Topics Map > Computing Infrastructure > Amazon Web Services

Active Directory, U of I Resources in AWS

How to use UOFI Active Directory resources from within the AWS cloud without having to connect to on-campus resources.

When using an Enterprise VPC, UOFI Active Directory services are available in three ways (Please note, in order to access UOFI Active Directory, an Enterprise VPC must be peered with a Core Services VPC - See Amazon Web Services, VPC Guide for Illinois):

  • Kerberos
  • LDAP
  • Windows domain-join


Load-balanced Kerberos authentication is available at the following address (port 88):



Load-balanced LDAP is available at the following address (on port 389):
LDAP traffic must be encrypted in one of two ways:
  • At the authentication layer, any supported SASL mechanism (preferably GSSAPI/Kerberos) with integrity validation (packet signing)
  • At the data transport layer, TLS encryption (using STARTTLS/STOPTLS commands)

Windows Domain-Join

Standard domain-join is also available for Windows OS computers in peered Enterprise VPCs, using the usual UOFI Active Directory DNS name:


Keywords:aws, activedirectory, active, directory, uofi, cloud, kerberos, ldap, domain, AD   Doc ID:79613
Owner:Active D.Group:University of Illinois Technology Services
Created:2018-01-24 09:46 CSTUpdated:2018-07-12 15:16 CST
Sites:University of Illinois Technology Services
Feedback:  0   0