How do I create a trust relationship between AWS Managed Microsoft AD and my existing on-premises AD domain?

Last updated: 2020-04-13

I want to create a trust relationship between my on-premises domain and my AWS Directory Service for Microsoft Active Directory. How can I do this?

Short Description

A trust relationship is a link between two different domains, where one domain (the trusting domain) trusts another (the trusted domain). A one-way trust scenario allows the user accounts from the trusted domain to access resources in the trusting domain.

AWS Managed Microsoft AD supports external and forest trust relationships with your existing on-premises domain in all three trust relationship directions:

  • One-way Incoming
  • One-way Outgoing
  • Two-way (Bi-directional)

Resolution

To create a trust relationship between your AWS Managed Microsoft AD and your on-premises domain, follow these steps:

Important: You must create the trust on the on-premises domain first. Then, create the trust on your AWS Managed Microsoft AD.

  1. Complete all prerequisite steps.
  2. Prepare your on-premises domain for the trust relationship.
  3. Prepare your AWS Managed Microsoft AD for the trust relationship.
  4. Create the trust relationship between your on-premises Active Directory and your AWS Managed Microsoft AD.

Note: If you have connectivity issues, you can also use the AWS Systems Manager AWSSupport-TroubleshootDirectoryTrust Automation document. For more information about how to execute an Automation workflow, see Running a simple Automation workflow