3

We have a very basic AD usage (basically manage user password reset) and for that we have to maintain a old Windows server.

All the services our internal users access are on the cloud (GMail, Google Drive, Salesforce, etc), so since we are very dependable on internet connection, we see no problem to have a directory service on the cloud as well.

Because it's not possible to use Azure Active Directory for that ( Can I replace my domain controller with Azure Active Directory? ) , I wonder if it's possible to use AWS Directory Service

Is it possible?

Thanks

Community
  • 1
David Lojudice Sb.
  • 139
  • 4

3 Answers3

1

Yes, you can migrate your active directory to AWS Directory Service.

You can use the AWS Directory Service Simple AD (pricing here) if you have basic needs, which provides a Samba 4 compatible directory.

You can use actual Microsoft Active Directory from the directory service offering if you have more complex needs or need full compatibility.

If you want to federate between AWS and on-premise the directory service isn't always the best choice, as it gives you less flexibility than an AD server. It doesn't sound like that's what you want to do though, so ADS should be fine for you.

Tim
  • 31,888
  • 7
  • 52
  • 78
1

Microsoft recently started offering actual Active Directory services in Azure: https://azure.microsoft.com/en-us/services/active-directory-ds; if you only need centralized authentication, they can fully replace a local AD.

Massimo
  • 70,200
  • 57
  • 200
  • 323
0

I'm a little unclear as to why you can't use Azure AD to authenticate to other services, here is the tutorial for salesforce https://msdn.microsoft.com/en-us/library/azure/dn308593.aspx. The question you refer to is for non claims based authentication (local Kerberos) which you certainly can't replace with Azure AD under windows 8 and below. You can also do Self service password reset without local AD. I would just stay with what you have and drop local AD if you don't have a need.

Jim B
  • 24,081
  • 4
  • 36
  • 60
  • Hi Jim. Users don't authenticate Salesforce and other SaaS using AD. We use AD only to authenticate to local network. The thing is that we don't have local network file storge (all Google Drive), no printer access control, etc. – David Lojudice Sb. Mar 26 '15 at 22:07
  • I think we are agreeing. There is no need for all these SaaS apps to use anything other than azure ad – Jim B Mar 27 '15 at 17:06
  • No no, we don't want to use Azure AD (or any kind of AD) to authenticate any SaaS. Email and Password works greats. – David Lojudice Sb. Mar 27 '15 at 20:56
  • 1
    your question was about AWS AD- so make up your mind- either you want a directory or you don't. Azure AD _IS_ email and password – Jim B Mar 27 '15 at 22:46