Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Troubleshooting Amazon Managed Microsoft AD

The following can help you troubleshoot some common issues you might encounter when creating or using your directory.

Issues with Netlogon and secure channel communications

As a mitigation against CVE-2020-1472, Microsoft has released patching which modifies the way that Netlogon secure channel communications are processed by domain controllers. Since the introduction of these secure Netlogon changes, some Netlogon connections (servers, workstations, and trust validations) may not be accepted by your Amazon Managed Microsoft AD.

To verify if your issue is related to Netlogon or secure channel communications, search your Amazon CloudWatch Logs for event IDs 5827 (for device authentication related issues) or 5828 (for AD trust validation related issues). For information about CloudWatch in Amazon Managed Microsoft AD, see Enable log forwarding.

For more information about the mitigation against CVE-2020-1472, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 on Microsoft’s website.

Password recovery

If a user forgets a password or is having trouble signing in to either your Simple AD or Amazon Managed Microsoft AD directory, you can reset their password using either the Amazon Web Services Management Console, Windows PowerShell or the Amazon CLI.

For more information, see Reset a user password.