Questions tagged with AWS Directory Service
Content language: English
Sort by most recent
AWS Managed AD services
Hello, We are using AWS Managed Microsoft AD services , but recently the domain controllers(which are managed by AWS) has the issue, we can't resolve them because we don't have access to it and it seems without paying for premium support we can't ask AWS to fix the issue of their service. Please let us know what options do we have , because we are getting trust issues,RPC errors, we can't create or manage users, computer .
Where is domain join directory option in the new launch experience?
We have been launching windows instances using the [Seamless domain join](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html) instructions using our AD Connector for several years. Since being automatically opted-in to the new launch experience, I cannot find the option join a domain no longer appears. I can still get to it by opting-out to the old experience, but that is going to go away at some point. Am I missing this or did this feature not make it into the new experience?
Domain Controller Migration from On-premise to AWS
Dear Experts, We want to migrate on-premise domain controller to AWS. As I understand that are two options, one is migrating to Microsoft Managed AD and second is using the two ec2 instances to create the domain controller from scratch and then add it in the existing domain controller group of on-premise. This way we will be having two domain controllers running in on-premise and two domain controller in AWS. We will remove the on-premise domain controller once we are confident with AWS installed and configured domain controllers. Which you think would be the best approach for migrating DC. I am looking for approach which is less risky and easy to execute. For example with managed Microsoft AD, do we need to keep the on-going trust setup with on-premise domain controller. What should be the strategy for the two approach. With the two approach, please share the technical steps to follow.
In workspace, to maintain the timezone as UTC across all workspaces. I created the GPO settings, suggested by the aws. but the gpo rule is applying on few workspaces but it is not working on others
to maintain the desired timezone as UTC across all workspaces. i created the gpo settings suggested by the aws (https://docs.aws.amazon.com/workspaces/latest/adminguide/group_policy.html). but the group policy is working for few workspaces. whereas, for few workspaces its not working. Any suggestions?
Changing Primary Region in Directory Service for AWS Managed Microsoft AD Enterprise
I have a multi region AWS Managed Microsoft AD Enterprise directory set up in Directory Service. The primary region is us-east-1 and the secondary region is us-west-2. I need to downgrade from Enterprise to Standard (separate topic) but before I do so, I need to change the Primary Region from us-east-1 to us-west-2. I don't see any way to do this in the documentation or in the management console. Is it possible to change the Primary Region in Managed AD Enterprise? If so, how? Thanks!
Clone a WS to Another Region
We have members that use multiple workspaces in N.Virginia (us-east-1) region. The base configuration includes Simple AD. Initially, workspaces were created in this region, yet staff can be working from other regions. This leads to performance/lag problems. I'd like to clone workspaces to other regions (both preserving the installed apps and user profile on D drive). I've followed the best practices to create an image. Image Checker did not report any problems. Then I used this image, and copied it to another region (Let's say eu-west-1). I created a new bundle with the image. So far no errors. Then, attempting to launch a new WS by using the bundle, I am prompted to create a new directory. If I create a new directory, I'm required to create a new user. (Because directories are different original user is not listed in Show All Users section). Upon launching the new WS using the settings above, indeed I see an emtpy/fresh Workspace with both installed apps lost and user profile does not retain changes in the image. Based on the info above, what could be wrong? Do I need to switch to Active Directory setup? Do we have to use external tools to make a true clone? Please kindly share your knowledge. Thank you for reading. If needed I can provide additional information.
joining an ec2 instance to a customers network/domain
Hi! I built a web app on an EC2 windows instance & want to put it on my clients domain. Once the server is on the domain, the users only have to go to the server name in their browser & the app renders. I haven't worked with AWS networking & want to know if I should I use Resolver, Amazon Active Directory, or AD Connector? Preferably quick & easy. I only need to join one ec2 windows instance to my clients network. Thanks in advance!
Unable to delete Directory Service AD Connector
This is connector is in an Inoperable state. When attempting to delete it, I get the following error: Cannot delete the directory because it still has authorized applications. Any attempt to remove the AWS Console application fails. I see that others have had similar issues and it requires technical support to resolve. Is that still the case? Thanks, John
Workspaces MFA setup problem
I am trying to configure Workspaces to use MFA. I have tried setting up MFA in the AD Connector area and then tried in the Workspaces Directory area (not at the same time). In both cases it goes from Creating to Failed. On the MFA server we see a request from our expected AWS external IP with user awsfaketestuser during the MFA creation. The security group used by AD connector has 1812 TCP/UDP allowed inbound and outbound is using a NAT gateway. As we see the request from AWS on our RADIUS server, we don't suspect a network problem. We have also tried creating a user on the RADIUS host called awsfaketestuser and setting it to disabled. I'm not sure how to get more information about the error or how to fix the problem.