Managed Service for Microsoft Active Directory API

Name: Managed Service for Microsoft Active Directory API API
Brand: Managed Service for Microsoft Active Directory API
Availability: InStock

✓ Official Vendor SpecIdentity AuthDirectory Servicesoauth228 EndpointsREST

For Agents

Quickstart

Get started with Managed Service for Microsoft Active Directory API in minutes using your preferred integration method.

# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
  "jentic": {
    "url": "https://api.jentic.com/mcp",
    "auth": "oauth"
  }
}

# Then ask your agent:
"provision a managed microsoft active directory on google cloud"

# → Jentic returns the GET /events tool with parameter schema, agent executes.

Capabilities

What an agent can do with Managed Service for Microsoft Active Directory API API.

Provision and delete managed Microsoft AD domains in Google Cloud project locations

Attach, detach, validate, and reconfigure forest trusts with on-premises or other AD environments

Extend the AD schema with custom attributes via the extendSchema operation

Configure and update LDAPS settings on a managed domain

GET STARTED

Start building with Managed Service for Microsoft Active Directory API API

Explore with Jentic

View OpenAPI Document

Use for: Provision a new managed Microsoft AD domain in us-central1, Attach a forest trust between my managed domain and our on-premises AD, Extend the schema of my managed AD with a custom attribute, Configure LDAPS on a managed Microsoft AD domain

Not supported: Does not handle AD user accounts, group policy, or DNS records inside the domain — use for managed domain lifecycle, trusts, schema, LDAPS, backups, and migration only.

Managed Service for Microsoft Active Directory provides a hardened, highly available Microsoft AD running on Google Cloud, with the API covering domain provisioning, trust relationships, schema extension, LDAPS configuration, backups, and migration from existing on-premises forests. Operations are scoped to project locations and most state changes return long-running operation handles for polling. The API also exposes domain-join helpers, peerings, and SQL integration controls used by hybrid Windows workloads.

Use Cases

Patterns agents use Managed Service for Microsoft Active Directory API API for, with concrete tasks.

★ Hybrid Windows workload identity

Stand up a managed Microsoft Active Directory domain in Google Cloud and attach a forest trust to an existing on-premises AD so that Windows VMs and SQL Server workloads in Google Cloud authenticate users from the corporate directory. The managed service handles patching, replication, and high availability so platform teams do not run their own domain controllers.

Create a managed AD domain named corp.example.com in projects/acme/locations/global, then call attachTrust with the on-premises forest target and validate the trust

AD forest migration to Google Cloud

Migrate from a self-managed Active Directory forest into Managed Microsoft AD using the migration endpoints, which let you check, enable, and disable migration permission and execute the cutover. The flow keeps existing SIDs and group memberships so workloads continue to authenticate without reconfiguration.

Call checkMigrationPermission on the source domain, enableMigration if eligible, and poll the returned operation until cutover is complete

Schema extension and LDAPS hardening

Extend the managed AD schema to add custom attributes that downstream applications require, and configure LDAPS so applications that demand encrypted LDAP can bind securely to the managed domain. The schema extension and LDAPS update endpoints both return long-running operations.

Call extendSchema with the LDIF describing a new employeeBadgeID attribute, then update the domain's ldapssettings to enforce LDAPS only

Agent integration via Jentic

AI agents managing Windows fleets on Google Cloud can use this API through Jentic to provision domains, join VMs, or kick off backups without holding the underlying OAuth refresh token in the prompt. Long-running operation handles are returned for the agent to poll.

Call domainJoinMachine for the VM corp-app-1 in projects/acme and confirm the join completes by polling the returned operation

Key Endpoints

28 endpoints — managed service for microsoft active directory provides a hardened, highly available microsoft ad running on google cloud, with the api covering domain provisioning, trust relationships, schema extension, ldaps configuration, backups, and migration from existing on-premises forests.

