Updating a self-managed Active Directory configuration - Amazon FSx for Windows File Server
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Updating a self-managed Active Directory configuration

To help ensure continuous, uninterrupted availability of your Amazon FSx file system, you must update the file system's Active Directory configuration when any of the following Active Directory properties change:

  • The DNS server IP addresses

  • The service account credentials of the self-managed Active Directory

When you update the self-managed Active Directory configuration for your Amazon FSx file system, your file system's state switches from Available to Updating while the update is applied. Verify that the state switches back to Available after the update has been applied – note that the update can take up to several minutes to complete. For more information, see Monitoring self-managed Active Directory updates.

If there's an issue with the updated self-managed Active Directory configuration, the file system state switches to Misconfigured. This state shows an error message and recommended corrective action beside the file system description in the console, API, and CLI. After taking the recommended corrective action, verify that your file system's state eventually changes to Available.

Important

If you update your file system with a new service account, ensure that the new service account has Full control permissions for the existing computer objects associated with the file system.

For information about troubleshooting possible issues related to self-managed Active Directory configurations, see File system is in a misconfigured state.

You can use the Amazon Web Services Management Console, Amazon FSx API, or Amazon CLI to update the service account username and password and the DNS server IP addresses of a file system's self-managed Active Directory configuration. You can track the progress of a self-managed Active Directory configuration update at any time using the Amazon Web Services Management Console, CLI, and API. For more information, see Monitoring self-managed Active Directory updates.

To update the self-managed Active Directory configuration (Console)

  1. Open the Amazon FSx console at https://console.amazonaws.cn/fsx/.

  2. Navigate to File systems, and choose the Windows file system for which you want to update self-managed Active Directory configuration.

  3. In the Network & security tab, then choose Update for the DNS server IP addresses, or for the service account username, depending on which Active Directory properties you are updating.

  4. Enter the new DNS server IP addresses, or the new service account credentials in the dialog that appears.

  5. Choose Update to initiate the Active Directory configuration update.

    You can monitor the update progress using the Amazon Web Services Management Console or the Amazon CLI.

To update the self-managed Active Directory configuration (CLI)

  • To update the self-managed Active Directory configuration of an FSx for Windows File Server file system, use the Amazon CLI command update-file-system. Set the following parameters:

    • --file-system-id to the ID of the file system you are updating.

    • UserName the new username for the self-managed Active Directory service account.

    • Password the new password for the self-managed Active Directory service account.

    • DnsIps the IP addresses for the self-managed Active Directory DNS servers.

    aws fsx update-file-system --file-system-id fs-0123456789abcdef0 \
  --windows-configuration 'SelfManagedActiveDirectoryConfiguration={UserName=username,Password=password,\
     DnsIps=[192.0.2.0,192.0.2.24]}'

    If the update action is successful, the service sends back an HTTP 200 response. The AdminstrativeActions object in the response describes the request and its status.