En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

One-Way trust between AWS Managed AD and On-Prem AD (reachable via AD Connector) ?

0

Experts,

I have scenario for a customer. Customer has their on-prem AD which is reachable in their VPC via an AD Connector. We need to establish a one-way trust relationship between On-Prem AD and the AWS Managed AD (in another account). We have established TGW peering between 2 accounts.

Question: Can I establish a one-way trust between my AWS Managed AD and Customer's on-prem AD which is reachable via AD connector? Is this a support scenario / use-case? If yes, any link to some blogs/articles will be highly appreciated.

The guide here (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html) says transitive trusts are not supported by AD connector. Does that means the scenario I mentioned above is not a valid one when using AD connector?

Thanks.

Sujets
Sécurité, identité et conformité
Balises
Service de répertoire AWS
Langue
English
Shiraz Malik
demandé il y a un an296 vues
1 réponse
0

Transitivity is used to log into child domains of the forest that is on-premise. AD Connector is used as a gateway for authenticating users not for replication or trust.

edmarinho
répondu il y a un an
  • Shiraz Malik
    il y a un an

    Thanks, @edmarinho. So do you suggest that I request my customer to replace their AD Connector with AWS Managed AD (or AD based on an EC2 instance). I assume that will allow to establish trust between my own AWS Managed AD and customer's on-prem but this time transiting through their AWS Managed AD in their account.

    Or I should ask customer to replicate their on-prem AD with their newly provisioned AWS Managed AD in their account. And I establish one-way trust with their new AWS Managed AD only, instead of trying to establish one with their on-prem?

    Sorry. Not an AD expert so not sure if both scenarios I mentioned above are valid. If both are valid, which one is preferable over the other.

    Please advise.

    Thanks.

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents