I want to create a trust relationship between my on-premises domain and my AWS Directory Service for Microsoft Active Directory.
A trust relationship is a link between two different domains, where one domain (the trusting domain) trusts another (the trusted domain). A one-way trust scenario allows the user accounts from the trusted domain to access resources in the trusting domain.
AWS Managed Microsoft AD supports external and forest trust relationships with your existing on-premises domain in all three trust relationship directions:
- One-way incoming
- One-way outgoing
- Two-way (bidirectional)
To create a trust relationship between your AWS Managed Microsoft AD and your on-premises domain, perform the following steps:
Important: You must create the trust on the on-premises domain first. Then, create the trust on your AWS Managed Microsoft AD.
- Complete all prerequisite steps.
- Prepare your on-premises domain for the trust relationship.
- Prepare your AWS Managed Microsoft AD for the trust relationship.
- Create the trust relationship between your on-premises Active Directory and your AWS Managed Microsoft AD.
If you have connectivity issues, use the AWS Systems Manager AWSSupport-TroubleshootDirectoryTrust Automation document. For more information, see Run an automation.
Trust creation status reasons
What is AWS Directory Service?