Create Active Directory With AWS( Windows Server) and add custom attributes to the users
Create a Windows_Server-2012-R2 Ec2 instance and get the credentials to use with remote login.
- Then log in with your admin credentials to the server via remote desktop(Remmina if you have Linux).
- Click Server Manager and Click Add roles and features link. Then do as follows.
Select Role-based for feature-based installation ⇒ Click Next
Click Next
Select Active Directory Domain Service and click “Add Features” button.
Select the Restart destination services option. And Click Install finally.
Once install finished there is a warning icon for the configurations. Click it and proceed.
Select Add a new forest option and, Add Domain name.
Add a password.
Then click Next until the Install button appears. Finally, the server will reboot. Then reconnect again with the same credentials.
- In order to enable LDAP, we need to install the certificate service also. Click Roles and Features again.
Then Click the Next button and Select the Active Directory Certificate Services option and click “Add Features” button.
Then click the next button and go. Make sure the Certificate Authority Role is ticked.
Select the Restart destination services option. And Click Install finally.
- Once install finished there is a warning icon for the configurations. Click it and complete that too(Keep all default and if you want you can increase validity period).
If you are not configuring your firewall to open(allow) particular ports you are using, Make sure to disable Windows firewalls too.
Create User
Click Tools and select Active Directory Users and Computers.
Select Users => New => User
Fill the Form and Proceed.
Select the option you need(eg: User cannot change password) ⇒ Click Next
Click Finish
Once Finish Creating the user, right-click on the user and select properties.
Then enable remote control and try to login with the new user.
(Optional)
- If can’t log in, try to create a new user group and add the user to that group and update the policy as seen in this video — https://www.youtube.com/watch?v=euFiRyjRt1E.
- Source — https://www.youtube.com/watch?v=HR0WntV4Sc8&t=618s
Create Custom Attributes for the users(Do with Admin Account)
Go to MMC Console.
Click Add/Remove Snap in link
At first there is no Active Directory Schema in MMC Snap in. In order to enable it go to command prompt and type — regsvr32 Schmmgmt.dll
Then it will be there.
Add Active Directory Schema and click the Ok button.
Click Create Attribute Button and Click Continue.
There is X500 Object ID Field.
- In order to Create the object id go to this url — https://gallery.technet.microsoft.com/scriptcenter/56b78004-40d0-41cf-b95e-6e795b2e8a06
- And copy the vbs script and save it as .vbs file in your desktop. It will generate Your root OID value. Just type it in the X500 Object ID column and fill the attribute details and click Ok.
- Now go to the Classes => user and select Attributes and click the Add button. Hen select the attribute you created and select the Ok button. And Click the Apply button.
Then click the OK button again. Then go to Administrative Tools as seen under.
Click Services
Restart Active Directory Domain Services. Now you have a new attribute inside Active Directory.
In order to see that Go to Administrative Tools ⇒ Tools ⇒ Active Directory Users and Computers and then click the view button and select Advanced Features.
Now right-click on the user you created before and select properties ⇒ Then under Attribute Editor there is the attribute you created. You can use it now.
Source — https://www.youtube.com/watch?v=RaqIeNnxVU0&list=WL&index=3&t=664s