Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

One-Way trust between AWS Managed AD and On-Prem AD (reachable via AD Connector) ?

0

Experts,

I have scenario for a customer. Customer has their on-prem AD which is reachable in their VPC via an AD Connector. We need to establish a one-way trust relationship between On-Prem AD and the AWS Managed AD (in another account). We have established TGW peering between 2 accounts.

Question: Can I establish a one-way trust between my AWS Managed AD and Customer's on-prem AD which is reachable via AD connector? Is this a support scenario / use-case? If yes, any link to some blogs/articles will be highly appreciated.

The guide here (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html) says transitive trusts are not supported by AD connector. Does that means the scenario I mentioned above is not a valid one when using AD connector?

Thanks.

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS Directory Service
Idioma
English
Shiraz Malik
preguntada hace un año295 visualizaciones
1 Respuesta
0

Transitivity is used to log into child domains of the forest that is on-premise. AD Connector is used as a gateway for authenticating users not for replication or trust.

edmarinho
respondido hace un año
  • Shiraz Malik
    hace un año

    Thanks, @edmarinho. So do you suggest that I request my customer to replace their AD Connector with AWS Managed AD (or AD based on an EC2 instance). I assume that will allow to establish trust between my own AWS Managed AD and customer's on-prem but this time transiting through their AWS Managed AD in their account.

    Or I should ask customer to replicate their on-prem AD with their newly provisioned AWS Managed AD in their account. And I establish one-way trust with their new AWS Managed AD only, instead of trying to establish one with their on-prem?

    Sorry. Not an AD expert so not sure if both scenarios I mentioned above are valid. If both are valid, which one is preferable over the other.

    Please advise.

    Thanks.

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante