Technically, Microsoft’s proprietary Active Directory service is a hierarchical, multi-master-enabled database that can store millions of objects. In other words, Active Directory (AD) is a database and a set of services that connect its users with the network resources they need.
Active Directory runs on Windows Server where admins manage permissions and grant access to the Directory. The Directory stores data as objects, which can be a user, a group, an application, or a device. It also houses critical information about environments, their computers, and related access permissions.
So, the primary purpose of Active Directory is to serve as a centralized security management system that enables organizations to keep their networks secure and organized. It is a welcome benefit that Active Directory accomplishes this without having to use up excessive IT resources.
Not only does Microsoft’s Active Directory Service enable organizations to keep their network secure and organized without having to use up excessive IT resources, it also provides Single Sign-on (SSO) for access to global resources as well as serving as a Simplified Resource Location. In other words, Active Directory offers centralized control and monitoring while providing a seamless user experience. And, changes to the database can be processed at any given domain controller, regardless of whether it is connected or disconnected from the network.
It is Active Directory’s structured data store, and because all objects are categorized according to their names and attributes, it is easy for administrators and users to find and use the information on their network. The Active Directory structure is comprised of three main components: domains, trees, and forests. Several objects, like users or devices that use the same Active Directory database, can be grouped into a single domain. These objects typically include shared resources such as servers, volumes, printers, and network user and computer accounts.
Microsoft Active Directory has one disadvantage, it is a Windows-only solution. Therefore, if Linux or Mac machines need to be managed, they will require LDAP (Lightweight Directory Access Protocol) clients. However, AWS Directory Service for Microsoft Active Directory lets you run Microsoft Active Directory as a managed service.
AWS Managed Microsoft AD is created as a highly available pair of domain controllers connected to your Virtual Private Cloud (VPC), and runs in different Availability Zones, in a Region of your choice. Additionally, because this is a fully managed AWS service, host monitoring and recovery, data replication, snapshots, and software updates are automatically configured and managed for you. And that’s not all.
You can also configure a trust relationship between AWS Managed Microsoft AD, in the AWS cloud, and your existing on-premises Microsoft Active Directory. This relationship provides users and groups with access to the resources of either domain, with the AWS IAM Identity Center.
After your directory has been created, you can manage users and groups, provide single sign-on to applications and services, create and apply group policy, and simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads. Furthermore, you can provide an additional layer of security by enabling multi-factor authentication, and securely connecting to Amazon EC2 Linux and Windows instances.
To learn more about Microsoft workloads on AWS, check out these blog posts:
nClouds can help you with AWS Managed Microsoft AD, a migration strategy for moving your Microsoft workloads to AWS, and all your AWS services requirements.