Now Available: Simplified Configuration of Trust Relationships in the AWS Directory Service Console

Today, we made it easier for you to configure trust relationships between AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also referred to as Microsoft AD, and your on-premises Microsoft Active Directory. Establishing trust relationships requires conditional forwarders, which resolve Domain Name System (DNS) queries between the domain names of trusting directories. Now, by completing a single field in the Directory Service console at the same time you create a trust relationship, you can more easily configure conditional forwarders.

Previously, Directory Service did not offer a simple solution for configuring conditional forwarders. For example, you had to install Microsoft DNS Manager on an Amazon EC2 instance running Microsoft Windows Server in your Amazon Virtual Private Cloud. That instance also had to join a domain in order to connect remotely to Microsoft AD by using DNS Manager.

Starting today, you can configure conditional forwarders in the Directory Service console or by using the API. We have updated the Directory Service documentation with a tutorial that shows how to create a trust relationship between your Microsoft AD on AWS and your on-premises domain. To get started with the API, see the API Reference. (Note that using the Directory Service console creates the conditional forwarder on the AWS side. You still must create conditional forwarders manually on your on-premises DNS servers.)

The following screenshot shows the Directory Service console’s updated Add a trust relationship page. To get to this page, select a directory in the Directory Service console, click the Trust Relationships tab, and then click Add Trust Relationship.

If you have comments about this new feature or any part of this blog post, please add a comment in the “Comments” section below. If you have implementation or usage questions, start a new thread on the Directory Service forum.

– Bryan