Experts,
I have scenario for a customer. Customer has their on-prem AD which is reachable in their VPC via an AD Connector.
We need to establish a one-way trust relationship between On-Prem AD and the AWS Managed AD (in another account). We have established TGW peering between 2 accounts.
Question: Can I establish a one-way trust between my AWS Managed AD and Customer's on-prem AD which is reachable via AD connector? Is this a support scenario / use-case? If yes, any link to some blogs/articles will be highly appreciated.
The guide here (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html) says transitive trusts are not supported by AD connector. Does that means the scenario I mentioned above is not a valid one when using AD connector?
Thanks.
AWS OFICIALAtualizada há 3 anos
Thanks, @edmarinho. So do you suggest that I request my customer to replace their AD Connector with AWS Managed AD (or AD based on an EC2 instance). I assume that will allow to establish trust between my own AWS Managed AD and customer's on-prem but this time transiting through their AWS Managed AD in their account.
Or I should ask customer to replicate their on-prem AD with their newly provisioned AWS Managed AD in their account. And I establish one-way trust with their new AWS Managed AD only, instead of trying to establish one with their on-prem?
Sorry. Not an AD expert so not sure if both scenarios I mentioned above are valid. If both are valid, which one is preferable over the other.
Please advise.
Thanks.