Directory Service

It’s based on open source SAMBA 4.

It can run up to 500 users in Small mode and up to 5000 users in Large mode.

Simple AD mode is NOT designed to integrate with existing directory services and is NOT a full implementation of Microsoft Active Directory Service (MS AD).

It integrates with:

It’s a full-fledged managed deployment of AD DS running at 2012 R2 Forest and Domain functional levels. Which means you can run directory-aware workloads in the AWS Cloud, including Microsoft SharePoint and custom .NET and SQL Server-based applications. It also supports MFA.

It’s designed to either run Microsoft AD mainly on AWS or for when you already have an existing on-prem directory.

You can create a trust relationship with an on-prem instance but you can do so only using private networking (Dx, Site-to-site VPN). Since there’s a trust relationship even if the networking between AWS and the premises fail, the AD will still be able to function.

In case you only want to use one AWS service that requires Directory services (like Workspaces) while already having an on-prem Active Directory. You’ll need private connectivity to your on-prem AD. It supports MFA.

You deploy the connector and connect it to the on-prem AD, then services can use the connector.

The connector is just a PROXY without local functionality. If the connection fails, then services won’t work.

This allows you to not provision an entire directory service.

It can accomodate for up to 500 users in Small mode and up to 5000 users in Large mode.