> For the complete documentation index, see [llms.txt](https://mamawhocode.gitbook.io/aws/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://mamawhocode.gitbook.io/aws/services/access-management/ad-domain-service.md).

# AD Domain Service

[Docs](https://docs.aws.amazon.com/directory-service/) | [Comparison of Active Directory Services on AWS](https://docs.aws.amazon.com/whitepapers/latest/active-directory-domain-services/directory-services-options-in-aws.html#comparison-of-active-directory-services-on-aws) |

## Overview

## DNS and AD DS

AD DS use DNS name resolution services to make it possible to locate [domain controllers](#concepts). and for DC to communicate with each other.

## Concepts

* [AWS Managed Microsoft AD](#concepts): AWS Directory Service for Microsoft AD is actually Microsoft AD that deployed and managed by AWS. The service run on actual Window Server.
* [AD Connector](#concepts): a directory gateway (proxy) that redirects directory requests from AWS apps and services to existing Microsoft AD.
* [AD Trust](#concepts): a trust relationship between domains to allow authentication and authorization.
* [Forest](#concepts): a *<mark style="background-color:yellow;">top-level</mark>* container, can contain many Domains. An org creates only one forest.
* [Domain](#concepts): is a *<mark style="color:red;">**logical container**</mark>* for managing ***user, computer, group***, and other objects. Can contain many sites.

<figure><img src="https://learn.microsoft.com/en-us/training/wwl-windows-server/introduction-to-ad-ds/media/m6-domain-755853b7.png" alt=""><figcaption><p>AD DS domain</p></figcaption></figure>

* [Site](#concepts): a container for AD DS objects, such as computers and services that are specific to a physical location. Each site contains 1 or many DC.
* [Domain Controller](#concepts) (DC): contains a copy of the AD DS database. Each DC can replicate the changes to other DC in the domain.
* [FSMO](#concepts) (Flexibe Single Master Operation): a role. In AD, some updates are performed by a [DC](#concepts) with a specific role.
  * Schema Master (Forest level)
  * Domain Naming Master (Forest level)
  * RID Master (Domain level)
  * PDC Emulator (Domain level)
  * Infrastructure Master (Domain level)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mamawhocode.gitbook.io/aws/services/access-management/ad-domain-service.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.