Directory Service AD Connector

Last Updated : 14-Nov-2020

AD Connector always the ability to manage users held in a on-premise MS Active Directory using a connector.


  • redirects requests to existing AD services
  • no data is stored on AWS
  • supports directory-aware AWS products such as Amazon WorkSpaces, Amazon WorkDocs, Amazon QuickSight, Amazon Chime, Amazon Connect, and Amazon Relational Database Service for Microsoft SQL Server
  • implemented as pair of directory endpoints in 2 subnets in different AZs running as ENIs in a VPC
  • available in small and large sizes (AWS allocates and charges you based on allocation)
  • each connector connects to 1 or more on premise directory services

Use Cases for AD Connector

  • Running proof of concepts for existing set of non AWS users
  • when not allowed to store user data in AWS for legal reasons
  • when there is an existing small AWS deployment

Use Cases for not using AD Connector

  • when very high availability or performance is required and hence data needs to reside on AWS
  • when there is no highly reliable and performant network connectivity between on premise and AWS
  • when there is only a single network connection to AWS
  • when a Simple AD solution will suffice (no MFA, no two-way trust, etc)
  • when the user base are customers and not employees

Good Companions for AD Connector

  • Direct Connect
  • Site to Site VPN

Advanced Features of AD Connector

  • Can run multiple AD connectors to spread the load if required
Using Template: Template Post
magnifier linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram