AWS Microsoft Directory

Summary

• This is a native managed MS Active Directory 2012 R2 installation.
• Managed using standard AD tools
• Supports Group Policy and Single Sign-On
• Support Schema extensions for MS AD aware app
• SharePoint, MS SQL Server and Distributed File System
• Small size support up to 30,000 objects  (5000 users)
• Enterprise supports up to 500,000 objects
• Service injects to ENIs into VPC; one per domain controller

Diagram

Features

• User authentication and authorization for AWS product and services in AWS
• Highly available by default in 2AZs with 1 domain controller in each zone
• Fully managed by AWS including monitoring, recovery, replication, snapshots and maintenance
• Supports one-way and two-way trusts with on premises MS AD
• AWS directory can continue to function fully if network link to on-premises master is down
• Supports RADIUS based MFA

Pricing

• prices are per hour, with additional charges of extra domain controllers and sharing across multiple accounts
• for standard edition, cost is about $300 per month running 24×30
• for enterprise edition, cost is about $420 per month running 24×30 with 3 additional accounts sharing the service