By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

One-Way trust between AWS Managed AD and On-Prem AD (reachable via AD Connector) ?

0

Experts,

I have scenario for a customer. Customer has their on-prem AD which is reachable in their VPC via an AD Connector. We need to establish a one-way trust relationship between On-Prem AD and the AWS Managed AD (in another account). We have established TGW peering between 2 accounts.

Question: Can I establish a one-way trust between my AWS Managed AD and Customer's on-prem AD which is reachable via AD connector? Is this a support scenario / use-case? If yes, any link to some blogs/articles will be highly appreciated.

The guide here (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_ad_connector.html) says transitive trusts are not supported by AD connector. Does that means the scenario I mentioned above is not a valid one when using AD connector?

Thanks.

Topics
Security, Identity, & Compliance
Tags
AWS Directory Service
Language
English
Shiraz Malik
asked a year ago285 views
1 Answer
0

Transitivity is used to log into child domains of the forest that is on-premise. AD Connector is used as a gateway for authenticating users not for replication or trust.

edmarinho
answered a year ago
  • Shiraz Malik
    a year ago

    Thanks, @edmarinho. So do you suggest that I request my customer to replace their AD Connector with AWS Managed AD (or AD based on an EC2 instance). I assume that will allow to establish trust between my own AWS Managed AD and customer's on-prem but this time transiting through their AWS Managed AD in their account.

    Or I should ask customer to replicate their on-prem AD with their newly provisioned AWS Managed AD in their account. And I establish one-way trust with their new AWS Managed AD only, instead of trying to establish one with their on-prem?

    Sorry. Not an AD expert so not sure if both scenarios I mentioned above are valid. If both are valid, which one is preferable over the other.

    Please advise.

    Thanks.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content