By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

001 extend on-premises AD to AWS

0

Hi All

We got on-prem AD+DNS setup, and would like extend to AWS.

This will built the hybrid network. It is single forest single domain setup. Currently, for public services domain resolve, we advertise using domain registra, and mapped to on-prem compute, internal network wise it will handle by local DNS.

Question: We going to use Route 53 for global domain resolve. What is the option setting up the DNS server reside at AWS? provided there's a extended directory services from on-prem span to AWS. Extend on-premises AD to the AWS Cloud, but how about the DNS?

Or we setup the AD+DNS server using EC2, and replicate from on-prem AD+DNS to AWS EC2 AD+DNS via site replication?

Noel

Topics
Security, Identity, & ComplianceNetworking & Content Delivery
Tags
AWS Directory ServiceAmazon Route 53
Language
English
ODT Noel
asked 9 months ago281 views
2 Answers
0
Accepted Answer

If you want to extend an on-premises Active Directory (AD) to AWS, you may deploy an AD service on EC2 instances, however in that case you will need to manage the Operating System and the AD on these EC2 instances yourself.

An alternative option is to use AWS Managed Microsoft AD, which is an AWS-managed AD in the Cloud.

EC2 instances can be dynamically configured to use the required DNS server with the help of DHCP options sets to direct DNS queries to the on-premises AD or AWS Managed Microsoft AD if required.

You can also utilise Amazon Route 53 Resolver for DNS resolution between the on-premises network and AWS.

This AWS Architecture Blog post describes in detail how to run a hybrid AD service with AWS Managed Microsoft AD (it includes DNS resolution design options).

AWS
Max
answered 9 months ago
0

Hi, you may have a much more integrated way with IAM Identity center: https://aws.amazon.com/iam/identity-center/

It will easily integrate your on-prem AD: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-ad.html

You can then federate your AD identities into IAM to define policies for them by remapping AD attributes: https://docs.aws.amazon.com/singlesignon/latest/userguide/attributemappingsconcept.html

What I like most for large-scale systems is native integration with AWS Organizations: https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-accounts.html

Re. Route53, IAM Identity Center is well integrated: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/auth-and-access-control.html

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered 9 months ago
  • ODT Noel
    9 months ago

    hi sir thanks for reply

    But in nutshell, should i install native Microsoft AD with DNS on AWS, or is there any other better option?

    Thanks

    Noel

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content