Simple AD availability changes
This guide provides information about the Simple AD changes and recommended alternatives for Amazon Directory Service Simple AD customers.
Note
Only new customer onboarding to Simple AD is not permitted. Existing Simple AD customers retain full functionality. Your directories, users, computers, and integrated workloads are not affected, and you can continue to create new Simple AD directories.
Recommended alternatives
We recommend that customers evaluate the following alternatives based on their use case:
Amazon Managed Microsoft AD
-
Amazon Managed Microsoft AD is a fully managed, native Microsoft Active Directory (AD) service hosted on Amazon. Unlike Simple AD, which is Samba-based, Amazon Managed Microsoft AD runs on actual Windows Server Active Directory and provides full-fidelity directory features including Group Policy, trusts, schema extensions, Kerberos authentication, and LDAP.
-
Customers can share their Amazon Managed Microsoft AD directory across multiple Amazon accounts, enabling EC2 domain joins and AD authentication for resources in different accounts.
-
Security logs can be forwarded to Amazon CloudWatch Logs for security monitoring, audit, and compliance reporting.
-
Amazon Managed Microsoft AD integrates with a broad set of Amazon services including WorkSpaces, Amazon RDS, Amazon FSx for Windows File Server, Amazon EC2, and Amazon IAM Identity Center.
-
Available in Standard Edition (up to 30,000 directory objects) and Enterprise Edition (up to 500,000 directory objects) with multi-Region support.
To get started, see Amazon Managed Microsoft AD. For pricing, see Amazon Directory Service
pricing
AD Connector
-
AD Connector is a proxy service that connects Amazon services to a self-managed AD (on-premises or in the cloud) without replicating directory data. Best if you want to use self-managed Samba-based AD or already have an existing self-managed AD with Amazon applications.
-
AD Connector enables Amazon application integration with a self-managed AD. For example, customers can use AD Connector to connect WorkSpaces to their on-premises AD, enable EC2 domain join, access the Amazon Web Services Management Console with AD credentials, and integrate with Amazon IAM Identity Center.
-
AD Connector uses your self-managed AD security policies such as password expiration, password history, and account lockout policies, no synchronization or replication of directory data to Amazon.
-
Available in Small and Large sizes.
To get started, see AD
Connector. For pricing, see Amazon Directory Service other
directory types pricing