?
Solved

Does AWS have a replacement for Active Directory?

Posted on 2016-09-14
3
Medium Priority
?
233 Views
Last Modified: 2016-09-19
I have a small network that I want to use Dropbox for storage.
I need to be able to centrally authenticate my users and also push out policies like GPO's.

Does AWS have this sort of service?
All my users computers will be on premise, not in the cloud.
0
Comment
Question by:ie0
  • 2
3 Comments
 
LVL 10

Expert Comment

by:George Khairallah
ID: 41797905
AWS does have a directory service, which is Microsoft Active Directory compatible, and does support GPO.
You can read more about it here:
https://aws.amazon.com/directoryservice/

Though from what you're asking, it sounds like you would need to establish a VPC with a VPN gateway to your on-prem environment to authenticate that way. Typically for this type of scenario, it's more customary to use an on-prem AD service with an AWS EC2 instance with AD on it, to extend your on-prem environment. The Active Directory service provided by AWS, IMHO is more suited for workloads that are implemented within the AWS structure or within a specific VPC.

Hope this helps,
1
 

Author Comment

by:ie0
ID: 41798146
Sorry, I should have explained, I do not have an on premise AD server.
0
 
LVL 10

Accepted Solution

by:
George Khairallah earned 2000 total points
ID: 41798163
Correct. I understood that you didn't.
I was simply suggesting that it's usually best practice to have your AD server on premise and have RODC or even a normal DC in the cloud.
But, for an answer directly to your concern, you should be able to use AWS's directory service and connect it to your on-prem machines, but for that, you will need to use AWS's VPN service within the VPC, to connect your on-prem network, and your AWS network.  You will likely be ok as far as cost with the AWS Directory Service, as it's not too expensive, especially if you're good with just a small instance, but there is also a cost associated with the VPN service to keep in mind.

You might also want to look at the SimpleAD FAQ here:
https://aws.amazon.com/directoryservice/faqs/ 

As it will show you what SimpleAD can and cannot do. If it does meet your needs, then great, otherwise, you may be better served with installing AD on an AWS EC2 instance, and connecting it to your environment in the same way. (i.e: VPN)

Hope this helps :)
1

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windocks is an independent port of Docker's open source to Windows.   This article introduces the use of SQL Server in containers, with integrated support of SQL Server database cloning.
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Steps to create a PostgreSQL RDS instance in the Amazon cloud. We will cover some of the default settings and show how to connect to the instance once it is up and running.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question