This recipe will show you how to deploy an AWS Simple Active Directory (Simple AD) service.
Simple AD is powered by Samba 4 and is a Microsoft Active Directory compatible managed service. It will work with many applications that require Active Directory support and provides a large range of the commonly used Active Directory features, including the following:
- User accounts
- Single sign-on (Kerberos)
- Group memberships
- Domain joining
It also integrates with other services provided by AWS, such as the following:
- AWS Management Console
- WorkMail
- WorkDocs
- WorkSpaces and WorkSpaces Application Manager
AWS manages backup and restoration of the directory for you in the form of daily snapshots and the ability to perform point-in-time recovery.
Features that aren't supported include the following:
- Trust relationships with other AD domains
- DNS dynamic updates
- Schema extensions
- MFA
- LDAPS
- PowerShell AD cmdlets
- Transfer of FSMO roles
The ideal scenario for Simple AD usage is when you don't require advanced AD features and you're supporting less than 5,000 users. If either of these isn't true, you will want to look at AWS' fully fledged Microsoft Active Directory service. Brace yourself for some added complexity and much higher cost if you choose this path, however.