Tolga Talks Tech is a weekly video series in which Onica’s CTO Tolga Tarhan tackles technical topics related to AWS and cloud computing. This week, Tolga discusses active directory with Josh Lewis, Solution Architect at Onica. For more videos in this series, click here.
I hear customers talk a lot about legacy applications that require active directory as part of their migration to the cloud. What can you tell me about options for active directory on AWS?
There are 3 major options available on AWS. There is simple active directory (AD) connector, everyone is familiar with domain controllers as a physical server, so there is Amazon EC2 as a domain controller, and there is the preferred option, which is managed AWS AD.
What’s the benefit of AWS Managed AD?
Well first and foremost, there are no servers for you to maintain. Maintaining servers is a relic of the past — I don’t want to do it, you don’t want to do it, no one wants to do it anymore. So that’s a big benefit, you don’t have to pasture anything, you don’t have to log in to anything. The actual service itself is part of a very robust active directory cluster.
How do you manage and administer the active directory cluster?
You can use all the same tools that you’re already familiar with. You can use Atom, you can use PowerShell, or you can use the AWS Command Line Interface (CLI) as well.
Can you connect active directory on AWS to on-prem?
Yes you can, via a one or two-way Forest trust, which enables you to share users among the clusters.
What about VPCs? Can you share your AD cluster across VPCs?
Yes, there’s a relatively new tool called directory share, where you can take your directory inside your VPC and share across to another VPC for discovery purposes, such as enabling automatic joining like EC2 seamless domain join.
Want to learn more about how Onica operates migrations? Visit our Elevate Migrations page.