Abstract: A managed directory service obtains a request to generate a first account of a first directory within a first network. In response to the request, the managed directory service creates the first account within the first directory. From the request, the managed directory service also obtains credential information of a second account of a second directory within a second network. The managed directory service updates the first account to include this credential information to enable the first account to be used to access the second directory within the second network.

Abstract: A managed directory service receives a request to add a domain controller to a directory. In response to the request, the managed directory service determines, based on locations of other domain controllers of the directory, a location for the domain controller. The managed directory service provisions the domain controller at the location and associates the domain controller to the directory. The domain controller is activated in order to perform directory operations for the directory.

Abstract: Access to a privileged account is managed by first requiring authentication of a user logging into the account and then performing a policy evaluation to determine whether the identified user is allowed to log in using the privileged identity. Preferably, the authentication is a two factor authentication. The policy evaluation preferably enforces a policy, such as a role-based access control, and a context-based access control, a combination of such access controls, or the like. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met. In the alternative, the entity is denied access to the privileged account if either the authentication fails, or (assuming authentication does not fail) policy criteria for the user is not met.

Abstract: Access to a privileged account is managed by first requiring authentication of a user logging into the account and then performing a policy evaluation to determine whether the identified user is allowed to log in using the privileged identity. Preferably, the authentication is a two factor authentication. The policy evaluation preferably enforces a policy, such as a role-based access control, and a context-based access control, a combination of such access controls, or the like. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met. In the alternative, the entity is denied access to the privileged account if either the authentication fails, or (assuming authentication does not fail) policy criteria for the user is not met.