Add or remove additional domain controllers
Before adding or removing additional domain controllers, here's more information about domain controller requirements:
After deploying additional domain controllers, you can reduce the number of domain controllers to two, which is the minimum required for fault-tolerance and high availability purposes.
The deleted domain controllers will be delete from the list of additional domain controllers. The primary and secondary domain controllers are required and can't be deleted.
If you have configured your AWS Managed Microsoft AD to enable LDAPS, any additional domain controllers you add will also have LDAPS enabled automatically. For more information, see Enable secure LDAP or LDAPS.
Use the following procedure to deploy or remove additional domain controllers in your AWS Managed Microsoft AD directory.
To add or remove additional domain controllers
-
In the AWS Directory Service console
navigation pane, choose Directories. -
On the Directories page, choose your directory ID.
-
On the Directory details page, do one of the following:
If you have multiple Regions showing under Multi-Region replication, select the Region where you want to add or remove domain controllers, and then choose the Scale & share tab. For more information, see Primary vs additional Regions.
If you do not have any Regions showing under Multi-Region replication, choose the Scale & share tab.
In the Domain controllers section, choose Edit.
-
Specify the number of domain controllers to add or remove from your directory, and then choose Modify.
-
When AWS Managed Microsoft AD completes the deployment process, all domain controllers show Active status, and both the assigned Availability Zone and Amazon VPC subnets appear. New domain controllers are equally distributed across the Availability Zones and subnets where your directory is already deployed.
Related AWS Security Blog Article
