# Maintain your Simple AD directory
You can use the AWS Management Console to maintain your Simple AD and complete day-to-day administrative tasks. Ways you can maintain your Simple AD include:
+ [View details about your Simple AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_view_directory_info.html) like the DNS name, Directory ID, and directory status.
+ [Update the DNS address for your Simple AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_dns.html).
+ [Restore your Simple AD with snapshots](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_snapshots.html). You can also create snapshot and delete snapshots.
+ [Delete your Simple AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_delete.html) when it is no longer needed.
# Viewing Simple AD directory information
**To view detailed directory information**
1. In the [AWS Directory Service console](https://console.aws.amazon.com/directoryservicev2/) navigation pane, under **Active Directory**, select **Directories**.
1. Choose the directory ID link for your directory. Information about the directory is displayed in the **Directory details** page.
For more information about the **Status** field, see [Understanding your Simple AD directory status](simple_ad_directory_status.md).
![\[Simple AD Directory details page.\]](http://docs.aws.amazon.com/directoryservice/latest/admin-guide/images/simple_ad_directory_details.png)
# Updating directory network type
You can update your Directory Service directory's network type from IPv4 to Dual-stack (IPv4 and IPv6). Updating the network type to include IPv6 IP addresses provides a larger address space than IPv4. IPv4 and IPv6 communication are independent of each other.
For details, see [Compare IPv4 and IPv6](https://docs.aws.amazon.com/vpc/latest/userguide/ipv4-ipv6-comparison.html) in the *Amazon Virtual Private Cloud User Guide*.
**Important**
This is a one-way operation that cannot be reversed. Test in a non-production environment first.
## Prerequisites
Before updating your directory network type, ensure the following requirements are met:
+ Your VPC must be configured with IPv6 CIDR ranges. For details, see [IPv6 support for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6.html) in the *Amazon Virtual Private Cloud User Guide*.
+ You have administrative access to the AWS Management Console.
+ Your directory must be in Active state.
+ You have appropriate IAM permissions to modify Directory Service settings.
## To update directory network type
**To update your directory to dual-stack networking**
**Note**
If your directory is replicated in multiple regions, perform this update in each region.
1. In the [AWS Directory Service console](https://console.aws.amazon.com/directoryservicev2/) navigation pane, choose **Directories**.
1. Select the target directory.
1. Go to the **Networking & security** tab.
1. Choose **Add IPv6 support**. This option is only available for IPv4-only directories.
IPv6 only directories are not supported.
1. Review the update information and pricing details.
1. Choose **Add** to confirm the update.
After initiating the update, the directory status changes to **Updating** during the update process The update typically takes 15-30 minutes to complete Once complete, the directory status returns to **Active**.
# Configuring DNS servers for Simple AD
You can configure DNS for Simple AD in two ways depending on your network architecture and requirements.
## Using Simple AD as Your Primary DNS
Configure your client computers to use the Simple AD DNS server IP addresses as their primary DNS resolvers. Simple AD forwards DNS requests to the IP address of the Amazon-provided DNS servers for your Amazon VPC. These DNS servers will resolve names configured in your Amazon Route 53 private hosted zones. By pointing your on-premises computers to your Simple AD, you can now resolve DNS requests to the private hosted zone. For more information on Route 53, see [What is Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html).
During Simple AD creation, the service performs a reachability test to amazon.com to determine which DNS resolver to use:
+ **Customer VPC DNS Resolver (ETH1)** – Selected when amazon.com is reachable from customer VPC resolver. This option enables Route 53 private hosted zones and Resolver firewall rules.
+ **Amazon Internal Resolver (ETH0)** – Selected when amazon.com is unreachable from customer VPC DNS Resolver (ETH1). Route 53 integration, private hosted zones, and Resolver firewall rules will not function with this option.
**Important**
The DNS resolver selection occurs automatically during Simple AD creation and cannot be modified afterward. We recommend that you ensure amazon.com is resolvable in your VPC before creating Simple AD to enable Route 53 integration.
## Using Route 53 as Your Primary DNS
You can also use Route 53 as your primary DNS service:
+ Configure your client computers to use Route 53 Resolver IP addresses as their primary DNS resolvers
+ Create Route 53 Resolver rules to conditionally forward only your domain's fully qualified domain name (FQDN) queries to Simple AD
+ This approach maintains Route 53 as the authoritative DNS source, with Simple AD handling only domain-specific queries
Note that to enable your Simple AD to respond to external DNS queries, the network access control list (ACL) for the VPC containing your Simple AD must be configured to allow traffic from outside the VPC.
