In my last column I explained that Amazon Web Services (AWS), which is cloud-based directory services, is based on Microsoft Active Directory.
This column was about creating a cloud-based Active Directory environment. It is possible to make your existing on-premises Active Directory available to AWS. This post will demonstrate how.
Sign in to the AWS Console to begin the process. After logging in, go to the console’s home screen and click on the Directory Service link. This link is located under Security & Identity. This will take you to the AWS Directory Service screen as shown in Figure 1.
[Click on the image to see a larger version.] Figure 1: Click on the Get Started Now button. This is an informational screen, as you can see. This screen can be used to access information about creating a directory, connecting the cloud, managing access, and other topics. However, you cannot actually create or extend Active Directory from this screen. Click on the Get Started Now button shown in Figure 1.
You will now be taken to the Choose Directory Type screen (see Figure 2). As you can see AWS offers three Active Directory options. The Microsoft AD is the first option. This is the option you would choose if you want to create an Active Directory that is completely cloud-based. If you are interested, please see my column on the subject.
[Click on the image to see a larger version.] Figure 2: You can choose the type of Active Directory you want to create from the Choose Directory Type screen. You can also create a simple Active Directory. A simple Active Directory acts as an emulator of the Active Directory. It’s not a Microsoft Active Directory. The directory is actually based on Samba. The Simple AD is Active Directory compatible and offers most of the important Active Directory capabilities and features. The Simple AD is a lightweight directory environment that I think is similar to LDAP.
The AD Connector is the third option. If you want to link your Active Directory environment on-premises to the AWS cloud, you will choose the AD Connector.
The AD Connector is not just a cloud-based domain controller. You are not synchronizing your Active Directory on-premises to a cloud domain controller. This would require the cloud-based controller to be domain-joined and a mechanism to securely synchronize directory information.
The AD Connector, instead, is a proxy server. It does not require Active Directory sync. The AD Connector forwards requests (such query requests or sign-in requests) to your domain controllers on-premises. The AD Connector does not synchronize your domain controllers with the cloud. This means that Active Directory management will remain unchanged. For instance, you can still use the Active Directory Users and Computers console for creating, editing, and deleting user accounts.
Clicking on the Create AD Connector button will take you to a screen asking you for basic information about your Active Directory on-premises. You will be asked for information such as the DNS server name, user name, password, and IP address. Figure 3 shows you how these options look.
[Click on the image to see a larger version.] Figure 3: The console requests basic information about your environment. As you can see AWS only requires very basic information. I’m assuming that the process of entering required information will be fairly self-explanatory. You can also visit the AWS docu if you need additional help.