An IT firm has Active Directory (AD) at the on-premises location.
They are planning to migrate some of the servers to the AWS cloud and having hybrid connectivity built.
IT Team is looking to set up an AD within AWS cloud which should have two-way forest trust relation with on-premises AD.
This AD should be a primary AD for all future nodes deployed in the AWS cloud.
AD should be set up with the least cost and minimum admin work. Which of the following can be set up to meet the requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
AWS Managed Microsoft AD can be used to provide a managed AD within the AWS cloud.
This can be used for managing users locally within the AWS cloud.
It can establish a two-way forest trust relationship with on-premises AD.Option A is incorrect as AD Connector supports replication with on-prem AD.
It does not support two-way with on-prem AD.Option C is incorrect as Microsoft AD on Amazon EC2 instance can be used to create a replica of on-prem AD in AWS cloud.
But it will not support two-way trust relations with on-prem AD.
Also, this will require additional admin work for managing AD on Amazon EC2 instances.
Option D is incorrect as Simple AD cannot be joined with on-premises AD.For more information on AWS Directory Service, refer to the following URL,
https://aws.amazon.com/directoryservice/faqs/The IT firm has an on-premises Active Directory (AD), and they plan to migrate some servers to AWS cloud and establish hybrid connectivity. They want to set up an AD within AWS cloud with two-way forest trust relation with the on-premises AD. The new AD should be a primary AD for all future nodes deployed in the AWS cloud. Additionally, they want to minimize the cost and admin work required for this setup. Let's discuss the options available to meet the requirement:
A. AD Connector: AD Connector is a proxy service that AWS provides for connecting AWS resources to an existing on-premises Active Directory. It does not create a new Active Directory, and it does not support trust relationships. Hence, AD Connector cannot be used to meet the requirement.
B. AWS Managed Microsoft AD: AWS Managed Microsoft AD is a fully managed, highly available, and scalable Active Directory service provided by AWS. It enables users to create their own Active Directory in AWS and establish a trust relationship with their on-premises Active Directory. It supports two-way trust relationships, and users can use it as a primary AD for AWS resources. As it is fully managed, it reduces the admin work required to set up and maintain the AD infrastructure. Hence, AWS Managed Microsoft AD can be used to meet the requirement.
C. Microsoft AD on Amazon EC2 instance: Amazon EC2 provides a feature called EC2 instances, which allow users to run their own applications and services on AWS. Users can install Active Directory on an EC2 instance and configure it to establish a trust relationship with their on-premises Active Directory. However, this option requires users to manage the infrastructure, including monitoring, patching, and maintaining the EC2 instances. Moreover, it may not be the most cost-effective solution as it involves additional costs for EC2 instances, storage, and data transfer. Hence, Microsoft AD on Amazon EC2 instance may not be the optimal choice to meet the requirement.
D. Simple AD: Simple AD is a directory service offered by AWS that is compatible with Microsoft Active Directory. However, it does not support forest trust relationships, and users cannot use it as a primary AD for AWS resources. Hence, Simple AD cannot be used to meet the requirement.
Conclusion: Among the options available, only AWS Managed Microsoft AD supports two-way forest trust relationships and can be used as a primary AD for AWS resources. As it is fully managed, it reduces the admin work required to set up and maintain the AD infrastructure. Hence, the answer is option B, AWS Managed Microsoft AD.