Actual Microsoft Active Directory

AWS Managed Microsoft AD is actual Microsoft Active Directory running on AWS-managed infrastructure. This enables you to administer your users and devices in AWS Managed Microsoft AD by using the tools you already know, such as Active Directory Administrative Center and Active Directory Users and Computers.

High availability (HA)

Because directories are mission-critical infrastructure, AWS Managed Microsoft AD is deployed in HA and across multiple Availability Zones. You can also scale out your AWS Managed Microsoft AD directory by deploying additional domain controllers to increase the resiliency of your managed directory for even higher availability.

AWS-managed infrastructure

AWS Managed Microsoft AD runs on AWS managed infrastructure with monitoring that automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. You do not need to install software, and AWS handles all of the patching and software updates.

HIPAA and PCI Eligible

You can use AWS Managed Microsoft AD to build and run Active Directory (AD)–aware applications in the AWS Cloud that are subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) or Payment Card Industry Data Security Standard (PCI DSS) compliance. AWS Managed Microsoft AD reduces the effort required of you to deploy compliant AD infrastructure for your cloud-based applications, as you manage your own HIPAA risk management programs or PCI DSS compliance certification.

Trust support

You can integrate AWS Managed Microsoft AD easily with your existing Active Directory by using Active Directory trust relationships. Using trusts enables you to control which Active Directory users can access your AWS resources from your existing Active Directory.

Group-based policies

Because AWS Managed Microsoft AD is running on actual Microsoft Active Directory, you can manage users and devices by using native Active Directory Group Policy objects (GPOs). You can create GPOs with existing tools, such as the Group Policy Management Console (GPMC).

Single sign-on (SSO)

AWS Managed Microsoft AD uses the same Kerberos-based authentication as Active Directory to deliver SSO. By integrating your AWS resources with AWS Managed Microsoft AD, your users will be able to sign in with SSO to AWS applications and resources with a single set of credentials.

Seamless domain join

AWS Managed Microsoft AD enables you to use seamless domain join for new and existing Amazon EC2 for Windows Server instances. For new EC2 for Windows Server instances, you can choose which domain to join at launch time by using the AWS Management Console. You can use seamless domain join for existing EC2 for Windows Server instances by using the EC2Config service. Amazon EC2 instances can also join to a single, shared directory from any AWS account and any Amazon VPC within a Region.

Single directory for all directory-aware workloads

AWS Managed Microsoft AD enables you to use a single directory for your directory-aware workloads in AWS cloud resources such as Amazon EC2 instances, Amazon RDS for SQL Server instances, and AWS Enterprise IT applications such as Amazon WorkSpaces. Sharing a directory allows your directory-aware workloads to easily manage Amazon EC2 instances across multiple AWS accounts and Amazon VPCs within a Region. It also helps avoid the complexity of replicating and synchronizing data across multiple directories.

Federated access to the AWS Management Console

AWS Managed Microsoft AD makes it easy to federate access for users and groups to the AWS Management Console. Using federation helps improve the security of your AWS environment by eliminating individual user passwords and allowing you to manage access based on a single identity from Active Directory.

Daily snapshots

AWS Managed Microsoft AD provides built-in, daily, automated snapshots. You can also take additional snapshots before critical application updates to make sure you have the most recent data in case you need to roll back a change.

Learn more about product pricing

See pricing examples and calculate your costs.

Learn more 
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building in the console

Get started building with AWS Directory Service in the AWS Console.

Sign in