Suitable Scenarios for Simple AD

Correct Answer - B, D, F.

Simple AD is a subset of the features offered by AWS Managed Microsoft AD.

It has included the ability to manage user accounts and group memberships, create and apply group policies, securely connect to Amazon EC2 instances, and provide Kerberos-based single sign-on (SSO).

Simple AD offers many advantages according to https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_simple_ad.html:

Simple AD makes it easier to manage Amazon EC2 instances running Linux and Windows and deploy Windows applications in the AWS Cloud.

Many of the applications and tools that you use today that require Microsoft Active Directory support can be used with Simple AD.User accounts in Simple AD allow access to AWS applications such as Amazon WorkSpaces, Amazon WorkDocs, or Amazon WorkMail.

You can manage AWS resources through IAM role-based access to the AWS Management Console.

Daily automated snapshots enable point-in-time recovery.

Option A is incorrect: Because Simple AD is not used to manage on-premise instances.

It is a directory service in the AWS domain.

Option B is CORRECT: Because Simple AD can provide directory service with lots of existing Active Directory tools and features supported.

Option C is incorrect: Because this is suitable for AD Connector instead of Simple AD.

Refer to https://docs.aws.amazon.com/directoryservice/latest/admin-guide/what_is.html.

Option D is CORRECT: Because Simple AD has the capability to backup with daily automated snapshots.

Option E is incorrect: Because Simple AD is a basic directory service which is not suitable for large service.

Also, note that Simple AD supports a maximum of 5000 users.

Simple AD is available in two sizes.

Small - Supports up to 500 users (approximately 2,000 objects including users, groups, and computers).

Large - Supports up to 5,000 users (approximately 20,000 objects including users, groups, and computers).

Option F is CORRECT: Because Simple AD provides basic directory service and is cheaper than “AWS Directory Service for Microsoft Active Directory”.

AWS Directory Service is a cloud-based directory service that allows developers and IT teams to use existing Microsoft Active Directory or LDAP (Lightweight Directory Access Protocol) applications in the cloud. AWS Directory Service provides multiple directory choices for customers based on their requirements. One of these options is Simple AD, which is a Microsoft Active Directory-compatible directory from AWS Directory Service powered by Samba 4.

Simple AD is suitable for specific scenarios where basic Active Directory features are required. Below are the three scenarios where Simple AD can be the best choice:

A. An operation management team needs to manage its Amazon EC2 instances and on-premises servers running Linux Ubuntu and Windows. Basic Active Directory features such as user accounts, group memberships are required.

In this scenario, Simple AD can be the right choice as it supports basic Active Directory features and is compatible with Linux Ubuntu and Windows. The operation management team can manage user accounts and group memberships using Simple AD.

B. For a small project, a standalone directory in the cloud is needed, where the operators can create and manage user identities and manage access to applications. The operators want to use many familiar Active Directory-aware applications and tools that require basic Active Directory features.

In this scenario, Simple AD is suitable as it supports basic Active Directory features and can be used to create and manage user identities and manage access to applications. The operators can also use many familiar Active Directory-aware applications and tools with Simple AD.

F. With a limited budget, a startup company requires a directory service to be set up with basic Active Directory compatibility that supports Samba 4-compatible applications.

In this scenario, Simple AD can be the best choice as it is a cost-effective option that provides basic Active Directory compatibility and supports Samba 4-compatible applications.

The other options in the question are not suitable for Simple AD:

C. The development lead needs to set up a service that allows the on-premises users to log in to AWS applications and services with their Active Directory credentials.

In this scenario, AD Connector or AWS Managed Microsoft AD would be a better choice. AD Connector is used to connect on-premises directories with AWS, while AWS Managed Microsoft AD provides a fully managed Microsoft AD in the cloud.

D. For the directory service in AWS, the security manager requires that it can be backed up via daily automated snapshots with point-in-time recovery enabled.

This requirement can be met with AWS Managed Microsoft AD, which provides daily automated snapshots with point-in-time recovery enabled.

E. A large company is considering to set up a new directory service in AWS that can support its existing 10000 users (approximately 30,000 objects including users, groups, and computers).

AWS Managed Microsoft AD would be the best choice for this scenario as it provides a fully managed Microsoft AD in the cloud and can support large numbers of users and objects. Simple AD has limitations regarding the number of users and objects it can support.

In summary, Simple AD is suitable for scenarios where basic Active Directory features are required, and the number of users and objects is not significant. For scenarios where a fully managed Microsoft AD is required or where there is a need to connect on-premises directories with AWS, AD Connector or AWS Managed Microsoft AD would be a better choice.