Tutorial: Creating a trust from Amazon Managed Microsoft AD to a self-managed Active Directory installation on Amazon EC2

In this tutorial, you learn how to create a trust between the Amazon Directory Service for Microsoft Active Directory forest that you created in the Base tutorial. You also learn to create a new native Active Directory forest on a Windows Server in Amazon EC2. As shown in the following illustration, the lab that you create from this tutorial is the second building block necessary when setting up a complete Amazon Managed Microsoft AD test lab. You can use the test lab to test your pure cloud or hybrid cloud–based Amazon solutions.

You should only need to create this tutorial once. After that you can add optional tutorials when necessary for more experience.

Steps to create a trust from a Microsoft Active Directory to a self-managed Active Directory: Set up your environment, create your Microsoft Active Directory, Deploy an Amazon EC2 instance, and test the lab.

Step 1: Set up your environment for trusts: Before you can establish trusts between a new Active Directory forest and the Amazon Managed Microsoft AD forest that you created in the Base tutorial, you need to prepare your Amazon EC2 environment. To do that, you first create a Windows Server 2019 server, promote that server to a domain controller, and then configure your VPC accordingly.
Step 2: Create the trusts: In this step, you create a two-way forest trust relationship between your newly created Active Directory forest hosted in Amazon EC2 and your Amazon Managed Microsoft AD forest in Amazon.
Step 3: Verify the trust: Finally, as an administrator, you use the Amazon Directory Service console to verify that the new trusts are operational.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Step 4: Verify that the base test lab is operational

Step 1: Set up your environment for trusts