Cannot access Windows Server domain on Google Cloud VM from external Windows PC

Hi everyone,

I have created a Windows Server 2025 Datacenter virtual machine on Google Cloud and configured it as an Active Directory Domain Controller.

I assigned both an internal and external static IP address to the VM.

I am trying to join a local Windows PC (located in my office, on an external network) to this domain, but I am experiencing issues during the domain join process, even after disabling Windows Firewall.

If I use a VPN solution like Tailscale, everything works correctly and the client PC can join the domain without any problems.

I would like to understand if there is a way to join a machine to the domain hosted on the VM directly from an external network, without using a VPN.

Thanks in advance

This is possibly outside the scope of this forum. However, you should really be looking at Azure AD to manage this securely.

You should NOT directly expose Active Directory to the public internet to join clients. What you’re seeing is expected behavior.

Active Directory Domain Services (AD DS) is not designed to work over the open internet.

When a machine joins a domain, it doesn’t just talk over one port — it requires:

• DNS (53)

• Kerberos (88)

• LDAP (389 / 636)

• SMB (445)

• RPC (135 + dynamic high ports 49152–65535)

These are:

• Numerous

• Stateful

• Not NAT-friendly

• Highly insecure if exposed publicly

Even if you disable Windows Firewall, Google Cloud VPC firewall + NAT + ISP filtering still block or break these flows.

so, what do you recommend me to do to create an active directory on the vm server and be able to reach it from the outside?

Thank you

If your goal is to run Active Directory on a VM and access it from outside, the correct approach is not to expose it directly to the internet, but to place it behind a secure private network.