> For the complete documentation index, see [llms.txt](https://ysfang82.gitbook.io/development-notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ysfang82.gitbook.io/development-notes/aws-notes/service/identity-and-federation/directory-service.md). # Directory Service **Introduction** * Managed Microsoft Active Directory in the AWS Cloud * To run directories in the AWS Cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. **Feature** * Types: * AWS Managed Microsoft AD (standalone / 2 way forest trust with on-premise AD **through DX / VPN**) * Microsoft Active Directory in the AWS Cloud. * AD Connector * A proxy for redirecting directory requests to your existing Microsoft Active Directory. * No caching capability * Manage users solely on-premise, no trust relationship. * **through VPN or Direct Connect (DX)** * Doesn't work with SQL Server, doesn't do seamlessly joining, can't share directory. * Simple AD * A standalone managed directory that is powered by a Linux-Samba Active Directory–compatible server. * Supports joining EC2 instances, manage users and groups. * Not support MFA, RDS SQL Server, AWS SSO. * For 500, 5000 users with small, large model. * No trust relationship. * Amazon Cognito User Pools (User pools are user directories to provide sign-up and sign-in options. And Cognito Identity pools are to provide AWS credentials.) * Can add user registration and sign-in features to your apps. * Can sign in with an email address, phone number, or user name rather than use an external identity provider. * Can create custom registration fields and store metadata in your user directory, verification for email addresses and phone numbers, passwords recovery, MFA, etc. * Supports: * Multi-AZ deployment, automated backups. * Seamlessly Domain join EC2 instances from multiple AWS accounts and VPCs. * Can be integrated with: RDS, Workspace, QuickSight, Amazon SSO, etc. * Standalone repository in AWS or joined to on-premise AD * Connection with 3 kinds of trust: * 1-way trust (AWS to on-premise) * 1-way trust (on-premise to AWS) * 2-way forest trust (but not replication) **Scenario** * AD Replication between AWS Managed Microsoft AD and on-premise: * Create another Microsoft AD EC2 for self-replication from on-premise Microsoft AD. * Establish trust between the AWS Managed Microsoft AD and EC2. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ysfang82.gitbook.io/development-notes/aws-notes/service/identity-and-federation/directory-service.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.