gcloud active-directory domains trusts create

NAME
gcloud active-directory domains trusts create - create a Microsoft Active Directory Trust between a Managed Microsoft AD domain and another domain
SYNOPSIS
gcloud active-directory domains trusts createDOMAIN--target-dns-ip-addresses=[TARGET_DNS_IP_ADDRESSES,…]--target-domain-name=TARGET_DOMAIN_NAME[--async][--direction=DIRECTION; default="BIDIRECTIONAL"][--handshake-secret=HANDSHAKE_SECRET][--selective-authentication][--type=TYPE; default="FOREST"][GCLOUD_WIDE_FLAG]
DESCRIPTION
Create a Microsoft Active Directory Trust between a Managed Microsoft AD domainand another domain.

This command can fail for the following reasons:

  • The domain specified does not exist.
  • The active account does not have permission to access the given domain.
  • A trust already exists with the same target domain name.
  • The active account does not have permission to create AD trusts.
EXAMPLES
The following command creates an external, bidirectional AD trust betweenmy-domain.com andtarget-domain.com.
gcloudactive-directorydomainstrustscreatemy-domain.com--target-domain-name=target-domain.com--target-dns-ip-addresses=10.177.0.2--type=EXTERNAL--direction=BIDIRECTIONAL--selective-authentication=false--async
POSITIONAL ARGUMENTS
Domain resource - Name of the Managed Microsoft AD domain you want to create anAD trust from. This represents a Cloud resource. (NOTE) Some attributes are notgiven arguments in this group but can be set in other ways.

To set theproject attribute:

  • provide the argumentdomain on the command line with a fullyspecified name;
  • provide the argument--project on the command line;
  • set the propertycore/project.

This must be specified.

DOMAIN
ID of the domain or fully qualified identifier for the domain.

To set thedomain attribute:

  • provide the argumentdomain on the command line.
REQUIRED FLAGS
--target-dns-ip-addresses=[TARGET_DNS_IP_ADDRESSES,…]
Target DNS server IP addresses that can resolve the target domain.

Only IPv4 is supported.

--target-domain-name=TARGET_DOMAIN_NAME
Target domain name for the Managed Microsoft AD Trust.
OPTIONAL FLAGS
--async
Return immediately, without waiting for the operation in progress to complete.
--direction=DIRECTION; default="BIDIRECTIONAL"
Direction of the trust.

Must be one of: INBOUND, OUTBOUND, BIDIRECTIONAL. Default is BIDIRECTIONAL.

DIRECTION must be one of:bidirectional,inbound,outbound,trust-direction-unspecified.

--handshake-secret=HANDSHAKE_SECRET
Trust handshake secret with target domain. The secret will not be stored. If notspecified, command will prompt user for secret.
--selective-authentication
If specified, trusted side will only have selective access to approved set ofresources.

Otherwise, the trusted side has forest/domain wide access. Default is false.

--type=TYPE; default="FOREST"
Type of the trust. Must be FOREST or EXTERNAL. Default is FOREST.TYPE must be one of:external,forest,trust-type-unspecified.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

API REFERENCE
This command uses themanagedidentities/v1 API. The fulldocumentation for this API can be found at:https://cloud.google.com/managed-microsoft-ad/
NOTES
These variants are also available:
gcloudalphaactive-directorydomainstrustscreate
gcloudbetaactive-directorydomainstrustscreate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-07 UTC.