Migrate/Extend On-Premise AD to AWS Directory service.
Many of us have traditional architecture On-Premise servers and we are hosting our heavy workloads like application servers and database servers depends to our needs.However sometimes we also needed to extend directory to use for Cloud workloads hosted on AWS or some other Environments.
AWS Directory Service allows us to quickly deploy and manage Windows AD Structures inside a Private or Public VPC.
with using AWS DS you dont need to manage and make some specific configurations, AWS will host this directories as two back-end instances (Domain Controller , Alternative Domain Controller) on different Availability zones for availability and redundancy. So you do not need to worry about them.
Consideration for Cut-Out Migration
Here is what you need to know before Migrate to AWS AD Service.
- when you use AWS Directory Service you will dont have a Domain Admin Rights.(you will have a delegated admin right to manage your Organizational Units , Users and others.)
- İf you want to use Office 365 / Azure AD Connect for Password and Directory synchronizations over AWS Directory Service you will need a pass-through synchronizations servers with configured AD Federation Services. Here you go , thanks me later :) https://aws.amazon.com/blogs/security/how-to-enable-your-users-to-access-office-365-with-aws-microsoft-active-directory-credentials/
Extending your existing directory to AWS with AD Trust
Firstly be sure you have a two way trust connection between your on-premise directory and you newly created aws directory service , to do that follow up below guide.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_tutorial_setup_trust.html
you can easily sync your existing user passwords with using Password Export Server if you configured on you domain then start for Migrating objects.
also if you want to automatically join your AWS EC2 machines use below article be sure you have created a role.
see you another another stories..
