Posted On: Feb 9, 2017

Amazon WorkSpaces now allows you to integrate with your on-premises Microsoft Active Directory using an interforest trust with the AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also called AWS Microsoft AD. By establishing a single interforest trust relationship, you can assign Amazon WorkSpaces for users in any of your on-premises domains. AWS Microsoft AD automatically discovers and routes authentication requests to the correct domain controller, which means that your users can use their existing Microsoft Active Directory credentials to log in to their WorkSpaces, without having to specify their domain name.

You can also use AD Connector to authenticate users in an on-premises AD for access to Amazon WorkSpaces. For each on-premises AD domain that contains user accounts, a separate AD Connector needs to be configured, which means that AD Connector works well for environments with a single on-premises domain, or for proof-of-concept projects.

This feature is available now in all AWS regions where Amazon WorkSpaces is offered. To configure an interforest trust relationship between on your on-premises AD and Microsoft AD on AWS, see the documentation here. Once a trust is established, you can select the domain where your user accounts are managed directly in the Amazon WorkSpaces console, and proceed to provisioning WorkSpaces for your users. If you are using Amazon WorkSpaces API to provision WorkSpaces, you need to append the NETBIOS name (NETBIOS\username), or the domain name (DOMAIN\username), to the username in your API call in order to provision WorkSpaces.

To learn more about Amazon WorkSpaces, visit the Amazon WorkSpaces home page. To learn more about Microsoft AD, visit the AWS Directory Service home page.