Microsoft AD with AWS Directory Service

This Blog has moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.

There are two ways you can configure an ADS domain controller in the AWS environment. 1) Promote Windows server EC2 instances to an ADS domain controller 2) Using AWS Directory Service. In this article, we focus on the latter, the AWS Directory Service (AWS Microsoft AD). This managed service can avoid the complex network set up and comprehensive replication strategies normally involved in a traditional AD environment. Multiple DC is created by default across the different Availability Zones, replicating each other automatically. AWS Directory Service use Windows 2012 R2 at the point of writing. We will see how can we configure Directory Service and make one EC2 instance as a client of it.

Directory Service ( AWS Microsoft AD) Configuration

1) Select Directory Service form AWS Web console. Setup Directory -> Microsoft AD. Enter your domain details and Admin password. Note that administrative account is Admin not Administrator, unlike traditional Windows AD.

2) Wait till status become Active. It might take 10 to 15 minutes to become active. Note down the DNS addresses, this is required for later configurations.

Windows Client Configuration

3) Next, You are going to make an EC2 instance as the client of the AWS Directory Service. Launch a Windows Instance if you don’t have one. I have used a fresh Windows Server 2012 R2. Login as Local Administrator.

4) You have to configure DNS addresses like below. It should match with IP addresses you have noted down in the previous step.

5) Configure the system as the client of Directory Service as seen in the screenshot below

6) Now reboot the client and log in as the Domain Administrator( I have used tensult.com\Admin). Install the Remote Server Administration Tools feature so that you can do administration of the Directory Service like creating the user accounts etc.

7) Open the Active Directory Users and Computers tool like below.

8) Create an ordinary user account. Allow him RDP access. Try to login as the ordinary user account created and is done with the experiment.

Conclusion

Now we know about the managed service called AWS Directory Service using which you configure a Microsoft AD. We have configured this AWS Microsoft AD and made one EC2 instance as a client of it. Before choose, AWS Microsoft AD read the pros and cons from AWS documentation.