AWS Directory Service
管理指南 (版本 1.0)
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 Amazon AWS 入门

Simple AD 的最佳实践

为避免问题并充分利用 AWS Managed Microsoft AD,您应该考虑以下建议和准则。

设置:先决条件

创建目录之前请考虑以下这些准则。

Verify You Have the Right Directory Type

AWS Directory Service provides multiple ways to use Microsoft Active Directory with other AWS services. You can choose the directory service with the features you need at a cost that fits your budget:

  • AWS Directory Service for Microsoft Active Directory is a feature-rich managed Microsoft Active Directory hosted on the AWS cloud. AWS Managed Microsoft AD is your best choice if you have more than 5,000 users and need a trust relationship set up between an AWS hosted directory and your on-premises directories.

  • AD Connector simply connects your existing on-premises Active Directory to AWS. AD Connector is your best choice when you want to use your existing on-premises directory with AWS services.

  • Simple AD is an inexpensive Active Directory–compatible service with the common directory features. In most cases, Simple AD is the least expensive option and your best choice if you have 5,000 or fewer users and don’t need the more advanced Microsoft Active Directory features.

For a more detailed comparison of AWS Directory Service options, see 选择哪一个.

Ensure Your VPCs and Instances are Configured Correctly

In order to connect to, manage, and use your directories, you must properly configure the VPCs that the directories are associated with. See either AWS Managed Microsoft AD 先决条件, AD Connector 先决条件, or Simple AD 先决条件 for information about the VPC security and networking requirements.

If you are adding an instance to your domain, ensure that you have connectivity and remote access to your instance as described in 将 EC2 实例加入 AWS Managed Microsoft AD 目录.

Be Aware of Your Limits

Learn about the various limits for your specific directory type. The available storage and the aggregate size of your objects are the only limitations on the number of objects you may store in your directory. See either AWS Managed Microsoft AD 的限制, AD Connector 的限制, or Simple AD 的限制 for details about your chosen directory.

需要信任时应使用 AWS Managed Microsoft AD

Simple AD 不支持信任关系。如果需要在 AWS Directory Service 目录与其他目录之间建立信任,则应使用 AWS Directory Service for Microsoft Active Directory。

设置:创建目录

下面是创建目录时应考虑的一些建议。

记住管理员 ID 和密码

设置目录时,需要提供管理员账户的密码。该账户 ID 对于 Simple AD 是 Administrator。请记住为此账户创建的密码;否则无法向您的目录中添加对象。