Can we extend OnPrem to Managed AD with trust then do migration with ADMT

Question

Hi Guys,  
  
We have our Domain Controllers running on Microsoft AD hosted on EC2 instances. It has lot of users and conputers authenticating against it.   
Now the goal is to make your environment compatible for AWS applications and integration, seamless Domain join of new EC2s and lastly to retire EC2 hosted DCs.  
  
In order to achieve this, can we extend our EC2 AD to AWS Managed AD with AD trust and then migrate all objects and passwords with ADMT tool and then demote EC2 AD?? Is this a good solution?

Accepted Answer

Yes that is the best plan.  The Trust will allow users in your self hosted domain to access AWS applications including RDS and FSx.  ADMT is the recommended way of migrating to AWS Managed AD.  This blog post describes the process.  
  
https://aws.amazon.com/blogs/security/how-to-migrate-your-on-premises-domain-to-aws-managed-microsoft-ad-using-admt/

Can we extend OnPrem to Managed AD with trust then do migration with ADMT

관련 콘텐츠