Directory Service directory migration between accounts

0

Hello to anyone reading,

I have a question about the following, imagine that an AWS customer creates their account and chooses to use the Directory Service service for their Microsoft AD.

Over the years, this company was purchased by a company and its account became a daughter account.

Is it possible to migrate as a replica the Directory service with all the records of groups, users and everything else? Taking into account that after migration the Directory has to be deleted from the child account.

Thank you very much.

asked 2 years ago638 views
1 Answer
-1

Good day, there

Yes, you can now use the Active Directory Migration Toolkit (ADMT) along with the Password Export Service (PES) to migrate your self-managed AD to AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, since the company was purchased and running their AD's on premises.This makes it easier for you to move AD objects and encrypted passwords for your users.Please see the attached document for more information.

Resource: https://aws.amazon.com/blogs/security/how-to-migrate-your-on-premises-domain-to-aws-managed-microsoft-ad-using-admt/

answered 2 years ago
  • This answer is incorrect, you cannot migrate password out of AWS Managed AD, you could migrate the users themselves from one directory to another but SID history and passwords would not be synced to the new managed Active Directory environment.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions