Managed service offering, providing directories that contain information about the organization, including users, groups, computers, and other resources.

Provides multiple ways including: Simple AD as a standalone directory service, AD Connector to use On-Premise Microsoft Active Directory with other AWS services, and AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also referred to as Microsoft AD.

Microsoft Active Directory compatible directory from AWS Directory Service that is powered by Samba 4.

The least expensive option and the best choice if there are 5,000 or fewer users & don’t need the more advanced Microsoft Active Directory features

Supports commonly used Active Directory features such as user accounts, group memberships, domain-joining EC2 instances running Linux and Windows, kerberos-based single sign-on (SSO), and group policies .

Does not support features like DNS dynamic update, schema extensions, multi-factor authentication, communication over LDAPS, PowerShell AD cmdlets, and the transfer of FSMO roles.

Provides daily automated snapshots to enable point-in-time recovery.

Trust relationships cannot be setup between Simple AD and other Active Directory domains

Helps connect to an existing on-premises Active Directory to AWS.

Forwards sign-in requests to the Active Directory domain controllers for authentication and provides the ability for applications to query the directory for data

Enables consistent enforcement of existing security policies, such as password expiration, password history, and account lockouts, whether users are accessing resources on premises or in the AWS cloud.

Is a feature-rich managed Microsoft Active Directory hosted on the AWS.

Best choice if there are more than 5,000 users and need a trust relationship set up between an AWS hosted directory and on-premises directories.

Provides much of the functionality offered by Microsoft Active Directory plus integration with AWS applications .

To access the AWS Management Console Using AWS Microsoft AD and Your On-Premises Credentials ypu need to follow the next steps:

1. In AWS apps & services section for the AWS Microsoft AD directory, enable all services. This is used to activate the access for services include Amazon WorkSpaces, Amazon WorkMail, RDS SQL Server, and AWS Management Console.

2. Enable AWS Management Console access for the AWS Microsoft AD directory and get the URL that can be used to connect to the console. For example, the AWS Management Console URL is “https://example-corp.awsapps.com/console”.

3. Assign on-premises users and groups to IAM roles.

If the VGW (Virtual Private Gateway) used to connect to the On-Premise AD is not stable or has connectivity issues use; Simple AD (least expensive option), Read-only Domain Controllers (RODCs) (works out as a Read-only Active Directory, typically deployed in locations where physical security cannot be guaranteed ) or Writable Domain Controllers (are expensive to setup; operate in a multi-master model; changes can be made on any writable server in the forest, and those changes are replicated to servers throughout the entire forest).

Simple AD - Managed AD Introduction