AWS Managed Microsoft Active Directory (AD) provides a fully managed Active Directory service in the AWS cloud. It's designed to enable AWS resources and applications to use standard AD features without setting up and managing your own Active Directory infrastructure.
We can create this using Directory Service window:
Fill in the Directory DNS name, admin password for this new domain.
Next we configure where VPC and subnet that this AWS Managed Microsoft AD will launch.
And review it for one last time:
And then create the directory.
After we create the directory, we will configure directory administration EC2 instance.
We can configure Remote access CIDR /which subnet is allowed to do RDP to this instance.
SSM Will help to create our resources .
Management instance will be up:
We will check Management Instance properties:
If we already joined with the domain, computer name will similar as below:
If the admin EC2 still not joined with the domain, we can do manually to join this Management intsance ec2 to leonard.example.com domain. Configure manually DNS name, and domain name in the properties.
We will install features to support AWS Managed Microsoft AD in our Management instance.
Install the feature we need for AD:
IAM Role that needed to run this service:
With trust relationship as below:
Security group enabled: RDP port
And try log in again to Management instance using user and password domain:
I successfully log in and Management instance already connected with AWS Managed Microsoft AD (domain leonard.example.com) :
We can add new user /group from this Management instance.
We can custom password policy. Expired password time , etc. or when someone left the company.
And we can try to log in using this new username to another device that already joined domain .
Source:
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html
Top comments (0)