Directory Service

(Microsoft AD)

• It comes in two sizes, Standard which is designed for around 5000 user businesses and can hold up to 30000 objects, or you can select Enterprise, which can cope with up to 500000 objects.

• Also supports RADIUS-based MFA, achieved by integration the product with any on-premises RADIUS server or RADIUS infrastructure that you already have in place.

• All Directory Service modes run inside an AWS account.

• They are hosted in an AWS-managed VPC but injected into your VPC subnets.

• Each subnet gets an ENI connected to a domain controller.

• Domain controllers are highly available and replicate data between each other.

• AWS handles patching and maintenance automatically.

• Microsoft AD mode provides a full native Microsoft Active Directory in AWS.

• It has its own users and objects and supports AWS services like WorkSpaces, RDS, and Console.

• Only Microsoft AD mode supports one-way and two-way trusts with on-premise AD.

• On-prem users can access AWS resources, and AWS users can access on-prem resources.

• Ideal for long-term hybrid network or migration strategies.

• Supports schema extensions and Windows applications like RDS SQL Server, SharePoint, and DFS.

• Integrates with RADIUS for multi-factor authentication.

• Can work with Microsoft services like Azure and Microsoft 365.

• Supports DirSync and ADFS for identity synchronization and federation.

• EC2 and other AWS services can use it for authentication and authorization.

(AD Connector)