Amazon Directory Service Features

Amazon Web Services Managed Microsoft AD is actual Microsoft Active Directory (AD) running on Amazon Web Services-managed infrastructure. This enables you to administer your users and devices in Amazon Web Services Managed Microsoft AD by using the tools you already know, such as Active Directory Administrative Center and Active Directory Users and Computers.

Because directories are mission-critical infrastructure, Amazon Web Services Managed Microsoft AD is deployed in high availability and across multiple Availability Zones. You can also scale out your Amazon Web Services Managed Microsoft AD directory by deploying additional domain controllers to increase the resiliency of your managed directory for even higher availability.

Amazon Web Services Managed Microsoft AD runs on  infrastructure managed by us with monitoring that automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. You do not need to install software, and we handle all of the patching and software updates.

You can easily integrate Amazon Web Services Managed Microsoft AD with your existing AD by using AD trust relationships. Using trusts enables you to use your existing Active Directory to control which AD users can access your Amazon Web Services resources.

Amazon Web Services Managed Microsoft AD allows you to manage users and devices using native Active Directory Group Policy objects (GPOs). You can create GPOs with existing tools, such as the Group Policy Management Console (GPMC).

Amazon Web Services Managed Microsoft AD enables you to use seamless domain join for new and existing Amazon EC2 for Windows Server and Amazon EC2 for Linux instances. For new EC2 instances, you can choose which domain to join at launch time by using the Amazon Web Services Management Console. You can use seamless domain join for existing EC2 instances by using the EC2Config service. Amazon EC2 instances can also join to a single shared directory from any Amazon Web Services account and any Amazon VPC within a Region.

Amazon Web Services Managed Microsoft AD enables you to use a single directory for your directory-aware workloads in Amazon Web Services resources such as Amazon EC2 instances, Amazon RDS for SQL Server instances, and Amazon End User Computing services, such as Amazon WorkSpaces. Sharing a directory allows your directory-aware workloads to easily manage Amazon EC2 instances across multiple Amazon Web Services accounts and Amazon VPCs within a Region. It also helps avoid the complexity of replicating and synchronizing data across multiple directories.

Amazon Web Services Managed Microsoft AD provides built-in, daily, automated snapshots. You can also take additional snapshots before critical application updates to make sure you have the most recent data in case you need to roll back a change.