage your AD domain with on-demand backup and restore

Managed Microsoft AD already offers scheduled backups which are taken automatically every 12 hours. Now with on-demand backup and restore, customers will have the ability to create checkpoints (snapshots) at any point in time and restore back to that state when needed. The new on-demand backup and restore functionality is now generally available in addition to the scheduled backups. This functionality can provide flexibility for customers to initiate backup and recovery based on their unique needs. Here are two scenarios where on-demand backup and recovery can be used:

Critical domain changes now can be done anytime without aligning to the next backup schedule.
Users can restore to a point back in time from backups without having to raise a support request.

With this release, users can create up to five on-demand backups. Managed Microsoft AD APIs also offer management functionalities for backups that includes listing of all backups (both on-demand and scheduled,) restoring to a selected backup, updating labels, and deleting a backup. All these capabilities help users to effectively manage their backup administrative tasks.

Power application integrations with Schema Extension support

Note: Schema Extension feature is in public preview and covered by the Pre-GA Offerings Terms of the Google Cloud Terms of Service.

Active Directory (AD) relies on schema to organize and store the directory data. The AD schema contains a formal definition of every attribute and class that can exist in an Active Directory object. When you create a Managed Microsoft AD instance, it creates a default schema on the domain controller as well. However, there can be a situation where you want to customize the classes or attributes. Such a need arises when you have applications that require new types of information to be stored in Active Directory (e.g., to support single sign-on capabilities). Managed Microsoft AD now supports schema extension and enables modification of the existing schema to customize attributes via API using an LDAP Data Interchange Format (LDIF) file. The following LDIF change types are supported: add, modify, modrdn and moddn. It is generally recommended to do a domain backup before schema changes are applied. To simplify this, Managed Microsoft AD initiates a backup every time schema changes are triggered. This schema extension support enables additional context for users and for integrating with applications that are dependent on specific classes or attributes.

Use case: Schema extension for LAPS

You can store and rotate the local account passwords of domain-joined computers in AD using Local Administrator Password Solution (LAPS), a Microsoft tool for password management. Any device that LAPS is deployed to can randomize the local administrator password, store that password in Active Directory, and then change that password on a set schedule. For LAPS to work with Active Directory, it needs the schema to be extended for storing the required attributes. For this use case, we assume that you have already installed LAPS and have your Managed Microsoft AD up and running.

LAPS requires the following two additional attributes:

ms-Mcs-AdmPwd – This attribute stores the local administrator password
ms-Mcs-AdmPwdExpirationTime – This attribute stores the expiration time of administrator password

Let’s now look at how to add the required attributes using the Managed Microsoft AD schema extension feature.

Step 1: Prepare an LDIF file to add ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime attributes.

dn: CN=ms-Mcs-AdmPwd,CN=Schema,CN=Configuration,dc=example,dc=com
changetype: add
objectClass: attributeSchema
ldapDisplayName: ms-Mcs-AdmPwd
adminDisplayName: ms-Mcs-AdmPwd
adminDescription: LAPS Password
attributeId: 1.2.840.113556.8000.9999.2.2
attributeSyntax: 2.5.5.5
oMSyntax: 19
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 904
schemaIdGuid:: 64e85e0a-f479-4206-880d-ecbf73e2babb


dn: CN=ms-Mcs-AdmPwdExpirationTime,CN=Schema,CN=Configuration,dc=example,dc=com
changetype: Add
objectClass: attributeSchema
ldapDisplayName: ms-Mcs-AdmPwdExpirationTime
adminDisplayName: ms-Mcs-AdmPwdExpirationTime
adminDescription: LAPS Password Expiration Time
attributeId: 1.2.840.113556.8000.9999.2.3
attributeSyntax: 2.5.5.6
oMSyntax: 65
isSingleValued: TRUE
systemOnly: FALSE
searchFlags: 0
schemaIdGuid:: b3fea135-c39a-4169-aec7-c618cc8cb6ff

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1

Step 2: Login as a delegated administrator to your VM hosted in Google Cloud that was domain-joined with Managed Microsoft AD.

Step 3: Extend the schema by running the following gCloud CLI command:

gcloud beta active-directory domains extend-schema DOMAIN_NAME  --ldif-file=LDIF_FILE_PATH --description=”Sample description” --project=PROJECT_ID

Managed Microsoft AD creates a backup automatically when you initiate schema extension. You can use this backup to perform an authoritative restore, which returns the domain to a previous point before addition of these attributes.

Step 4: To verify the schema changes, run the following command in Windows PowerShell:

get-adobject -Identity 'cn=ATTRIBUTE,cn=Schema,cn=Configuration,dc=example,dc=com -Properties *

The Managed Microsoft AD schema is now extended with the required attributes for configuring LAPS. You can now proceed with the rest of the LAPS setup as usual, including password settings, access permissions, and GPO configuration.

These new features make it now easier to integrate applications with your Managed Microsoft AD and provide flexibility for operations like backup and restore. Here are additional resources where you can learn more about Managed AD and these new features.

Managed Service for Microsoft AD documentation
Backup and restore a domain in Managed Microsoft AD
Introduction to schema extension in Managed Microsoft AD
Extend the schema in a Managed Microsoft AD

By: Muthuraj Thangavel (Senior Product Manager, Google Cloud)
Source: Google Cloud Blog

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Our humans need coffee too! Your support is highly appreciated, thank you!

Introducing On-Demand Backup, Schema Extension Support For Google Cloud’s Managed Microsoft AD

From our partners:

Flexibility to manage your AD domain with on-demand backup and restore

Power application integrations with Schema Extension support

Use case: Schema extension for LAPS

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

aster.cloud

Related Topics

Expectations vs. Reality: The AI We Thought We’d Have in 10 Years

One paperwork problem – Get your Digital Nomad Visa employment documents fast from UK, EU or Singapore

Samsung Art Store Brings Art Basel to Homes Worldwide With New Curated Collection

You Do Not Need to Invest in the IPO of SpaceX, Anthropic, and OpenAI

The consequences of relying on AI for accurate news

Connecting AI agents with unstructured data using Google Cloud Storage MCP Servers

WWDC26: Apple unveils next generation of Apple Intelligence, Siri AI, powerful parental controls, and an expansive set of software improvements

IBM and Google Cloud Announce Strategic Partnership to Scale AI with Human Expertise and AI‑Powered Delivery

Data Sovereignty in Spain. It’s Not Just About the Law, It’s About Efficiency

Ink vs Pixels. What you miss versus what you are actually missing.

Most Popular

Banks race to patch new cyber vulnerabilities, and other cybersecurity news

Pope Leo XIV to Publish First Encyclical on Artificial Intelligence and Human Dignity on 25 May

Portfolio to Clients, and is Strengthened by Ongoing Project Glasswing Work

Everything The reMarkable Paper Pure Actually Does

Scaling cloud and AI: Microsoft Azure’s commitment to Europe’s digital future

Introducing On-Demand Backup, Schema Extension Support For Google Cloud’s Managed Microsoft AD

From our partners:

Flexibility to manage your AD domain with on-demand backup and restore

Power application integrations with Schema Extension support

Use case: Schema extension for LAPS

For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!

Related Topics

You May Also Like