By default, whenever an Exchange server starts, it binds to a randomly selected domain controller and global catalog server in its own site. You can view the selected directory servers by using the Get-ExchangeServer cmdlet in the Exchange Management Shell. You can also use the Set-ExchangeServer cmdlet to configure a static list of domain controllers that an Exchange 2016 server should bind to or a list of domain controllers that should be excluded.

AWS Directory Service is a managed service offering, providing directories that contain information about your organization, including users, groups, computers, and other resources. As a managed offering, AWS Directory Service is designed to reduce management tasks, thereby allowing you to focus more of your time and resources on your business. There is no need to build out your own complex, highly-available directory topology because each directory is deployed across multiple Availability Zones, and monitoring automatically detects and replaces domain controllers that fail. In addition, data replication and automated daily snapshots are configured for you. There is no software to install and AWS handles all of the patching and software updates.

How to use Set-ExchangeServer cmdlet to manage the workload on Active Directory Domain Controller

AWS Directory Service makes it easy for you to setup and run directories in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, join Amazon EC2 instances to a domain, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads. AWS Directory Service enables your end users to use their existing corporate credentials when accessing AWS applications, such as Amazon WorkSpaces, Amazon WorkDocs and Amazon WorkMail, as well as directory-aware Microsoft workloads, including custom .NET and SQL Server-based applications. Finally, you can use your existing corporate credentials to administer AWS resources via AWS Identity and Access Management (IAM) role-based access to the AWS Management Console, so you do not need to build out more identity federation infrastructure.

In order to deliver a managed-service experience, AWS Managed Microsoft AD must disallow operations by customers that would interfere with managing the service. Therefore, AWS restricts access to directory objects, roles, and groups that require elevated privileges. AWS Managed Microsoft AD does not allow direct host access to domain controllers via Windows Remote Desktop Connection, PowerShell Remoting, Telnet, or Secure Shell (SSH). When you create an AWS Managed Microsoft AD directory, you are assigned an organizational unit (OU) and an administrative account with delegated administrative rights for the OU. You can create user accounts, groups, and policies within the OU by using standard Remote Server Administration Tools such as Active Directory Users and Groups or the PowerShell ActiveDirectory module.

Multi-region replication is a feature that enables you to deploy and use a single AWS Managed Microsoft AD directory across multiple AWS Regions. This makes it easier and more cost-effective for you to deploy and manage your Microsoft Windows and Linux workloads globally. With the automated multi-region replication capability you get higher resiliency, while your applications use a local directory for optimal performance. This feature is available in AWS Managed Microsoft AD (Enterprise Edition) only. You can use the feature for new and existing directories. 2ff7e9595c