How to Create Trust Between AWS Managed Active Directory and On-Premises Active Directory

No video

How to Create Trust Between AWS Managed Active Directory and On-Premises Active Directory

Рет қаралды 34,998

7 жыл бұрын

Learn more about AWS Directory Service at - amzn.to/2vcEdgh.
This will explain how you can create a trust relationship between AWS managed Active Directory (AD) and another AD such as on-premises AD. It will allow you to federate identities and integrate AWS services such as WorkSpaces and RDS with on-premises AD.
More info can be found in the following links:
aws.amazon.com/blogs/security...
docs.aws.amazon.com/directorys...

Пікірлер: 30

@syedtaqiullahhussaini9419 4 жыл бұрын

Very Nice Presentation.

@carlosalonsosouza6439 Жыл бұрын

Nice presentation. Thank you for sharing. One info though for those that follow this video. Pay attention to the security group of the Managed servers that are created when enabling the instance on AWS . I took some time to figure out why I could not establish the trust from the AWS interface. We must add a rule to authorize outbound network. Cheers

@amazonwebservices Жыл бұрын

Thanks, Carlos! We're glad you like it! 😀 🙌

@dockert2990 3 жыл бұрын

Great presentation, thank you! Is it possible to migrate an AWS managed Microsoft Active Directory to an on-prem/unmanaged AD?

@alecwhitehouse3959 5 жыл бұрын

My assumption with contoso.com is that it is on AWS but we are simulating an on-prem scenario with it?

@joshuademebo5745 6 жыл бұрын

Nice video, but I have a question, please how do I add the on-prem CIDR Block IP address on the subnets?

@SriwanthaAttanayake 6 жыл бұрын

Can you give more detailed question. What exactly you are trying to do?

@SriwanthaAttanayake 5 жыл бұрын

Can you be more specific on the question. When you create the subnet you can specify the CIDR block

@charleslassiter6082 22 күн бұрын

great presentation but the background music is very distracting

@rudresh.h.ddoddamani8389 6 жыл бұрын

Hi I have few questions. please help me on this. 1) Can we create windows 10 or 7 vm in this AWS ? 2) if i create windows 10 or 7 vm in worksspace can we add this Vm in EC domain vm ( wt we create now ) ? please help me on this.

@SriwanthaAttanayake 5 жыл бұрын

You can. A few ways to do that. 1. You can use Amazon workspaces that comes with Windows 10, you can create an VM image and import it to AWS and then spin up a VM out of it. There is no out of the box AMI for windows 10. Any reason why you need to create a VM out of windows 10. Windows 2016 server is pretty much similar

@tayyabnawaz9773 4 жыл бұрын

I followed your's & AWS's tutorial but every example has two domains name merging into one e.g Contoso.com and corp.example.com. Can we not just extend the only one domain name used by On-Prem ( contoso.com) over to AWS and use the resources ? Please reply.

@hamidkhalil9598 2 жыл бұрын

Look who I found... XD

@TayyabNawaz3 2 жыл бұрын

Hahaha

@connorbrown9500 4 жыл бұрын

What peering connection do we have the subnets route table target to connect to 192.168.0.0/16?

@dconwheels5309 5 жыл бұрын

Do I have to purchase that domain name to configure dns

@SriwanthaAttanayake 5 жыл бұрын

No, you do not need to purchase the domain name. For example, I don't own contoso.com domain, but I can still create a domain out of that name. Of cause you can then use it only internally. You can use any domain name internally.

@microsoft365sachi8 5 жыл бұрын

how to join domain end-user system or our premises.Because AD run on aws premises .

@SriwanthaAttanayake 5 жыл бұрын

You first need to setup a network connectivity between AWS and on premises. Yoiu can use either a VPN based solution or AWS direct connect. Once you setup the network connectivity AWS AD behaves similar to on prem AD and you can domain join on premises machines to AWS. Read more at docs.aws.amazon.com/vpc/latest/userguide/vpn-connections.html and docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

@ashishtripathi7897 5 жыл бұрын

Hi, I set up the same lab and ping working from cloud to premise and vice versa.but unable to create a trust between cloud and premise. While pinging from cloud to premise with permise domain name its not ping. Please help me to resolve

@markbulmer5227 4 жыл бұрын

I just did this lab and had the same issue. I realized it's the Security Group that's automatically created by the Managed AD ... (look into your security groups and you'll see it named similarly to your Managed AD ID, just open the inbound and outbound ports and make sure it's going to the correct address and not just another SG).

@ThangLe-pd6tk Жыл бұрын

@@markbulmer5227 I had the same issue. For security group of Managed AD, I allowed all traffic but still error.

@xammocoloniax Жыл бұрын

@@ThangLe-pd6tk Me too, can ping both domain names from the other side fine (on ManagedAD side I have a member server in the same subnet as the ManagedAD, added to domain). Security groups allowing all traffic both ways. No luck yet.

@ThangLe-pd6tk Жыл бұрын

@@xammocoloniax you can try check peering connection correct or not. Maybe different subnet

@praveenmor3963 3 жыл бұрын

"So far so good" It would have been great if you have added a "WHY" factor as well to all that you are doing.

@emmanuelorsar1224 Ай бұрын

Very godly presentation. You deserve a leg of my shoe lol. This was totally awesome. Do you have a youtube channel i can sub or follow

@abhijitroy-sz6th 6 жыл бұрын

After login with domain admin i can create user/group but cannot edit/create any GPO. Cannot even change permission it's all grayed out. Please help.

@abhijitroy-sz6th 6 жыл бұрын

issue fixed. thanks.

@SriwanthaAttanayake 6 жыл бұрын

You can create GPO only on a specific organization unit (OU) starting with your domain name. You can't create GPO at any place you like.

@yemigbajobi6168 4 жыл бұрын

Just a suggestion..The re needs to be a break in the practical to explain what you want to do and how to achieve. The video seem like a long string with no break in-between.