Managed Service for Microsoft Lively Listing (Managed Microsoft AD) is a Google Cloud service that provides extremely out there, hardened Microsoft Lively Listing operating on Home windows digital machines. We not too long ago added on-demand backup and schema extension capabilities that may assist Google Cloud customers extra simply and successfully handle AD duties.
Managed Microsoft AD is a completely managed service with automated AD server updates, upkeep, and safety configuration, and desires no administration or patching. The service is consistently evolving, including new capabilities to successfully handle your cloud-based, AD-dependent workloads. Right here’s a more in-depth have a look at the advantages for Google Cloud customers of the brand new on-demand backup and schema extension capabilities.
Flexibility to handle your AD area with on-demand backup and restore
Managed Microsoft AD already gives scheduled backups that are taken mechanically each 12 hours. Now with on-demand backup and restore, prospects may have the flexibility to create checkpoints (snapshots) at any time limit and restore again to that state when wanted. The brand new on-demand backup and restore performance is now typically out there along with the scheduled backups. This performance can present flexibility for patrons to provoke backup and restoration based mostly on their distinctive wants. Listed below are two eventualities the place on-demand backup and restoration can be utilized:
With this launch, customers can create as much as 5 on-demand backups. Managed Microsoft AD APIs additionally supply administration functionalities for backups that features itemizing of all backups (each on-demand and scheduled,) restoring to a particular backup, updating labels, and deleting a backup. All these capabilities assist customers to successfully handle their backup administrative duties.
Energy utility integrations with Schema Extension help
Observe: Schema Extension characteristic is in public preview and lined by the Pre-GA Choices Phrases of the Google Cloud Phrases of Service.
Lively Listing (AD) depends on schema to prepare and retailer the listing information. The AD schema incorporates a proper definition of each attribute and sophistication that may exist in an Lively Listing object. Once you create a Managed Microsoft AD occasion, it creates a default schema on the area controller as effectively. Nevertheless, there could be a scenario the place you need to customise the lessons or attributes. Such a necessity arises when you have got functions that require new forms of info to be saved in Lively Listing (e.g., to help single sign-on capabilities). Managed Microsoft AD now helps schema extension and allows modification of the present schema to customise attributes by way of API utilizing an LDAP Knowledge Interchange Format (LDIF) file. The next LDIF change sorts are supported: add, modify, modrdn and moddn. It’s typically beneficial to do a website backup earlier than schema modifications are utilized. To simplify this, Managed Microsoft AD initiates a backup each time schema modifications are triggered. This schema extension help allows further context for customers and for integrating with functions which are depending on particular lessons or attributes.
Use case: Schema extension for LAPS
You’ll be able to retailer and rotate the native account passwords of domain-joined computer systems in AD utilizing Native Administrator Password Resolution (LAPS), a Microsoft instrument for password administration. Any machine that LAPS is deployed to can randomize the native administrator password, retailer that password in Lively Listing, after which change that password on a set schedule. For LAPS to work with Lively Listing, it wants the schema to be prolonged for storing the required attributes. For this use case, we assume that you’ve already put in LAPS and have your Managed Microsoft AD up and operating.
LAPS requires the next two further attributes:
ms-Mcs-AdmPwd – This attribute shops the native administrator password
ms-Mcs-AdmPwdExpirationTime – This attribute shops the expiration time of administrator password
Let’s now have a look at learn how to add the required attributes utilizing the Managed Microsoft AD schema extension characteristic.
Step 1: Put together an LDIF file so as to add ms-Mcs-AdmPwd and ms-Mcs-AdmPwdExpirationTime attributes.