Skip to Content

AWS and Active Directory – What are the limitations?

Posted on October 31, 2022 by

Categories: AWS


It’s not hard to see why the cloud is becoming the destination of choice for a growing number of businesses’ data processing needs. Cloud service providers, like Amazon Web Services (AWS), provide safety, adaptability, scalability, and low initial cost. They provide features like automated software upgrades and backups in case of an emergency. The development of specifications like CloudAudit, which give a standardised approach to delivering in-depth metrics on a cloud system’s performance and security, is underway.

Even with the suggested enhancements, auditing vital cloud-based data is fraught with some significant obstacles and worries. After all, you’re still trusting a server over which you have little to no control with your most important data. In the long run, the cost and lack of flexibility of cloud solutions make them less attractive than in-house alternatives. There’s always the risk that your cloud service provider won’t be around when you need them or that you’ll experience downtime.

IT administrators may now use Amazon Web Services’ (AWS) AWS Directory Service to install and administer Microsoft Active Directory on their servers. Microsoft Active Directory, Simple Active Directory, and AD Connector are the three alternatives for deploying Active Directory on AWS. However, there are drawbacks to every potential course of action.

Tweet: “Simple AD offers a subset of Microsoft AD’s functionality” hash tags=”Cloud, AWS, “]

The first choice, Microsoft Active Directory (AD), is the business version of AWS Directory Service and can manage up to 50,000 users or about 200,000 Active Directory objects. Users, groups, and computers are all examples of possible objects. These constraints are not likely to be a concern for small businesses, but they might be for large enterprises that process a huge volume of Active Directory users and items. Furthermore, customers are unable to adjust the performance parameters in Microsoft AD via the AWS Directory Service, making it difficult for them to resolve performance concerns. For a particular instance of Active Directory, users may desire to modify various resource allocations, such as those for processing, storage, and memory. If you already have an Active Directory database on-premises, you will not be able to move it to AWS at this time, which is a major limitation.

If you’re looking to host Active Directory on AWS but have a limited budget, Simple AD is a low-cost solution that meets all of the necessary technical specifications. The functions available in Microsoft’s Active Directory are simplified in Simple AD. While you can use it to manage users, groups, and machines, you can’t set up trust connections across domains or add domain controllers to instances. In addition, tools including the Active Directory Administration Center, the Active Directory Trash, and PowerShell will be unavailable. There will be restrictions on password policies, group managed service accounts, and schema extensions. Again, this may work for smaller businesses, but large enterprises would likely need Microsoft Active Directory.

Connecting your current on-premises Active Directory database to AWS is possible using the third option, AD Connector. With the help of AD Connector, you can reduce the time and effort required to manage and maintain your own infrastructure, which may save you money. Using AD Connector, you can control Active Directory in the cloud with the same methods you do on-premises. Because AWS does not employ caching, your company will have complete command over the handling of any sensitive information. However, administrators are unable to make changes to Active Directory on AWS via the AD Connector, limiting their ability to fix any resulting performance issues.

There are benefits and drawbacks to using AWS to host Active Directory. It may be argued that an on-premises configuration is preferable for larger organisations that want complete privacy and security of their data. A local installation may cost more to begin, but it will save money in the long term. In addition, costs are decreasing. Solutions like LepideAuditor, for instance, provide you full command over your data by providing a complete auditing and reporting suite at an accessible price.