- NAME
-
- gcloud active-directory domains create - create a Managed Microsoft AD domain
- SYNOPSIS
-
-
gcloud active-directory domains createDOMAIN--region= [REGION, …]--reserved-ip-range=RESERVED_IP_RANGE[--admin-name=ADMIN_NAME] [--async] [--authorized-networks=[AUTHORIZED_NETWORKS, …]] [--enable-audit-logs] [--labels=[KEY=VALUE, …]] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- Create a new Managed Microsoft AD domain with the given name using Google
Cloud's Managed Service for Microsoft Active Directory.
This command can fail for the following reasons:
- An AD domain with the same name already exists.
- The active account does not have permission to create AD domains.
- There is an overlap between the provided CIDR range and authorized network's CIDR.
- A valid region was not provided.
- EXAMPLES
- The following command creates an AD domain with the name
my-domain.comin regionus-central1, a network peering tomy-networkand consuming the IP address range10.172.0.0/24.gcloud active-directory domains create my-domain.com --region = us-central1 --reserved-ip-range = "10.172.0.0/24" --authorized-networks = projects/my-project/global/networks/my-network - POSITIONAL ARGUMENTS
-
- Domain resource - Name of the managed Managed Microsoft AD domain you want to
create. This represents a Cloud resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
To set the
projectattribute:- provide the argument
domainon the command line with a fully specified name; - provide the argument
--projecton the command line; - set the property
core/project.
This must be specified.
-
DOMAIN - ID of the domain or fully qualified identifier for the domain.
To set the
domainattribute:- provide the argument
domainon the command line.
- provide the argument
- provide the argument
- Domain resource - Name of the managed Managed Microsoft AD domain you want to
create. This represents a Cloud resource. (NOTE) Some attributes are not given
arguments in this group but can be set in other ways.
- REQUIRED FLAGS
-
-
--region=[REGION,…] - Google Compute Engine region in which to provision domain controllers.
-
--reserved-ip-range=RESERVED_IP_RANGE - Classless Inter-Domain Routing range of internal addresses that are reserved for this domain.
-
- OPTIONAL FLAGS
-
-
--admin-name=ADMIN_NAME - Name of the administrator that may be used to perform Active Directory
operations. This is a delegated administrator account provisioned by our
service. If left unspecified
MIAdminwill be used. This is different from both the domain administrator and the Directory Services Restore Mode (DSRM) administrator. -
--async - Return immediately, without waiting for the operation in progress to complete.
- Names of the Google Compute Engine networks to which the domain will be connected.
-
--enable-audit-logs - If specified, Active Directory data audit logs are enabled for the domain.
-
--labels=[KEY=VALUE,…] - List of label KEY=VALUE pairs to add.
-
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - API REFERENCE
- This command uses the
managedidentities/v1API. The full documentation for this API can be found at: https://cloud.google.com/managed-microsoft-ad/ - NOTES
- These variants are also available:
gcloud alpha active-directory domains creategcloud beta active-directory domains create
gcloud active-directory domains create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
