What gets created with your Simple AD
When you create a Active Directory with Simple AD, Amazon Directory Service performs the following tasks on your behalf:
-
Sets up a Samba-based directory within the VPC.
-
Creates a directory administrator account with the user name
Administrator
and the specified password. You use this account to manage your directory.Important
Be sure to save this password. Amazon Directory Service does not store this password, and it cannot be retrieved. However, you can reset a password from the Amazon Directory Service console or by using the ResetUserPassword API.
-
Creates a security group for the directory controllers.
-
Creates an account with the name
AWSAdminD-
that has domain admin privileges. This account is used by Amazon Directory Service to perform automated operations for directory maintenance operations, such as taking directory snapshots and FSMO role transfers. The credentials for this account are securely stored by Amazon Directory Service.xxxxxxxx
-
Automatically creates and associates an elastic network interface (ENI) with each of your domain controllers. Each of these ENIs are essential for connectivity between your VPC and Amazon Directory Service domain controllers and should never be deleted. You can identify all network interfaces reserved for use with Amazon Directory Service by the description: "Amazon created network interface for directory directory-id". For more information, see Elastic Network Interfaces in the Amazon EC2 User Guide. The default DNS Server of the Amazon Managed Microsoft AD Active Directory is the VPC DNS server at Classless Inter-Domain Routing (CIDR)+2. For more information, see Amazon DNS server in Amazon VPC User Guide.
Note
Domain controllers are deployed across two Availability Zones in a region by default and connected to your Amazon Virtual Private Cloud (VPC). Backups are automatically taken once per day, and the Amazon Elastic Block Store (EBS) volumes are encrypted to ensure that data is secured at rest. Domain controllers that fail are automatically replaced in the same Availability Zone using the same IP address, and a full disaster recovery can be performed using the latest backup.