AWS Directory Service | AWS Microsoft AD Flashcards

1
Q

In which AWS regions is AWS Directory Service available?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Refer to Regional Products and Services for details of AWS Directory Service availability by region

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do I create a AWS Microsoft AD directory?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

You can launch the AWS Directory Service console from the AWS Management Console to create a AWS Microsoft AD directory. Alternatively, you can use the AWS SDK or AWS CLI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How are AWS Microsoft AD directories deployed?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

AWS Microsoft AD directories are deployed across two Availability Zones in a region by default and connected to your Amazon Virtual Private Cloud (VPC). Backups are automatically taken once per day, and the Amazon Elastic Block Store (EBS) volumes are encrypted to ensure that data is secured at rest. Domain controllers that fail are automatically replaced in the same Availability Zone using the same IP address, and a full disaster recovery can be performed using the latest backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Can I configure the storage, CPU, or memory parameters of my AWS Microsoft AD directory?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

No. This functionality is not supported at this time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do I manage users and groups for AWS Microsoft AD?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

You can use your existing Active Directory tools—running on Windows computers that are joined to the AWS Microsoft AD domain—to manage users and groups in AWS Microsoft AD directories. No special tools, policies, or behavior changes are required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How are my administrative permissions different between AWS Microsoft AD and running Active Directory in my own Amazon EC2 Windows instances?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

In order to deliver a managed-service experience, AWS Microsoft AD must disallow operations by customers that would interfere with managing the service. Therefore, AWS does not provide Windows PowerShell access to directory instances, and it restricts access to directory objects, roles, and groups that require elevated privileges. AWS Microsoft AD does not allow direct host access to domain controllers via Telnet, Secure Shell (SSH), or Windows Remote Desktop Connection. When you create an AWS Microsoft AD directory, you are assigned an organizational unit (OU) and an administrative account with delegated administrative rights for the OU. You can create user accounts, groups, and policies within the OU by using standard Remote Server Administration Tools such as Active Directory Users and Groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can I use Microsoft Network Policy Server (NPS) with AWS Microsoft AD?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. The administrative account created for you when AWS Microsoft AD is set up has delegated management rights over the Remote Access Service (RAS) and Internet Authentication Service (IAS) security group. This enables you to register NPS with AWS Microsoft AD and manage network access policies for accounts in your domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Does AWS Microsoft AD support schema extensions?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. AWS Microsoft AD supports schema extensions that you submit to the service in the form of a LDAP Data Interchange Format (LDIF) file. You may extend but not modify the core Active Directory schema.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which applications are compatible with AWS Microsoft AD?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

The following applications are compatible with AWS Microsoft AD:

Amazon Chime

Amazon Connect

Amazon EC2

Amazon RDS for SQL Server

Amazon QuickSight

Amazon WorkDocs

Amazon WorkMail

Amazon WorkSpaces

AWS Management Console

Active Directory Federation Services (AD FS)

Application Server (.NET)

Azure Active Directory (AD) Connect

Enterprise Certificate Authority

Remote Desktop Licensing Manager

SharePoint Server

SQL Server

Note that not all configurations of these applications may be supported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Can I migrate my existing, on-premises Microsoft Active Directory to AWS Microsoft AD?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

AWS does not provide any migration tools to migrate a self-managed Active Directory to AWS Microsoft AD. You must establish a strategy for performing migration including password resets, and implement the plans using Remote Server Administration Tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can I configure conditional forwarders and trusts in the Directory Service console?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. You can configure conditional forwarders and trusts for AWS Microsoft AD using the Directory Service console as well as the API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can I add additional domain controllers manually to my AWS Microsoft AD?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. You can add additional domain controllers to your managed domain using the AWS Directory Service console or API. Note that promoting Amazon EC2 instances to domain controllers manually is not supported.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can I use Microsoft Office 365 with user accounts managed in AWS Microsoft AD?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. You can synchronize identities from AWS Microsoft AD to Azure AD using Azure AD Connect and use Microsoft Active Directory Federation Services (AD FS) for Windows 2016 with AWS Microsoft AD to authenticate Office 365 users. For step-by-step instructions, see How to Enable Your Users to Access Office 365 with AWS Microsoft Active Directory Credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Can I use Security Assertion Markup Language (SAML) 2.0–based authentication with cloud applications using AWS Microsoft AD?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. You can use Microsoft Active Directory Federation Services (AD FS) for Windows 2016 with your AWS Microsoft AD managed domain to authenticate users to cloud applications that support SAML.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Can I encrypt communication between my applications and AWS Microsoft AD using LDAPS?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. AWS Microsoft AD supports Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) on port 636, and LDAP over Transport Layer Security (TLS) on port 389, also known as LDAPS. You enable both types of LDAPS communication by installing a certificate on your AWS Microsoft AD domain controllers from a Microsoft Certificate Authority (CA). To learn more, see How to Enable LDAPS for Your AWS Microsoft AD Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How many users, groups, computers, and total objects does AWS Microsoft AD support?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

AWS Microsoft AD (Standard Edition) includes 1 GB of directory object storage. This capacity can support up to 5,000 users or 30,000 directory objects, including users, groups, and computers. AWS Microsoft AD (Enterprise Edition) includes 17 GB of directory object storage, which can support up to 100,000 users or 500,000 objects.

17
Q

Can I use AWS Microsoft AD as a primary directory?

AWS Microsoft AD

AWS Directory Service | Security, Identity & Compliance

A

Yes. You can use it as a primary directory to manage users, groups, computers, and Group Policy objects (GPOs) in the cloud. You can manage access and provide single sign-on (SSO) to AWS applications and services, and to third-party directory-aware applications running on Amazon EC2 instances in the AWS Cloud. In addition, you can use Azure AD Connect and AD FS to support SSO to cloud applications, including Office 365.