Amazon Managed Microsoft AD
Amazon Directory Service lets you run Microsoft Active Directory (AD) as a managed service. Amazon Directory Service for Microsoft Active Directory, also referred to as Amazon Managed Microsoft AD, is powered by Windows Server 2019. When you select and launch this directory type, it is created as a highly available pair of domain controllers connected to your virtual private cloud (Amazon VPC). The domain controllers run in different Availability Zones in a Region of your choice. Host monitoring and recovery, data replication, snapshots, and software updates are automatically configured and managed for you.
With Amazon Managed Microsoft AD, you can run directory-aware workloads in the Amazon Cloud, including Microsoft SharePoint and custom .NET and SQL Server-based applications. You can also configure a trust relationship between Amazon Managed Microsoft AD in the Amazon Cloud and your existing on-premises Microsoft Active Directory, providing users and groups with access to resources in either domain, using Amazon IAM Identity Center.
Amazon Directory Service makes it easy to set up and run directories in the Amazon Cloud, or connect your Amazon resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it for a variety of tasks:
-
Manage users and groups
-
Provide single sign-on to applications and services
-
Create and apply group policy
-
Simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads
-
You can use Amazon Managed Microsoft AD to enable multi-factor authentication by integrating with your existing RADIUS-based MFA infrastructure to provide an additional layer of security when users access Amazon applications
-
Securely connect to Amazon EC2 Linux and Windows instances
Note
Amazon manages the licensing of your Windows Server instances for you; all you need to do is pay for the instances you use. There is also no need to buy additional Windows Server Client Access Licenses (CALs), as access is included in the price. Each instance comes with two remote connections for admin purposes only. If you require more than two connections, or need those connections for purposes other than admin, you may have to bring in additional Remote Desktop Services CALs for use on Amazon.
Read the topics in this section to get started creating a Amazon Managed Microsoft AD directory, creating a trust relationship between Amazon Managed Microsoft AD and your on-premises directories, and extending your Amazon Managed Microsoft AD schema.
Topics
- Getting started with Amazon Managed Microsoft AD
- Key concepts and best practices for Amazon Managed Microsoft AD
- Use cases for Amazon Managed Microsoft AD
- Maintain your Amazon Managed Microsoft AD
- Secure your Amazon Managed Microsoft AD
- Monitor your Amazon Managed Microsoft AD
- Access to Amazon applications and services from your Amazon Managed Microsoft AD
- Granting Amazon Managed Microsoft AD users and groups access to Amazon resources with IAM roles
- Configure Multi-Region replication for Amazon Managed Microsoft AD
- Share your Amazon Managed Microsoft AD
- Migrating Active Directory users to Amazon Managed Microsoft AD
- Connect Amazon Managed Microsoft AD to your existing Active Directory infrastructure
- Extend your Amazon Managed Microsoft AD schema
- Ways to join an Amazon EC2 instance to your Amazon Managed Microsoft AD
- User and group management in Amazon Managed Microsoft AD
- Amazon Directory Service Data
- Connecting your Amazon Managed Microsoft AD to Microsoft Entra Connect Sync
- Amazon Managed Microsoft AD test lab tutorials
- Amazon Managed Microsoft AD quotas
- Troubleshooting Amazon Managed Microsoft AD
Related Amazon Security blog articles