What is Microsoft Active Directory (AD)?

Imagine you join a company. IT gives you ONE username and password. You sit at ANY computer in the office, type that username and password — you're logged in. You can access the printer, shared files, everything — based on what your role allows.

• That central server holding all this info is called the Domain Controller
• Users, computers, printers etc. are called objects
• Objects are organized in trees, a group of trees = forest

AD is basically a database that stores:

• Who you are (username, password)
• What you are allowed to access (permissions)
• What resources you can use (printers, files, systems, apps)
• Which group you belong to (intern, developer, manager etc.)

Admin sits on the Domain Controller and decides:

• Create new user → add to AD
• Give this user access to X resource → update in AD
• Remove intern after internship ends → delete from AD

AWS Directory Services — 3 Options

When you move to AWS, you need to decide how to handle your users and AD. AWS gives you 3 options depending on your situation.

1. AWS Managed Microsoft AD

• AWS creates a full AD for you inside AWS. Your users live in AWS.

If you already have an AD in your office, both can talk to each other via a "trust" connection — so office users and AWS users can access each other's resources.

How many ADs exist here? → 2

• Your old office AD (still running on-premise)
• The new AWS Managed AD (running inside AWS)

Use when: You want a proper AD in AWS, and you may or may not have an office AD already.