+ If you are not using Route 53 private hosted zones, your DNS requests will be forwarded to public DNS servers.
+ If you're using custom DNS servers that are outside of your VPC and you want to use private DNS, you must reconfigure to use custom DNS servers on EC2 instances within your VPC. For more information, see [Working with private hosted zones](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html).
+ If you want your Simple AD to resolve names using both DNS servers within your VPC and private DNS servers outside of your VPC, you can do this using a DHCP options set. For a detailed example, see [this article](https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-using-aws-directory-service-and-amazon-route-53/).
+ [ Integrating your Directory Service's DNS resolution with Amazon Route 53 Resolver](https://aws.amazon.com/blogs/networking-and-content-delivery/integrating-your-directory-services-dns-resolution-with-amazon-route-53-resolvers/).
**Note**
DNS dynamic updates are not supported in Simple AD domains. You can instead make the changes directly by connecting to your directory using DNS Manager on an instance that is joined to your domain.
# Restoring your Simple AD with snapshot
AWS Directory Service provides the ability to take manual snapshots of data for your Simple AD directory. These snapshots can be used to perform a point-in-time restore for your directory. You cannot take snapshots of AD Connector directories.
**Topics**
+ [Creating a snapshot of your directory](#simple_ad_snapshot_create)
+ [Restoring your directory from a snapshot](#simple_ad_snapshot_restore)
+ [Deleting a snapshot](#simple_ad_snapshot_delete)
## Creating a snapshot of your directory
A snapshot can be used to restore your directory to what it was at the point in time that the snapshot was taken. To create a manual snapshot of your directory, perform the following steps.
**Note**
You are limited to 5 manual snapshots for each directory. If you have already reached this limit, you must delete one of your existing manual snapshots before you can create another.
**To create a manual snapshot**
1. In the [AWS Directory Service console](https://console.aws.amazon.com/directoryservicev2/) navigation pane, select **Directories**.
1. On the **Directories** page, choose your directory ID.
1. On the **Directory details** page, select the **Maintenance** tab.
1. In the **Snapshots** section, choose **Actions**, and then select **Create snapshot**.
1. In the **Create directory snapshot** dialog box, provide a name for the snapshot, if desired. When ready, choose **Create**.
Depending on the size of your directory, it may take several minutes to create the snapshot. When the snapshot is ready, the **Status** value changes to `Completed`.
## Restoring your directory from a snapshot
Restoring a directory from a snapshot is equivalent to moving the directory back in time. Directory snapshots are unique to the directory they were created from. A snapshot can only be restored to the directory from which it was created. In addition, the maximum supported age of a manual snapshot is 180 days. For more information, see [Useful shelf life of a system-state backup of Active Directory](https://learn.microsoft.com/en-us/troubleshoot/windows-server/backup-and-storage/shelf-life-system-state-backup-ad) on the Microsoft website.
**Warning**
We recommend that you contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) before any snapshot restore; we may be able to help you avoid the need to do a snapshot restore. Any restore from snapshot can result in data loss as they are a point in time. It is important you understand that all of the DCs and DNS servers associated with the directory will be offline until the restore operation has been completed.
To restore your directory from a snapshot, perform the following steps.
**To restore a directory from a snapshot**
1. In the [AWS Directory Service console](https://console.aws.amazon.com/directoryservicev2/) navigation pane, select **Directories**.
1. On the **Directories** page, choose your directory ID.
1. On the **Directory details** page, select the **Maintenance** tab.
1. In the **Snapshots** section, select a snapshot in the list, choose **Actions**, and then select **Restore snapshot**.
1. Review the information in the **Restore directory snapshot** dialog box, and choose **Restore**.
For a Simple AD directory, it may take several minutes for the directory to be restored. When it has been successfully restored, the **Status** value of the directory changes to `Active`. Any changes made to the directory after the snapshot date are overwritten.
## Deleting a snapshot
**To delete a snapshot**
1. In the [AWS Directory Service console](https://console.aws.amazon.com/directoryservicev2/) navigation pane, select **Directories**.
