News

AWS Directory Service Adds Microsoft AD Support

• By Jeffrey Schwartz
• 12/04/2015

Amazon Web Services (AWS) Inc. this week unveiled a set of new options to run Microsoft Active Directory (Microsoft AD) as a managed service in the EC2 cloud.

The AWS Directory Service has three service options. The least expensive is Simple AD, which provides only basic Active Directory compatibilities.

Second is the AWS Directory Service for Microsoft Active Directory (Enterprise Edition), based on the most recent version included in Windows Server 2012 R2.

The third option is the AD Connector, which customers can link with on-premises AD domains.

AWS has provided documentation to help organizations determine which service is most suitable for them. According to the company, for organizations that have fewer than 5,000 users accounts and are looking to create or manage user accounts, group memberships, domain-joining Amazon EC2 instances running Linux and Windows, Kerberos-based single sign-on (SSO) and group policies, Simple AD is the best choice.

Organizations with more than 5,000 user accounts or those that require trust relationships between the AWS-hosted version of Active Directory and on-premises directories are better off using the new AWS Directory Service for Microsoft AD. It's available when an administrator chooses it as a directory type and is provisioned as a pair of domain controllers that run in multiple AWS Availability Zones available in any region connected to a customer's virtual private cloud (VPC).

AWS said the service offered includes host monitoring, recovery, replication, snapshots and software updates, which is configured and managed by the company.

AWS describes the AD Connector as a proxy service that links on-premises Active Directory with AWS for companies that don't want to host AD Federation Services or other intricate directory synchronization configurations. The company recommends the connector for those with Active Directory on premises that don't require replication to the AWS-hosted directory.

Developers can link to Active Directory using the AWS Directory Service API. Separate reference documentation to that API includes descriptions, syntax and examples of various actions and data types within the service.