Troubleshooting Amazon Managed Microsoft AD - Amazon Directory Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Troubleshooting Amazon Managed Microsoft AD

The following can help you troubleshoot some common issues you might encounter when creating or using your directory.

Issues with your Amazon Managed Microsoft AD

Some troubleshooting tasks can only be completed by Amazon Web Services Support. Here are some of the tasks:

To create a support case, see Creating support cases and case management.

Issues with Netlogon and secure channel communications

As a mitigation against CVE-2020-1472, Microsoft has released patching which modifies the way that Netlogon secure channel communications are processed by domain controllers. Since the introduction of these secure Netlogon changes, some Netlogon connections (servers, workstations, and trust validations) may not be accepted by your Amazon Managed Microsoft AD.

To verify if your issue is related to Netlogon or secure channel communications, search your Amazon CloudWatch Logs for event IDs 5827 (for device authentication related issues) or 5828 (for AD trust validation related issues). For information about CloudWatch in Amazon Managed Microsoft AD, see Enable log forwarding.

For more information about the mitigation against CVE-2020-1472, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 on Microsoft’s website.

Issues with resetting user password

You receive an error message similar to the following when attempting to reset a user's password:

Response Status: 400 Bad Request

You may experience this issue when there are duplicate objects in your Amazon Managed Microsoft AD Organizational Unit (OU) with identical user logon names. User logon names must be unique. See troubleshooting Directory Data problems in Microsoft documentation for more information.

Password recovery

If a user forgets a password or is having trouble signing in to either your Simple AD or Amazon Managed Microsoft AD directory, you can reset their password using either the Amazon Web Services Management Console, Windows PowerShell or the Amazon CLI.

For more information, see Reset a user password.

Additional resources

The following resources can help you troubleshoot as you work with Amazon.

The following resources can help you troubleshoot common Active Directory issues.