Skip to main content

domains

Creates, updates, deletes, gets or lists a domains resource.

Overview

Namedomains
TypeResource
Idgoogle.managedidentities.domains

Fields

The following fields are returned by SELECT queries:

NameDatatypeDescription
namestringRequired. The unique name of the domain using the form: projects/{project_id}/locations/global/domains/{domain_name}.
adminstringOptional. The name of delegated administrator account used to perform Active Directory operations. If not specified, setupadmin will be used.
auditLogsEnabledbooleanOptional. Configuration for audit logs. True if audit logs are enabled, else false. Default is audit logs disabled.
authorizedNetworksarrayOptional. The full names of the Google Compute Engine networks the domain instance is connected to. Networks can be added using UpdateDomain. The domain is only available on networks listed in authorized_networks. If CIDR subnets overlap between networks, domain creation will fail.
createTimestring (google-datetime)Output only. The time the instance was created.
fqdnstringOutput only. The fully-qualified domain name of the exposed domain used by clients to connect to the service. Similar to what would be chosen for an Active Directory set up on an internal network.
labelsobjectOptional. Resource labels that can contain user-provided metadata.
locationsarrayRequired. Locations where domain needs to be provisioned. The locations can be specified according to https://cloud.google.com/compute/docs/regions-zones, such as us-west1 or us-east4. Each domain supports up to 4 locations, separated by commas. Each location will use a /26 block.
reservedIpRangestringRequired. The CIDR range of internal addresses that are reserved for this domain. Reserved networks must be /24 or larger. Ranges must be unique and non-overlapping with existing subnets in [Domain].[authorized_networks].
statestringOutput only. The current state of this domain.
statusMessagestringOutput only. Additional information about the current status of this domain, if available.
trustsarrayOutput only. The current trusts associated with the domain.
updateTimestring (google-datetime)Output only. The last update time.

Methods

The following methods are available for this resource:

NameAccessible byRequired ParamsOptional ParamsDescription
getselectprojectsId, domainsIdGets information about a domain.
listselectprojectsIdfilter, pageSize, orderBy, pageTokenLists domains in a project.
createinsertprojectsIddomainNameCreates a Microsoft AD domain.
patchupdateprojectsId, domainsIdupdateMaskUpdates the metadata and configuration of a domain.
deletedeleteprojectsId, domainsIdDeletes a domain.
check_migration_permissionexecprojectsId, domainsIdCheckMigrationPermission API gets the current state of DomainMigration
enable_migrationexecprojectsId, domainsIdEnable Domain Migration
disable_migrationexecprojectsId, domainsIdDisable Domain Migration
detach_trustexecprojectsId, domainsIdRemoves an AD trust.
restoreexecprojectsId, domainsIdRestoreDomain restores domain backup mentioned in the RestoreDomainRequest
extend_schemaexecprojectsId, domainsIdExtend Schema for Domain
reconfigure_trustexecprojectsId, domainsIdUpdates the DNS conditional forwarder.
validate_trustexecprojectsId, domainsIdValidates a trust state, that the target domain is reachable, and that the target domain is able to accept incoming trust requests.
reset_admin_passwordexecprojectsId, domainsIdResets a domain's administrator password.
domain_join_machineexecprojectsId, domainsIdDomainJoinMachine API joins a Compute Engine VM to the domain
attach_trustexecprojectsId, domainsIdAdds an AD trust to a domain.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

NameDatatypeDescription
domainsIdstring
projectsIdstring
domainNamestring
filterstring
orderBystring
pageSizeinteger (int32)
pageTokenstring
updateMaskstring (google-fieldmask)

SELECT examples

Gets information about a domain.

SELECT
name,
admin,
auditLogsEnabled,
authorizedNetworks,
createTime,
fqdn,
labels,
locations,
reservedIpRange,
state,
statusMessage,
trusts,
updateTime
FROM google.managedidentities.domains
WHERE projectsId = '{{ projectsId }}' -- required
AND domainsId = '{{ domainsId }}' -- required
;

INSERT examples

Creates a Microsoft AD domain.

INSERT INTO google.managedidentities.domains (
data__locations,
data__admin,
data__auditLogsEnabled,
data__authorizedNetworks,
data__labels,
data__name,
data__reservedIpRange,
projectsId,
domainName
)
SELECT 
'{{ locations }}',
'{{ admin }}',
{{ auditLogsEnabled }},
'{{ authorizedNetworks }}',
'{{ labels }}',
'{{ name }}',
'{{ reservedIpRange }}',
'{{ projectsId }}',
'{{ domainName }}'
RETURNING
name,
done,
error,
metadata,
response
;

UPDATE examples

Updates the metadata and configuration of a domain.

UPDATE google.managedidentities.domains
SET 
data__locations = '{{ locations }}',
data__admin = '{{ admin }}',
data__auditLogsEnabled = {{ auditLogsEnabled }},
data__authorizedNetworks = '{{ authorizedNetworks }}',
data__labels = '{{ labels }}',
data__name = '{{ name }}',
data__reservedIpRange = '{{ reservedIpRange }}'
WHERE 
projectsId = '{{ projectsId }}' --required
AND domainsId = '{{ domainsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
done,
error,
metadata,
response;

DELETE examples

Deletes a domain.

DELETE FROM google.managedidentities.domains
WHERE projectsId = '{{ projectsId }}' --required
AND domainsId = '{{ domainsId }}' --required
;

Lifecycle Methods

CheckMigrationPermission API gets the current state of DomainMigration

EXEC google.managedidentities.domains.check_migration_permission 
@projectsId='{{ projectsId }}' --required, 
@domainsId='{{ domainsId }}' --required
;