AWS – Active Directory instance

Introduction

Microsoft Active Directory, commonly referred to as AD, serves as the cornerstone of user authentication, resource management, and security in Windows-based networks. It was released on February 17, 2000, as part of Windows 2000 Server and continues to be widely used in the business sector. Consequently, we establish Active Directory as the foundational infrastructure for our upcoming tutorials, where we will delve into the implementation of various business applications.

 

Image of the VPC we are setting up in this blog

1. What we are going to do?

We will install “Active Directory Service” to EC2 instance. We actuall select “T2.Micro” with only 1 GB memory. I know, it is not big enough. But I is actually more than enough for a test environment with 20 – 30 EC2 instances. The benefit is we can save cost using “Free Tire eligible”. 

Link: Active Directory Domain Services Overview

2. Install Active Directory Service to EC2

I’ll show you the installation steps in AWS. 

Link: Migrate your Amazon EBS volumes from gp2 to gp3 and save up to 20% on costs

Command to add inbound rules to Security Group
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol udp --port 123 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 135 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 1723 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 3268 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 3269 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 389 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol udp --port 389 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 445 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 464 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol udp --port 464 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 49152-65535 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 53 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol udp --port 53 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 636 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol tcp --port 88 --cidr {CIDER OF VPC}
aws ec2 --profile {PROFILE NAME} authorize-security-group-ingress --group-id {SECURITY GROUP ID} --protocol udp --port 88 --cidr {CIDER OF VPC}
Powershell command to check the domain details.
Get-ADDomain
3. Create resorces by command line
  • OUs
  • User Accounts
  • Groups
  • Assign users to a group
4. Join to the domain
This is a basic operation how to join the domain. 
CMD commands to check the network configuration of this machine
net config rdr