Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions Links


SQL Server DBA Jobs

Best practices for running Microsoft Active Directory Services on AWS

11 March,2022 by Tom Collins

Best practices for running Microsoft Active Directory Services on AWS

To extend Active Directory Services from on-prem to AWS - that is the question

I watched a very informative video by Boris Nisenbaum at AWS

These are my video notes , with some added questions\ comments . Full video at bottom 


Options for running MS Active Directory (AD) on AWS

Primary reason   to deploy AD is to support Windows workloads running on AWS. A standard use case - might be deploying AWS RDS SQL Server with Single-Sign on with on-prem resources

Option 1 : self managed AWS EC2. Deploy domain controllers  and add to forest

            --expand on-premises and extend the corporate AD

            --retain full admin access

Option 2: AWS Managed Microsoft AD

             - based on MS AD

             -single tenant , dedicated to customer

             - default of 2 domain controllers

             - provides delegated admin authority 

            - supports standard AD management tools

            -AWS managed infrastructure

             -seamless  integration with AWS services such as RDS

Common deployment patterns

        -extending your AD to AWS on Amazon EC2

           - 2 DC to 2 Regions 

            -AWS AD - deploy a separate active forest with one or two -way truct 

            - will allow\support access to on-prem resources 

Patterns for architecture

       - common single region - AD on Amazon EC2

       - Multi-region design - AD on Amazon EC2

      -AWS managed AD - single region 



          -AWS managed AD - multi region 



benefits of managed AD

                           - seamless integration with AD

                           - reduce management overhead

                           - faster deployments  using APIs

                           - High Availability 


SQL Server RDS will only work with AWS AD managed services to work with SSO . A one-way or two-way trust is required 


Watch the full video 

Author: Tom Collins (


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on Best practices for running Microsoft Active Directory Services on AWS | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer