Active Directory (Single or Multiple Domains)
Active Directory is a directory service that supports LDAP (Lightweight Directory Access Protocol), developed by Microsoft for Windows domain networks.
Last updated
Active Directory is a directory service that supports LDAP (Lightweight Directory Access Protocol), developed by Microsoft for Windows domain networks.
Last updated
In this section, we must configure the information about the Directory Service and the service account used to execute operations on it. The main part is set during the first setup, asking for the following information:
Directory ID: Automatically populated once created.
NetBios Name: A shortened version of the domain name, typically up to 15 characters. Example: CLOUD.
Fully Qualified Domain Name (FQDN or DNS Name): The complete domain name that includes both the hostname and the domain. Example: NUVENS.CLOUD.
Default OU: The default Organizational Unit (OU) for user accounts in Active Directory, provided in LDAP format using a distinguished name (DN) structure. Example: DC=nuvens,DC=cloud or OU=Sales,DC=nuvens,DC=cloud.
Service Account: A specialized account for running services, applications, or scheduled tasks in an Active Directory Windows environment. It should have the required permissions for WSM to interact with Active Directory and may need to follow corporate naming conventions. Example: ad.service.
Service Password: Critical for maintaining security, especially since service accounts typically have elevated permissions.
Cost Optimizer Bucket: The name of the S3 bucket where the Amazon Cost Optimizer for WorkSpaces management tool stores its data.
Dry Run Mode: A feature that simulates potential cost-saving actions without applying them.
Active Directory Integrated: Enhances network and management capabilities by leveraging the security and replication benefits of Active Directory integration.
Multi Domains (Active Directory)
Once the Multiple Domains option for Active Directory has been enabled, additional configuration elements for the Forest can be defined, such as:
Forest Service Account: A service account used within the context of an Active Directory forest, which is the top-level structure for managing a group of domains that share a common schema, configuration, and trust relationships.
Forest Service Password: This password secures the Forest Service Account, which typically has elevated privileges across multiple domains. The security of this password is crucial due to the account's high-level access within the forest.
Preferred Domain: Refers to the primary or most authoritative domain in the forest, typically used for managing resources, services, and administrative tasks across the entire forest.
Disable Delete Computer Object: This feature prevents the deletion of computer objects in Active Directory when associated WorkSpaces are deleted, which could otherwise leave orphaned objects in the LDAP directory.
Disable LDAPS: This disables LDAP over SSL, preventing encrypted communication if LDAPS is not implemented or enabled in the target domain.
Once saved, you can test the successful configuration of the directories with the section
On initial setup, and by default, you will be able to add only one domain. However, we can enable multiple domains by enabling the feature below in Active Directory. You can see additional guidance .
