AWS News Blog

AWS Directory Service Update – Support for Managed Microsoft Active Directory

The AWS Directory Service allows you to use your existing corporate identities to access AWS services and to simplify cloud-based deployment of Microsoft Windows and Linux applications that are dependent on the availability of a directory. We launched the service last year with support for two types of directories (AD Connector and Simple AD); see my post, New AWS Directory Service, to learn more.

Late last week we launched a third option, support for a managed Microsoft Active Directory, powered by Windows Server 2012 R2. When you choose this option, you get a Microsoft Active Directory that is designed to support up to 50,000 users (approximately 200,000 directory objects, including users, groups, and computers). The directory runs in two separate Availability Zones within a Amazon VPC.

Provisioning is easy, quick (25-30 minutes), and straightforward. Because this is a managed service, common administrative tasks are handled for you. This includes host monitoring with automatic replacement, data replication, snapshot backups, and automatic software updates. As is often the case with AWS, you will spend less time administering and more time working on your applications and your business.

Use Cases
With this launch, running workloads that are aware of a directory is easier than ever. This includes Microsoft SharePoint as well as custom applications that make use of .NET and/or SQL Server.

System administrators can manage user and group memberships, join Linux and Windows computers to a domain, set up Kerberos single sign-on (SSO), apply group policies, and create trust relationships between domains.  They can also use their existing corporate credentials to log in to the AWS Management Console in order to manage AWS resources.

Provisioning a Directory
You can provision a managed Microsoft Active Directory from the AWS Directory Service Console. Visit the Console, click on Get Started Now, and then choose Create Microsoft AD:

Enter a name (I used, set up an administrative password, choose a VPC, and pick two subnets of the VPC:

Then click on Next Step to review the settings and to make sure that you understand the terms of the free trial of AWS Directory Service, then click on Create Microsoft AD:

Visit the list of directories, check your email, walk your dog, and then wait for the status to change to Active (click on the refresh icon every so often):

You can then connect to the directory in the usual way, create your groups and users, and enjoy the benefits that I listed above.

You can create snapshots (and restore them later) from the console; simply select Snapshots in the navigation bar and click on Create Snapshot:

Pricing and Availability
The Managed Microsoft Active Directory Service is available now in the US East (N. Virginia), US West (Oregon), Europe (Ireland), Asia Pacific (Sydney), and Asia Pacific (Tokyo) regions. You can try it out for one month (750 hours of usage) at no charge. After that, you’ll pay $0.40 per hour per in the US East (N. Virginia) region; see the AWS Directory Service Pricing page for pricing in other regions.


Jeff Barr

Jeff Barr

Jeff Barr is Chief Evangelist for AWS. He started this blog in 2004 and has been writing posts just about non-stop ever since.