Directory Service

Simple AD Mode
Managed Microsoft AD Mode
AD Connector Mode
Quick Comparison Table

In this article, we explore the capabilities of AWS Directory Service and its seamless integration with Microsoft Active Directory (AD). By understanding how Active Directory functions as a centralized system to manage users, permissions, and access rights, you can better appreciate how AWS Directory Service simplifies directory management in the cloud. Active Directory is a directory service developed by Microsoft. It enables administrators to control access to applications, services, and network resources by centrally managing user permissions. Whether you’re managing cloud applications, SaaS solutions, or on-premises applications, Active Directory is the backbone for secure and efficient access control.

The image is a diagram illustrating the flow of authentication and access between a Workspace, Active Directory, and Resources. It shows the process of authenticating through Active Directory to access resources.

AWS Directory Service delivers a fully managed implementation of directory services similar to Active Directory. Just as Amazon RDS eliminates the complexities of database management, AWS Directory Service reduces the operational burdens associated with running your own Active Directory infrastructure across multiple availability zones.

Using AWS Directory Service, organizations can achieve high levels of availability and scalability while ensuring secure directory operations in the cloud.

Below, we outline the three primary modes in which AWS Directory Service can operate. Each mode is designed to meet distinct integration needs and use cases:

Simple AD Mode

In Simple AD mode, AWS Directory Service functions as a standalone directory within the AWS environment. This mode is ideal for AWS-compatible services that require basic directory functionalities. However, Simple AD is built using the Samba protocol and does not offer the full range of features available in Microsoft AD. It is intended for isolated deployments and does not support integration with existing on-premises directories.

Managed Microsoft AD Mode

For users who need advanced features and full compatibility with Microsoft Active Directory, AWS offers the Managed Microsoft AD mode. This service deploys a genuine instance of Microsoft AD in the AWS cloud, making it suitable for applications that depend on specific AD functionalities. Additionally, if you have an existing on-premises Active Directory, you can establish a trust relationship with your Managed Microsoft AD instance to create a seamless hybrid environment between your on-premises and cloud resources.

The image illustrates a diagram of directory service modes for Managed Microsoft AD, showing a trust relationship between a virtual private cloud (VPC) and an on-premise setup.

AD Connector Mode

Organizations that already maintain an on-premises Active Directory and prefer not to deploy a separate cloud instance can opt for the AD Connector mode. In this configuration, AWS Directory Service provides a proxy that connects AWS services, such as AWS WorkSpaces, directly to your on-premises AD. This solution avoids duplicating directory infrastructure in the cloud while still enabling secure integration with AWS services.

The image illustrates a diagram of a Directory Service Mode using an AD Connector, showing a connection between a Virtual Private Cloud (VPC) and an on-premise setup.

Quick Comparison Table

Directory Service Mode	Description	Key Use Case
Simple AD	Standalone directory in AWS using Samba; supports basic directory operations.	Lightweight directory needs that do not require full AD features.
Managed Microsoft AD	Full-featured Microsoft AD deployed in AWS; supports trust relationships with on-premises AD.	Applications that demand advanced AD functionalities and hybrid setups.
AD Connector	Acts as a proxy to connect AWS services to an existing on-premises Active Directory.	Integrating AWS services with an existing on-premises directory without duplication.

In summary, AWS Directory Service offers flexible modes—Simple AD, Managed Microsoft AD, and AD Connector—to address a variety of organizational needs. Whether you require a standalone cloud directory, an advanced Microsoft AD experience, or a proxy integration with your on-premises system, this managed service ensures enhanced performance, high availability, and seamless integration across your deployment scenarios.

For more in-depth information on AWS Directory Service and its features, refer to the AWS Directory Service Documentation.

Watch Video

Cognito

Verified Permissions

⌘I

Introduction

Services Networking

Services Storage

Services Compute

Services Database

Services Application Integration

Services Data and ML

Services Migration and Transfer

Services Management and Governance

Services Security

Bringing it all together

Designing for Security

Designing for Reliability

Designing for Performance

Designing for Cost Optimization

Applying your Design Skills

Simple AD Mode

Managed Microsoft AD Mode

AD Connector Mode

Quick Comparison Table

Watch Video

Introduction

Services Networking

Services Storage

Services Compute

Services Database

Services Application Integration

Services Data and ML

Services Migration and Transfer

Services Management and Governance

Services Security

Bringing it all together

Designing for Security

Designing for Reliability

Designing for Performance

Designing for Cost Optimization

Applying your Design Skills

​Simple AD Mode

​Managed Microsoft AD Mode

​AD Connector Mode

​Quick Comparison Table

Watch Video

Simple AD Mode

Managed Microsoft AD Mode

AD Connector Mode

Quick Comparison Table