Skip to main content

AWS Directory Service Documentation

Overview

AWS Directory Service is designed to help organizations migrate their Active Directory-dependent workloads to the cloud.

Availability, scalability, and resilience

Availability Zones

Managed Microsoft AD is deployed in AWS infrastructure and across multiple Availability Zones. Domain controllers are designed to be deployed across Availability Zones and connected to your Amazon Virtual Private Cloud (VPC). AWS Managed Microsoft AD is designed to take backups and encrypt the Amazon Elastic Block Store (EBS) volumes to help secure data at rest. Domain controllers that fail are designed to be replaced in the same Availability Zone using the same IP address.

Domain controllers

When you first create your directory, AWS Managed Microsoft AD is designed to deploy domain controllers across Availability Zones. Later, you can deploy additional domain controllers. AWS Managed Microsoft AD is designed to distribute the additional domain controllers to the Availability Zones and VPC subnets on which your directory is running.

Managed AD infrastructure

AWS runs on AWS managed infrastructure. When you select and launch this directory type, it is designed to be created as a pair of domain controllers connected to your virtual private cloud (VPC). The domain controllers are designed to run in different Availability Zones in a Region. AWS Managed Microsoft AD can help you with host monitoring and recovery, data replication, snapshots, and software updates.

Snapshots

AWS Managed Microsoft AD is designed to provide snapshots. You can also take additional snapshots before application updates.

Multi-region replication

Multi-region replication enables you to deploy and use a single AWS Managed Microsoft AD directory across multiple AWS Regions.

Security and compliance

You can configure directory settings for your AWS Managed Microsoft AD to help meet your compliance and security requirements. In directory settings, you can update secure channel configuration for protocols and ciphers used in your directory. AWS Managed Microsoft AD is then designed to deploy the configuration to domain controllers in your directory, manage domain controller reboots, and help maintain this configuration as you scale out or deploy additional AWS Regions.

Monitoring, logging, and observability

Monitoring

Using Amazon Simple Notification Service (Amazon SNS), you can receive email or text (SMS) messages when the status of your directory changes.

Workloads Migration and AWS application integration

AWS Managed Microsoft AD (Hybrid Edition) enables you to extend your existing AD domain into AWS, creating a directory experience across your AD environments.

Access to the AWS account and applications

You can grant your on-premises AD users access to sign in to the AWS Management Console and AWS CLI with their existing AD credentials. This enables your users to assume one of their assigned roles at sign-in, and to access and take action on the resources according to the permissions defined for the role.

Additional Information

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.