with AWS managed Microsoft active directory you can quickly integrate your identities with your workloads and services on AWS whether you're migrating and setting up trusts with your self-managed ad or you decide to deploy AWS managed ad as your primary source of authentication AWS managed ad can help you on your modernization journey today I am going to demonstrate a deployment of AWS managed Microsoft ad and some of the integration steps along with a few of the supported AWS services and features so let's dive right into the console and get started first we'll head over to the directory service you can deploy managed ad using the console the CLI or with infrastructure as code we're going to do today's demo within the console AWS managed Microsoft ad is already defaulted in the drop-down menu so we'll go ahead and select setup directory click on next now we have a few options in fields that need to be completed for this demo we'll select Enterprise Edition the Enterprise Edition is optimized for approximately half a million objects and we have the ability to deploy it in a multi- region configuration next we'll need to provide the DNS name for the directory I'll be using the DNS name demo. corp. local with a net bios name of demo with AWS managed Microsoft ad you're given a delegated admin account that has full access to a delegated OU where you can create your users your groups computer objects group policies and Define fine grained password policies so let's go ahead and set a password for this default account click on next now we need to specify the VPC and the two subnets that will be used by the service we'll select uswest 1B and uswest 1C in this case click next and we simply have to review the options that we selected and click create directory this will deploy the domain controllers and inject the Enis into the subnets that you selected this normally takes a little while to complete so we'll switch over to another region where I've already deployed AWS managed Microsoft ad as I mentioned Enterprise Edition is capable of being multi- region so let's extend this directory to another region where we may want to run some additional workloads we'll go aead and click on ADD region select the region that we want to deploy the additional domain controller site to in this case us e 2 then we'll select the VPC choosing a CER range that doesn't overlap and two subnets that it will be deployed into so we'll use again 2 a and 2 B we'll click the add button and this will deploy all of the underlying infrastructure and deploy the domain controllers into a new active directory site now let's take a look at the seamless domain join feature so with the seamless domain join feature there's no need to script or automate your windows and Linux systems to join the AWS managed Microsoft ad when they're launched we'll walk through this example using an ec2 instance so we'll browse over to the service click on launch instance we'll give it a name of example hyphen Windows hyphen ec2 and we'll be using a Windows Server 2022 lens included Ami for this and we can leave it with the t2. micro that will be fine for our purposes we can select a key pair make sure that we have the appro appropriate network settings for this ec2 instance in the security groups scroll the whole way to the bottom into the advanced details this is where we're going to be doing the SE seamless domain join settings we'll select our directory from the dropdown menu demo. corp. looc and an IM am Ro that includes the Amazon SSM managed instance core and Amazon SSM directory service access permissions attached to it I have one created here for that purpose we'll launch the instance and that's all we need to do at this point we can launch it it will automatically join the domain for us no scripting no maintenance needed so at this point we have our active directory domain controllers deployed in a multi- region configuration we're able to seamlessly join our instances to the directory as well as manage that directory from our domain joined instances so what about developer workstation access access well we can easily integrate our AWS managed Microsoft ad with Amazon workspaces we'll browse over to the workspaces service Amazon workspaces gives you the ability to deploy virtual cloud-based windows and Linux desktops for your users let's take a look at what it takes to integrate Amazon workspaces with our directory let's click on create workspaces to start the process as you can see our directory is listed here it's the first time that we're using this directory so we'll need to register it let's go ahead and select it click register we'll select the two subnets we'll use again 2 a and 2B we can choose to enable self-service permissions self-service enables your users to change things like dis volume size compute type and so on but we'll leave that unchecked for now we can also enable the same managed active directory for use with our work doc service right here in the console but we'll leave that unchecked in this demo let's click on register now we can select our newly registered directory and click on next we have the option to assign users from our directory and assign them directly to this particular workspace or we have the ability to create new users from this console location so we'll go ahead and create a user in our directory we'll call him John Smith we'll include an email address as well click on next and we can see here that we can select from users that are already in our directory or the user that we just created our John Smith user let's click on next select the bundle that we want to use and in this case we'll go ahead and use the free tier eligible One clicking next again we can leave the defaults here for the rest of the options including customizations reviewing the options that we've already configured click create work spaces and that's it with just a few clicks we've integrated our active Direct Factory with workspaces created our first virtual desktop for one of our new users so once this workspace deploys the user will receive an email do their first password reset and be able to start using the environment another common use case that we see is Windows integrated authentication for Microsoft SQL databases AWS managed Microsoft ad makes it easy to enable this feature with Amazon relational database service or RDS let's browse to the service and in here you have the ability to create or modify existing RDS SQL instances so that you can use active directory credentials to access those database resources let's walk through the integration steps we'll go ahead and create a new database selecting Microsoft SQL as the engine option we're going to leave most of the defaults here but we'll go ahead and specify an admin password continue to scroll down take notice of the Microsoft SQL Server Windows authentication option let's go ahead and enable that with a click we can browse for our directory here's our demo. corp. looc we're choosing that continue to scroll down create the database and that's it once once this spins up we'll have a Microsoft SQL database instance that's integrated with our AWS managed Microsoft ad we can connect to it using standard SQL tools and begin configuring permissions for the users and groups in that directory we just looked at a couple of the supported native AWS features and services that directly integrate with AWS managed Microsoft ad with just a few clicks we were able to deploy all of our active directory infrastructure in a mult M region configuration seamlessly join new server instances to The Domain deploy virtual desktops for our users and deploy an active directory integrated Microsoft SQL instance these are just a few of the ways that AWS managed Microsoft ad integrates directly with AWS services and your workloads as we've seen it's easy to deploy this in your account for testing and production purposes thank you for joining me as we learned about AWS managed Microsoft active directory