gcloud active-directory domains trusts create - create a Microsoft Active Directory Trust between a Managed Microsoft AD domain and another domain
gcloud active-directory domains trusts create DOMAIN --target-dns-ip-addresses=[TARGET_DNS_IP_ADDRESSES,...] --target-domain-name=TARGET_DOMAIN_NAME [--async] [--direction=DIRECTION; default="BIDIRECTIONAL"] [--handshake-secret=HANDSHAKE_SECRET] [--selective-authentication] [--type=TYPE; default="FOREST"] [GCLOUD_WIDE_FLAG ...]
Create a Microsoft Active Directory Trust between a Managed Microsoft AD domain and another domain.
This command can fail for the following reasons:
The domain specified does not exist.
The active account does not have permission to access the given domain.
A trust already exists with the same target domain name.
The active account does not have permission to create AD trusts.
The following command creates an external, bidirectional AD trust between my-domain.com and target-domain.com.
$ gcloud active-directory domains trusts create my-domain.com \ --target-domain-name=target-domain.com \ --target-dns-ip-addresses=10.177.0.2 --type=EXTERNAL \ --direction=BIDIRECTIONAL --selective-authentication=false \ --async
- Domain resource - Name of the Managed Microsoft AD domain you want to create an
AD trust from. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument domain on the command line with a fully specified name;
- —
set the property core/project;
- —
provide the argument --project on the command line.
This must be specified.
- DOMAIN
ID of the domain or fully qualified identifier for the domain. To set the domain attribute:
provide the argument domain on the command line.
- --target-dns-ip-addresses=[TARGET_DNS_IP_ADDRESSES,...]
Target DNS server IP addresses that can resolve the target domain.
Only IPv4 is supported.
- --target-domain-name=TARGET_DOMAIN_NAME
Target domain name for the Managed Microsoft AD Trust.
- --async
Return immediately, without waiting for the operation in progress to complete.
- --direction=DIRECTION; default="BIDIRECTIONAL"
Direction of the trust.
Must be one of: INBOUND, OUTBOUND, BIDIRECTIONAL. Default is BIDIRECTIONAL.
DIRECTION must be one of: bidirectional, inbound, outbound, trust-direction-unspecified.
- --handshake-secret=HANDSHAKE_SECRET
Trust handshake secret with target domain. The secret will not be stored. If not specified, command will prompt user for secret.
- --selective-authentication
If specified, trusted side will only have selective access to approved set of resources.
Otherwise, the trusted side has forest/domain wide access. Default is false.
- --type=TYPE; default="FOREST"
Type of the trust. Must be FOREST or EXTERNAL. Default is FOREST. TYPE must be one of: external, forest, trust-type-unspecified.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command uses the managedidentities/v1 API. The full documentation for this API can be found at: https://cloud.google.com/managed-microsoft-ad/
These variants are also available:
$ gcloud alpha active-directory domains trusts create
$ gcloud beta active-directory domains trusts create