AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud. The Microsoft AD service is built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud. You can use standard Active Directory administration tools and take advantage of built-in Active Directory features such as Group Policy, trusts, and single sign-on. With Microsoft AD, you can easily join Amazon EC2 and Amazon RDS for SQL Server instances to a domain, and use AWS Enterprise IT applications such as Amazon WorkSpaces with Active Directory users and groups.
Easily migrate directory-aware, on-premises workloads
AWS Microsoft AD makes it easy to migrate Active Directory–dependent, on-premises applications and workloads to the AWS Cloud. With Microsoft AD, you can seamlessly run infrastructure across your own data center and AWS without synchronizing or replicating data from your existing Active Directory to the AWS Cloud.
Use actual Microsoft Active Directory
Take advantage of actual Microsoft Active Directory to manage your users, groups, and devices. Use familiar Active Directory administration tools and Active Directory features such as Group Policy objects (GPOs), domain trusts, and Kerberos-based single sign-on. Easily target GPOs at specific groups for fine-grained control.
Share a single directory for cloud workloads
Share a single directory for all your Active Directory-aware Amazon EC2 instances, Amazon RDS for SQL Server instances, and AWS Enterprise IT applications such as Amazon WorkSpaces. Using AWS Microsoft AD helps avoid the complexity of replicating and synchronizing data across multiple directories.
Easily extend existing domains
Easily extend your existing Active Directory to the AWS Cloud by using AWS Microsoft AD as a resource domain. With Microsoft AD, you can extend your existing Group Policies to your cloud resources, and let users log in with their existing enterprise credentials.
Administer on-premises resources from the cloud
Join your computers, laptops, and printers to a managed Active Directory domain. AWS Microsoft AD provides you the option to administer your on-premises users, groups, applications, and systems without the complexity of running and maintaining an on-premises, highly available Active Directory.
Simplify administration with a managed service
AWS Microsoft AD is built on highly available, AWS-managed infrastructure. Each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. You do not have to install software, and AWS handles all patching and software updates.
Many organizations use Active Directory GPOs to manage servers and workstations. With AWS Microsoft AD, you can use GPOs to manage Amazon EC2 instances and Amazon WorkSpaces virtual desktops that are joined to your Microsoft AD domain.
By configuring a trust from AWS Microsoft AD to your existing Active Directory, Microsoft AD can serve as a resource domain. This enables your users to sign in with SSO using their existing corporate credentials to AWS services such as Amazon RDS for SQL Server, custom .NET applications, and AWS Enterprise IT applications such as Amazon WorkSpaces.
By using a Virtual Private Network (VPN) or AWS Direct Connect from your Amazon Virtual Private Cloud (VPC) to your network, you can use AWS Microsoft AD as the Active Directory for your on-premises environment. You can join computers to your domain, administer users and groups, and manage policies, all without the expense and effort of maintaining a highly available Active Directory.
It's easy to get started with AWS Directory Service. Follow our console walkthrough to deploy your first directory in a few clicks.
