I can't connect to my directory with AWS Directory Service administration tools. How can I manage my directory from a different Amazon Elastic Compute Cloud (Amazon EC2) Windows instance in my domain?

You can manage AWS Directory Service resources using Microsoft Active Directory (AD) administration tools.

AWS Directory Service includes:

Because Simple AD and AWS Managed Microsoft AD are managed services, you don't have direct access to Active Directory controllers. To manage resources such as organizational units (OUs), users, and groups, we recommend that you perform administrative actions remotely from another EC2 instance launched in the same VPC and Active Directory domain.

Note: Simple AD directories don't support Active Directory Web Services. Tools that rely on Active Directory Web Services, such as the Active Directory Administrative Center, don't work with a Simple AD directory. For more information, see How To Administer AWS Managed Microsoft AD.

You can perform Active Directory administrative functions from another Windows instance.

Install the Microsoft Remote Server Administration Tools (RSAT) on another Windows instance that's already joined to the Active Directory domain. Alternatively, launch a temporary instance in the same subnet as the directory service controllers, join the instance to the domain, and then install RSAT. For more information about joining a server to an existing domain, see Seamlessly Join a Windows EC2 Instance.

RSAT is available in Server Manager on Windows Server 2008 and later versions. RSAT is a free download for these Windows operating systems:

Note: RSAT is supported with Simple AD and AWS Managed Microsoft AD. RSAT isn't supported with AD Connector.

Published: 2016-12-23

Updated: 2018-11-16