This article provides a detailed guide for migrating Amazon RDS for SQL Server instances from AWS Managed Microsoft AD to self-managed Active Directory.

• RDS for SQL Server now supports direct integration with self-managed AD domains
• Migration requires two database reboots to remove from AWS Managed AD and join self-managed AD
• Process uses ModifyDBInstance API and is reversible between AD types
• Prerequisites include AWS Managed AD, self-managed AD, trust relationship, and RDS instance
• Create AD organizational unit and service account using provided PowerShell script
• Store service account credentials in AWS Secrets Manager encrypted with KMS key
• Configure RDS instance with self-managed AD FQDN, OU, DNS, and secret ARN
• Validate user authentication post-migration using SQL Server Management Studio
• Single-AZ migration takes approximately 15-20 minutes; multi-AZ may take longer

This guide enables organizations to integrate RDS SQL Server with self-managed AD, avoiding additional authentication chains while maintaining flexibility to switch between AD types.