AD Connector always the ability to manage users held in a on-premise MS Active Directory using a connector.
Features
- redirects requests to existing AD services
- no data is stored on AWS
- supports directory-aware AWS products such as Amazon WorkSpaces, Amazon WorkDocs, Amazon QuickSight, Amazon Chime, Amazon Connect, and Amazon Relational Database Service for Microsoft SQL Server
- implemented as pair of directory endpoints in 2 subnets in different AZs running as ENIs in a VPC
- available in small and large sizes (AWS allocates and charges you based on allocation)
- each connector connects to 1 or more on premise directory services
Use Cases for AD Connector
- Running proof of concepts for existing set of non AWS users
- when not allowed to store user data in AWS for legal reasons
- when there is an existing small AWS deployment
Use Cases for not using AD Connector
- when very high availability or performance is required and hence data needs to reside on AWS
- when there is no highly reliable and performant network connectivity between on premise and AWS
- when there is only a single network connection to AWS
- when a Simple AD solution will suffice (no MFA, no two-way trust, etc)
- when the user base are customers and not employees
Good Companions for AD Connector
- Direct Connect
- Site to Site VPN
Advanced Features of AD Connector
- Can run multiple AD connectors to spread the load if required