AD Domain Service

Active Directory Domain Services on AWS

Docs | Comparison of Active Directory Services on AWS |

Overview

DNS and AD DS

AD DS use DNS name resolution services to make it possible to locate domain controllers. and for DC to communicate with each other.

Concepts

• AWS Managed Microsoft AD: AWS Directory Service for Microsoft AD is actually Microsoft AD that deployed and managed by AWS. The service run on actual Window Server.

• AD Connector: a directory gateway (proxy) that redirects directory requests from AWS apps and services to existing Microsoft AD.

• AD Trust: a trust relationship between domains to allow authentication and authorization.

• Forest: a top-level container, can contain many Domains. An org creates only one forest.

• Domain: is a logical container for managing user, computer, group, and other objects. Can contain many sites.

AD DS domain

• Site: a container for AD DS objects, such as computers and services that are specific to a physical location. Each site contains 1 or many DC.
• Domain Controller (DC): contains a copy of the AD DS database. Each DC can replicate the changes to other DC in the domain.
• FSMO (Flexibe Single Master Operation): a role. In AD, some updates are performed by a DC with a specific role.

  • Schema Master (Forest level)

  • Domain Naming Master (Forest level)

  • RID Master (Domain level)

  • PDC Emulator (Domain level)

  • Infrastructure Master (Domain level)