1. On the **Directories** page, choose your directory ID.
1. On the **Directory details** page, select the **Maintenance** tab.
1. In the **Snapshots** section, choose **Actions**, and then select **Delete snapshot**.
1. Verify that you want to delete the snapshot, and then choose **Delete**.
# Deleting your Simple AD
When a Simple AD is deleted, all of the directory data and snapshots are deleted and cannot be recovered. After the directory is deleted, all instances that are joined to the directory remain intact. You cannot, however, use your directory credentials to log in to these instances. You need to log in to these instances with a user account that is local to the instance.
When a AWS Managed Microsoft AD, Simple AD, or hybrid directory is deleted, all of the directory data and snapshots are deleted and cannot be recovered. After the directory is deleted, all instances that are joined to the directory remain intact. You cannot, however, use your directory credentials to log in to these instances. You need to log in to these instances with a user account that is local to the instance.
When an AD Connector is deleted, your on-premises directory remains intact. All instances that are joined to the directory also remain intact and remain joined to your on-premises directory. You can still use your directory credentials to log in to these instances.
**To delete a directory**
1. In the [AWS Directory Service console](https://console.aws.amazon.com/directoryservicev2/) navigation pane, select **Directories**. Ensure you are in the AWS Region where your Active Directory is deployed. For more information, see [Choosing a Region](https://docs.aws.amazon.com//awsconsolehelpdocs/latest/gsg/select-region.html).
1. Ensure that no AWS applications are enabled for the directory you intend to delete. Enabled AWS applications will prevent you for deleting your AWS Managed Microsoft AD or Simple AD.
1. On the **Directories** page, choose your directory ID.
1. On the **Directory details** page, select the **Application management** tab. In the **AWS apps & services** section, you see which AWS applications are enabled for your directory.
+ Disable AWS Management Console access. For more information, see [Disabling AWS Management Console access](ms_ad_management_console_access.md#console_disable).
+ To disable Amazon WorkSpaces, you must deregister the service from the directory in the WorkSpaces console. For more information, see [Delete a directory](https://docs.aws.amazon.com/workspaces/latest/adminguide/delete-workspaces-directory.html) in the *Amazon WorkSpaces Administration Guide*.
+ To disable WorkDocs, you must delete the WorkDocs site in the WorkDocs console. For more information, see [Delete a site](https://docs.aws.amazon.com/workdocs/latest/adminguide/delete_site.html) in the *Amazon WorkDocs Administration Guide*.
+ To disable Amazon WorkMail, you must remove the Amazon WorkMail organization in the Amazon WorkMail console. For more information, see [Remove an organization](https://docs.aws.amazon.com/workmail/latest/adminguide/remove_organization.html) in the *Amazon WorkMail Administrator Guide*.
+ To disable Amazon FSx for Windows File Server, you must remove the Amazon FSx file system from the domain. For more information, see [Working with Active Directory in FSx for Windows File Server](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/aws-ad-integration-fsxW.html) in the *Amazon FSx for Windows File Server User Guide*.
+ To disable Amazon Relational Database Service, you must remove the Amazon RDS instance from the domain. For more information, see [Managing a DB instance in a domain](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServerWinAuth.html#USER_SQLServerWinAuth.Managing) in the *Amazon RDS User Guide*.
+ To disable AWS Client VPN Service, you must remove the directory service from the Client VPN Endpoint. For more information, see [Work with Client VPN](https://docs.aws.amazon.com//vpn/latest/clientvpn-admin/cvpn-working.html) in the *AWS Client VPN Administrator Guide*.
+ To disable Amazon Connect, you must delete the Amazon Connect Instance. For more information, see [Delete your Amazon Connect instance](https://docs.aws.amazon.com/connect/latest/adminguide/delete-connect-instance.html) in the *Amazon Connect Administration Guide*.
+ To disable Amazon Quick, you must unsubscribe from Amazon Quick. For more information, see [Closing your Amazon Quick account](https://docs.aws.amazon.com/quicksight/latest/user/closing-account.html) in the *Amazon Quick User Guide*.
**Note**
If you are using AWS IAM Identity Center and have previously connected it to the AWS Managed Microsoft AD directory you plan to delete, you must first change the identity source before you can delete it. For more information, see [Change your identity source ](https://docs.aws.amazon.com/singlesignon/latest/userguide/manage-your-identity-source-change.html) in the *IAM Identity Center User Guide*.
1. In the navigation pane, choose **Directories**.
1. Select only the directory to be deleted and click **Delete**. It takes several minutes for the directory to be deleted. When the directory has been deleted, it is removed from your directory list.