Add or remove additional domain controllers - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Add or remove additional domain controllers

Before adding or removing additional domain controllers, here's more information about domain controller requirements:

  • After deploying additional domain controllers, you can reduce the number of domain controllers to two, which is the minimum required for fault-tolerance and high availability purposes.

  • The deleted domain controllers will be delete from the list of additional domain controllers. The primary and secondary domain controllers are required and can't be deleted.

  • If you have configured your Amazon Managed Microsoft AD to enable LDAPS, any additional domain controllers you add will also have LDAPS enabled automatically. For more information, see Enable secure LDAP or LDAPS.

Use the following procedure to deploy or remove additional domain controllers in your Amazon Managed Microsoft AD directory.

To add or remove additional domain controllers
  1. In the Amazon Directory Service console navigation pane, choose Directories.

  2. On the Directories page, choose your directory ID.

  3. On the Directory details page, do one of the following:

    • If you have multiple Regions showing under Multi-Region replication, select the Region where you want to add or remove domain controllers, and then choose the Scale & share tab. For more information, see Primary vs additional Regions.

    • If you do not have any Regions showing under Multi-Region replication, choose the Scale & share tab.

  4. In the Domain controllers section, choose Edit.

  5. Specify the number of domain controllers to add or remove from your directory, and then choose Modify.

  6. When Amazon Managed Microsoft AD completes the deployment process, all domain controllers show Active status, and both the assigned Availability Zone and Amazon VPC subnets appear. New domain controllers are equally distributed across the Availability Zones and subnets where your directory is already deployed.

Related Amazon Security Blog Article