How can I set up a trust relationship between two AWS Managed Microsoft AD domains, which use the same VPC?

Question

I created two AWS Managed Microsoft AD and want to create a trust relationship between them.
I found a topic, where a trust relationship is set up between two AWS Managed Microsoft AD in different VPCs, but I would like to to the same in one VPC. 
Is that possible? I checked the security groups, but they are be ok I think.

When I create the trust relationship I always get the error:

Trust relationship status failed
The remote domain is not reachable. Please ensure your security group settings are correct and your conditional forwarder is configured properly. Learn more

Accepted Answer

Yes it is possible to create a trust between two AWS Managed Microsoft AD forests. The most common reason for the error message "The remote domain is not reachable" is that the default settings applied to the security group attached to each directory blocks outbound traffic. The steps in this article describe how to allow outbound trust traffic.

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_troubleshooting_trusts.html#no_domain_name

How can I set up a trust relationship between two AWS Managed Microsoft AD domains, which use the same VPC?

相关内容