unmaskITnow Watch on YouTube

Seamless domain join of EC2 Windows Instance to AWS Managed Microsoft Active Directory

3 min read 5 months ago
Published on Aug 10, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial provides a step-by-step guide on how to seamlessly join an EC2 Windows instance to an AWS Managed Microsoft Active Directory (AD). This process is essential for organizations that want to manage their Windows instances efficiently within a centralized directory service. By following these steps, you will learn how to launch a managed AD directory, create necessary IAM roles, and successfully domain join your EC2 instance.

Step 1: Launch AWS Managed Microsoft AD Directory

  1. Sign in to the AWS Management Console.
  2. Navigate to the Directory Service:
    • In the AWS products menu, find and select "Directory Service."
  3. Choose to create a new directory:
    • Select "Set up directory."
    • Choose "AWS Managed Microsoft AD."
  4. Configure the directory settings:
    • Provide a directory name and select the appropriate edition (Standard or Enterprise).
    • Specify the VPC and subnets for the directory.
  5. Review your settings and create the directory:
    • Confirm the configuration and click on "Create directory." This may take several minutes.

Step 2: Create IAM Role

  1. Access the IAM Console:
    • Go to the IAM service in the AWS Management Console.
  2. Create a new role:
    • Click on "Roles" and then "Create role."
  3. Select trusted entity:
    • Choose “AWS service” and select “EC2” for the type of trusted entity.
  4. Attach policies:
    • Attach the policy AmazonSSMManagedInstanceCore to allow the EC2 instance to access AWS Systems Manager.
  5. Complete the role creation:
    • Name the role (e.g., "EC2DomainJoinRole") and finish creating the role.

Step 3: Launch AD Management Instance

  1. Launch a new EC2 instance:
    • Go to the EC2 Dashboard and click on "Launch Instance."
  2. Select an AMI:
    • Choose a Windows Server AMI that is compatible with your directory.
  3. Choose instance type:
    • Select an instance type based on your needs (e.g., t2.medium).
  4. Configure instance details:
    • Ensure that the instance is in the same VPC and subnets as your AD directory.
    • Assign the IAM role created in Step 2.
  5. Launch the instance:
    • Review and launch the instance, ensuring that security groups allow necessary traffic, particularly for RDP (port 3389).

Step 4: Understand How Seamless Domain Join Works

  • Seamless domain join allows you to join an EC2 instance to the managed AD without needing to manually enter credentials.
  • This process leverages AWS Systems Manager to facilitate the domain join automatically.

Step 5: Admin Domain Login

  1. Remote Desktop into the EC2 instance:
    • Use the public IP or DNS name of your instance to connect via RDP.
  2. Login with AD credentials:
    • Use the admin account created during the directory setup to log in.

Step 6: Install and Use AD Tools

  1. Install Active Directory tools:
    • Open Server Manager and navigate to "Add roles and features."
    • Install the "Active Directory Domain Services" tools.
  2. Use AD tools:
    • Once installed, use tools like Active Directory Users and Computers to manage your directory.

Conclusion

You have successfully launched an AWS Managed Microsoft AD, created an IAM role, and joined your EC2 Windows instance to the directory. These steps enable centralized management of your instances, enhancing security and administration capabilities. As a next step, consider exploring more advanced AD features or integrating additional AWS services to maximize your infrastructure's efficiency.

Table of Contents

Recent