- Newest
- Most votes
- Most comments
Yes, the situation you describe would be my recommendation. This blog post describes the process.
https://aws.amazon.com/blogs/security/how-to-migrate-your-on-premises-domain-to-aws-managed-microsoft-ad-using-admt/
Hello There,
Thank you for contacting AWS.
Please find the answers below to your questions:
-
As per the use you mentioned it seems AD connector would be a more suitable option as it will allow your self managed AD users to use services like WorkSpaces, WorkDocs and AWS Management Console with same AD credentials. The AD connector will also give you the feature of seamless domain join of your EC2 instances to self managed AD.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/prereq_connector.html -
When using ADMT the source and destination domain name cannot be same.
-
As per the use case your users and computers are present in self managed AD and creating a AWS Managed AD just for the purpose of trust does not seem efficient. You can go with AD connector as stated above.
If you want 2 directories and you are going to create users and computers in AWS Managed AD then you can go with this option. -
The ideal situation to migrate from on-prem AD to AWS Managed AD will be when you are moving your entire on-prem infrastructure to AWS or you no longer want to manage the Active Directory yourself and want AWS to do it for you.
With AWS Managed Microsoft AD, you can run directory-aware workloads in the AWS Cloud, including Microsoft SharePoint and custom .NET and SQL Server-based applications which cannot be done with AD connector.
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html
I hope this information helps.
Thanks
Thanks for your detailed answer, it was really helpful and informative.
Another situation, if we completely want to get rid of EC2 hosted Microsoft AD, then can we first create a AWS managed AD with a different domain name and then create a AD trust in between and migrate everything from EC2 AD to AWS AD with ADMT tool and then demote ED hosted AD, will this work? What will be the best approach in this case.
Relevant content
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago