Amazon WorkSpaces
Administration Guide

Launch a WorkSpace Using AWS Managed Microsoft AD

Amazon WorkSpaces enables you to provision virtual, cloud-based Windows desktops for your users, known as WorkSpaces.

Amazon WorkSpaces uses directories to store and manage information for your WorkSpaces and users. For your directory, you can choose from Simple AD, AD Connector, or AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD. In addition, you can establish a trust relationship between your AWS Managed Microsoft AD directory and your on-premises domain.

In this tutorial, we launch a WorkSpace that uses AWS Managed Microsoft AD. For tutorials that use the other options, see Launch a Virtual Desktop Using Amazon WorkSpaces.

Before You Begin

  • Amazon WorkSpaces is not available in every Region. Verify the supported Regions and select a Region for your WorkSpaces. For more information about the supported Regions, see Amazon WorkSpaces Pricing by AWS Region.

  • When you launch a WorkSpace, you must select a WorkSpace bundle. A bundle is a combination of an operating system, and storage, compute, and software resources. For more information, see Amazon WorkSpaces Bundles.

  • When you create a directory using AWS Directory Service or launch a WorkSpace, you must create or select a virtual private cloud configured with a public subnet and two private subnets. For more information, see Configure a VPC for Amazon WorkSpaces.

Step 1: Create an AWS Managed Microsoft AD Directory

First, create an AWS Managed Microsoft AD directory. AWS Directory Service creates two directory servers, one in each of the private subnets of your VPC. Note that there are no users in the directory initially. You will add a user in the next step when you launch the WorkSpace.

To create an AWS Managed Microsoft AD directory

  1. Open the Amazon WorkSpaces console at

  2. In the navigation pane, choose Directories.

  3. Choose Set up Directory, Create Microsoft AD.

  4. Configure the directory as follows:

    1. For Organization name, type a unique organization name for your directory (for example, my-demo-directory). This name must be at least four characters in length, consist of only alphanumeric characters and hyphens (-), and begin or end with a character other than a hyphen.

    2. For Directory DNS, type the fully-qualified name for the directory (for example,

    3. For NetBIOS name, type a short name for the directory (for example, workspaces).

    4. For Admin password and Confirm password, type a password for the directory administrator account. For more information about the password requirements, see Create Your AWS Managed Microsoft AD Directory in the AWS Directory Service Administration Guide.

    5. (Optional) For Description, type a description for the directory.

    6. For VPC, select the VPC that you created.

    7. For Subnets, select the two private subnets (with the CIDR blocks and

    8. Choose Next Step.

  5. Choose Create Microsoft AD.

  6. Choose Done. The initial status of the directory is Creating. When directory creation is complete, the status is Active.

Step 2: Create a WorkSpace

Now that you have created an AWS Managed Microsoft AD directory, you are ready to create a WorkSpace.

To create a WorkSpace

  1. Open the Amazon WorkSpaces console at

  2. In the navigation pane, choose WorkSpaces.

  3. Choose Launch WorkSpaces.

  4. On the Select a Directory page, choose the directory that you created, and then choose Next Step. Amazon WorkSpaces registers your directory.

  5. On the Identify Users page, add a new user to your directory as follows:

    1. Complete Username, First Name, Last Name, and Email. Use an email address that you have access to.

    2. Choose Create Users.

    3. Choose Next Step.

  6. On the Select Bundle page, select a bundle and then choose Next Step.

  7. On the WorkSpaces Configuration page, choose a running mode and then choose Next Step.

  8. On the Review & Launch WorkSpaces page, choose Launch WorkSpaces. The initial status of the WorkSpace is PENDING. When the launch is complete, the status is AVAILABLE and an invitation is sent to the email address that you specified for the user.

Step 3: Connect to the WorkSpace

After you receive the invitation email, you can connect to your WorkSpace using the client of your choice. After you sign in, the client displays the WorkSpace desktop.


When you are connected to your WorkSpace from a Windows or macOS client, you can toggle the fullscreen display by using following command shortcuts:

  • Windows client: Ctrl+Alt+Enter

  • macOS client: Control+Option+Return

To connect to the WorkSpace

  1. Open the link in the invitation email. When prompted, specify a password and activate the user. Remember this password as you will need it to sign in to your WorkSpace.


    Passwords are case-sensitive and must be between 8 and 64 characters in length, inclusive. Passwords must contain at least one character from three of the following categories: lowercase letters (a-z), uppercase letters (A-Z), numbers (0-9), and ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/.

  2. When prompted, download one of the client applications or, for Windows WorkSpaces, launch Web Access.


    You cannot use a web browser to connect to Amazon Linux WorkSpaces.

    If you aren't prompted and you haven't installed a client application already, open and follow the directions.

  3. Start the client, enter the registration code from the invitation email, and choose Register.

  4. When prompted to sign in, type the user name and password for the user, and then choose Sign In.

  5. (Optional) When prompted to save your credentials, choose Yes.

Next Steps

You can continue to customize the WorkSpace that you just created. For example, you can install software and then create a custom bundle from your WorkSpace. If you are finished with your WorkSpace, you can delete it. For more information, see the following documentation.