Key concepts and best practices for Amazon Managed Microsoft AD - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Key concepts and best practices for Amazon Managed Microsoft AD

You can get more out of your Amazon Managed Microsoft AD by becoming familiar with key concepts and best practices. Key concepts help you understand how Amazon Managed Microsoft AD works. Key concepts include learning more about Active Directory schema, patching schedule, and Group Managed Service Accounts. Active Directory schema includes elements like attributes, classes, and objects that make up Amazon Managed Microsoft AD. Amazon patches your Amazon Managed Microsoft AD domain controllers with Microsoft updates on your behalf. You can also learn more about group Managed Service Accounts (gMSAs) and use them with your Amazon Managed Microsoft AD.

You can avoid problems with your Amazon Managed Microsoft AD by considering best practices. Some of these best practices include:

  • When setting up your Amazon Managed Microsoft AD, configuring the security groups to meet your needs, remember your administrator account ID and password, and enable conditional forwarder setting.

  • When using your Amazon Managed Microsoft AD, don't alter the organizational unit Amazon created when the directory is created, monitor performance with tools like Amazon CloudWatch and Amazon SNS, and use SMB 2.x clients.

  • When programming applications to work with Amazon Managed Microsoft AD, use Windows DC locator service, load test changes before rolling them out to production environments, and use efficient LDAP queries to avoid significant CPU cycles in a domain controller.