Posted On: Apr 7, 2016

Today, we made it easier for you to configure trust relationships between your AWS Directory Service for Microsoft Active Directory (Enterprise Edition)—also known as Microsoft AD—and your on-premises Microsoft Active Directory domains. Establishing trust relationships requires conditional forwarders, which resolve Domain Name System (DNS) queries between the domain names of the trusting directories. You now can more easily configure conditional forwarders using the Directory Service console, which eliminates the need to install DNS Manager on a Microsoft Windows Server instance in your Amazon Virtual Private Cloud (VPC). 

Establishing a trust relationship between your Microsoft AD and your on-premises Microsoft Active Directory domain enables you to create a resource domain in your Amazon VPC. With this resource domain, you can deploy directory-aware workloads, such as custom .NET and SQL Server-based applications on AWS. Your on-premises directory can manage and provided access and authentication to these resources, making it easy to migrate existing directory-aware workloads or launch new ones in the cloud that leverage user accounts residing in your on-premises directory. 

From the Directory Service console, you can define conditional forwarders and easily create one-way incoming, one-way outgoing, and two-way trust relationships between directories. You also can create trust relationships between Microsoft AD and your on-premises Microsoft Active Directory, as well as with other Microsoft AD domains in the AWS cloud. See Now Available: Simplified Trust Configuration for AWS Directory Service to learn more. To get started, see the Create a Trust Relationship page.