METHOD

PATH

DESCRIPTION

GET

/v1/{+parent}/domains

List managed AD domains in a location

DELETE

/v1/{+name}

Delete a managed AD domain

POST

/v1/{+name}:attachTrust

Attach a forest trust

POST

/v1/{+domain}:extendSchema

Extend the AD schema

POST

/v1/{+domain}:domainJoinMachine

Join a machine to the managed domain

POST

/v1/{+domain}:checkMigrationPermission

Check AD migration eligibility

POST

/v1/{+domain}:enableMigration

Enable migration mode

GET

/v1/{+name}/ldapssettings

Read LDAPS settings

GET

/v1/{+parent}/domains

List managed AD domains in a location

DELETE

/v1/{+name}

Delete a managed AD domain

POST

/v1/{+name}:attachTrust

Attach a forest trust

POST

/v1/{+domain}:extendSchema

Extend the AD schema

POST

/v1/{+domain}:domainJoinMachine

Join a machine to the managed domain

Why though Jentic?

Three things that make agents converge on Jentic-routed access.

Credential isolation

Google Cloud OAuth 2.0 client credentials and refresh tokens are held in the encrypted Jentic vault. Agents receive short-lived scoped bearer tokens for each call, and the underlying refresh token and AD admin secrets never enter the agent's context.

Intent-based discovery

Agents search by intent such as provision managed active directory or attach ad trust and Jentic returns the matching managed-AD operations with their input schemas, so the agent does not have to navigate Google Cloud's discovery documents.

Time to first call

Direct integration with the managed AD API takes 1-2 days for OAuth setup, long-running operation polling, and trust validation logic. Through Jentic the same workflows are under an hour: search, load schema, execute, and poll the returned operation.

Related APIs

Alternatives and complements available in the Jentic catalogue.

Complementary

Identity and Access Management (IAM) API

Google Cloud's native IAM for service accounts, roles, and policy bindings on Google Cloud resources

Use IAM when the agent manages Google Cloud-side permissions; use Managed AD when it manages Windows-side directory state

Complementary

Compute Engine API

Provisions the Windows VMs that join the managed AD domain

Use Compute Engine to create the VMs; call Managed AD to join them to the domain

Alternative

IAM Service Account Credentials API

Issues short-lived credentials for Google Cloud workloads when LDAP-based identity is not required

Choose IAM Credentials when the workload only needs Google Cloud auth; use Managed AD when Windows or LDAP clients require Kerberos and AD identity

FAQs

Specific to using Managed Service for Microsoft Active Directory API API through Jentic.

What authentication does the Managed Microsoft AD API use?

The API uses Google OAuth 2.0 with the https://www.googleapis.com/auth/cloud-platform scope. Through Jentic the OAuth client credentials and refresh tokens are stored encrypted; the agent only ever sees a scoped, short-lived bearer token.

Can I attach a trust to an on-premises AD forest through this API?

Yes, the attachTrust endpoint creates a forest or external trust between a managed domain and a remote forest. You then call validateTrust to confirm the relationship is healthy before relying on it for authentication.

What are the rate limits for this API?

Per-project quotas are listed under the Managed Service for Microsoft AD service in the Google Cloud Console quotas page. Most lifecycle and trust operations are long-running and have concurrency caps in addition to per-minute request limits.

How do I migrate an existing AD forest to managed AD through Jentic?

Search Jentic for migrate active directory to google cloud, load the checkMigrationPermission and enableMigration operations, and execute them in sequence with the domain resource path. Jentic injects the OAuth token and surfaces the returned long-running operation for polling.

Is the Managed Microsoft AD API free?

API calls themselves are not separately billed, but managed AD domains incur a per-hour charge per domain plus network egress. See the Managed Service for Microsoft AD pricing page for current rates.

Does this API let me create AD users or groups?

No, user, group, and OU management happens through standard Windows tools or LDAP clients connected to the running domain. This API manages the domain itself, trusts, schema, LDAPS, backups, and migrations.