How to join an instance to AD in GCP Managed Instance Group - AutoScaling?
I am creating a Managed Instance Group in GCP. Below are my steps:
- Created a disk image from exiting Windows VM (name: app01)
- Created an Instance template with disk Image
- Created a Managed Instance Group from Instance template
As of now, everything works fine with Autoscaling option, it scaling out and in.
However, I have the below queries, not sure how to proceed:
- How the instance name assigned - I expect it to be unique - and yes it is. But when I logged in to instance and check hostname - its is name of the original image (app01).
- We are running with Private IP's and same was assigned - how do we ensure - instance joined with AD and unique server details are registered with AD. We need this, as our team needs to log in to machine using Windows credentials.
- As I am newbie, please clarify on this: as of now, with the same instance name (hostname) - I am seeing newly created VMs are part of domain controller and I am able to login with Windows credentials. Is this going to make issue in future? - do I need to explicitly add instance with unique hostname - or is it managed by Google internally?.
I understand that, need to use some script (sys-prep), please share some guidance on how to achieve this and what details (like access, AD credentials, etc) required to achieve this?
Thanks in advance.
GCP Offers automated process for Windows VM's in Managed Instance Groups to automatically join AD domain when created:
Automating the process of joining Windows VMs to Active Directory helps you simplify the provisioning of Windows servers. The approach also allows you to take advantage of autoscaling without sacrificing the benefits of using Active Directory to manage access and configuration.
This will work wheather you will decide to use Managed Service for Microsoft Active Directory or make one of the VM's your AD server.
Preparation for this process is rather lenghthy but also very well described in the tutorial linked above.
Process includes many steps such as:
- creating an image (with a windows startup script)
- preapring AD domain (creating special account, limiting access etc)
- deploying special function in Cloud Run
- creating KMS key used to obtain credentials by new VM's
In short - there are many GCP products involved (Compute Engine, Cloud Functions, KMS, Serverless access).
There's no point copying everything from the tutorial but I recommend for you read it at first and understand the process and then try to do it yourself.