AWS Directory Service, with the power of Windows Server 2012 R2 helps customers run Microsoft Active Directory (AD) in AWS cloud or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, domain join Amazon EC2 instances, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads.
- Microsoft AD is your best choice if you have more than 5,000 users and need a trust relationship set up between an AWS hosted directory and your on-premises directories.
- Simple AD - Simple AD is the least expensive DS and your best choice if you have 5000 or less users and don’t need the more advanced Microsoft Active Directory features like trust relationships, schema extensions, multi-factor authentication, communication over LDAP, PowerShell AD cmdlets, and the transfer of FSMO roles
AD Connector - helps you use your existing on-premises directory with AWS services.
This post explains provisioning a Simple AD with steps and screenshots. In the next post, I shall cover Microsoft AD in detail.
Create Simple AD
You can deploy Directory Service in any of the following regions - N. Virginia, Oregon, Ireland, Tokoyo, Singapore, Sydney. Once the region is selected, navigate to AWS Directory service console, select Get Started Now and choose Create Simple AD.
Fill all mandatory details. When it comes to directory size, you can choose according to the number of objects that your organization holds. Typically “small” can hold up to 2000 objects and “large” directory can live up to “20000” objects.
Then choose an existing VPC or you can create a new VPC where Directory Service is going to be deployed. Then select two subnets for HA, and yes this is mandatory :)
Once you are done with all verification, you can select Create Simple AD.
You can now see the status of your directory. Select Done.
Once you see the status as “Active”, then Directory Service is set to go. Now, make a note of DNS address.
Configure Windows Server
Now you need a windows server from where you can manage Simple AD. Logon to this server and fill the DNS server with the IP address we noted in the previous step. From run, type
ncpa.cpl and edit DNS settings.
Resolve DNS name with nslookup command. The command will look like this
nslookup powerupcloud.com. If you can see the DNS server's IP addresses then its working and you can moved ahead.
Add Server as memeber of the domain
Open explorer, Right click your computer name and select properties.
Click on Change Settings
Select Domain and type the domain name which you have configured in the directory service and click ok.
Authenticate with the Administrator account which was created earlier. Once you click ok, you will be prompted to restart the server, hit them without hesitation.
Configure AD Tools
Open Server Manager and select Add roles and features
Choose Select a server from the server pool. Since no roles are necessary to be configured, you can just click next.
Select Remote Server Administration Tools and ADDS and AD and LDS Tools. Click next.
Select install. It will a take a while to install ADDS tools. Once installation is completed, you are set to go.
Thats about it. Open Active Directory Users and Computers and start managing your objects.
Hope this was useful. Check back next week for deep dive on Microsoft AD service. Have fun!