This recipe will show you how to deploy an AWS Simple Active Directory (Simple AD) service.
Simple AD is powered by Samba 4, and is a Microsoft AD-compatible, managed service. It will work with many applications that require AD support, and provides a large range of the commonly used AD features, including the following:
- User accounts
- Single sign-on (Kerberos)
- Group memberships
- Domain joining
It also integrates with other services provided by AWS, such as the following:
- AWS Management Console
- WorkMail
- WorkDocs
- WorkSpaces and WorkSpaces Application Manager
AWS manages the backup and restoration of the directory for you, in the form of daily snapshots, and through its ability to perform point-in-time recovery.
Features that aren't supported include the following:
- Trust relationships with other AD domains
- DNS dynamic updates
- Schema extensions
- MFA
- LDAPS (short for Lightweight Directory Application Protocol Secure)
- PowerShell AD cmdlets
- Transfer of FSMO roles
The ideal scenario for Simple AD usage, is when you don't require advanced AD features and you're supporting less than 5,000 users. If either of these isn't true, you will want to look at the full-featured Microsoft AD service. However, brace yourself for some added complexity and much higher costs if you choose this path.