Working with Microsoft Active Directory - Amazon FSx for Windows File Server
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Working with Microsoft Active Directory

When you create an FSx for Windows File Server file system, you join it to your Active Directory domain to provide user authentication and file- and folder-level access control. Amazon FSx works with Microsoft Active Directory to integrate with your existing Microsoft Windows environments. Amazon FSx provides two options using your FSx for Windows File Server file system with Active Directory: Using Amazon FSx with Amazon Directory Service for Microsoft Active Directory and Using a self-managed Microsoft Active Directory.

Active Directory is the Microsoft directory service used to store information about objects on the network and make this information easy for administrators and users to find and use. These objects typically include shared resources such as file servers and network user and computer accounts.

Your users can then use their existing user identities in Active Directory to authenticate themselves and access the FSx for Windows File Server file system. Users can also use their existing identities to control access to individual files and folders. In addition, you can migrate your existing files and folders along with their security access control list (ACL) configuration to Amazon FSx without any modifications.

After you create a joined Active Directory configuration for a file system, you can update only the following properties:

  • Service user credentials

  • DNS server IP addresses

You cannot change the following properties for your joined Microsoft AD after you've created the file system:

  • DomainName

  • OrganizationalUnitDistinguishedName

  • FileSystemAdministratorsGroup

However, you can create a new file system from a backup and change these properties in the new file system's Microsoft Active Directory integration configuration. For more information, see Restoring backups to new file system.

Note

Amazon FSx does not support Active Directory Connector and Simple Active Directory.

Your FSx for Windows File Server may become Misconfigured if there is a change in your Active Directory configuration that disrupts the connection to your file system. To return your file system to the Available state, select the Attempt Recovery button in the Amazon FSx console, or use the StartMisconfiguredStateRecovery command in the Amazon FSx API or console. For more information see File system is in a misconfigured state.