A Guide to Configure AWS AD Connector, Active Directory, and DNS for Windows Server

Overview

The step-by-step AWS AD Connector setup involves configuring Active Directory (AD) and Domain Name System (DNS) within a Windows Server 2012 R2 instance on Amazon Web Services (AWS). This process encompasses launching the Amazon EC2 instance, setting up AD Domain Services (AD DS), configuring DNS settings to ensure proper name resolution, and integrating AWS AD Connector for seamless authentication and integration of directory services. AWS IAM roles are also established to grant Amazon EC2 instances full access, ensuring a secure deployment and efficient resource management within the AWS environment.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Introduction

Setting up AWS AD Connector involves integrating your on-premises Active Directory (AD) with AWS Directory Service to extend your directory into the cloud. This facilitates seamless user authentication and directory services for AWS resources. In the initial steps, you need to configure your on-premises Active Directory and ensure DNS resolution is correctly configured for your domain. AWS AD Connector acts as a bridge, allowing AWS resources to leverage your existing on-premises AD infrastructure, maintaining a unified identity and access management system across both on-premises and cloud environments. This integration is crucial for organizations seeking a hybrid cloud approach while maintaining a consistent and secure user experience.

Step-by-Step Guide

Step 1: Create a Windows Server 2012 R2 Instance

Navigate to the Amazon EC2 service.

Launch a new Amazon EC2 instance, choosing “Microsoft Windows Server 2012 R2 Base” as the AMI.

Configure the instance details, storage, tags, and security group as needed.

Review the settings and launch the instance.

step1

Step 2: Once the instance is running, connect to it using Remote Desktop Protocol (RDP)

Upon login, change the default password to a secure one.

step2

Step 3: Install AD DS Role and Features

Open Server Manager.

Click on “Manage” and select “Add Roles and Features.”

step3

Choose “Active Directory Domain Services” from the list of roles and follow the wizard to install the role.

step3b

Complete the installation by accepting the default settings.

Step 4: Create a Forest (e.g., Shubham.in)

After the AD DS installation, a configuration wizard will appear. Choose “Add a new forest.”

Specify the root domain name (e.g., Shubham.in) and complete the wizard.

step4

step4b

Step 5: Configure DNS

In Server Manager, select “Tools” and “DNS.”

Create a Reverse Lookup Zone for the subnet of your server.

step5

step5b

Create a Forward Lookup Zone for your domain (Shubham.in).

Step 6: Configure Ethernet Settings

Open Ethernet, uncheck the ipv6 protocol, right-click on ipv4, and enter the private IP of the ec2 instance.

step6

Step 7: Create a User and Password in AD

In Server Manager, select “Tools” and “Active Directory Users and Computers.”

step7

step7b

Navigate to the Users container and create a new user with a password.

step7c

Step 8: AWS IAM Role for Amazon EC2 Full Access

Open the AWS Management Console.

Navigate to “IAM” (Identity and Access Management) service.

In the left navigation pane, select “Roles,” then click “Create role.”

Choose “Directory Services” as the service that will use this role.

Attach the policy “AmazonEC2FullAccess” to the role.

Complete the wizard and note the AWS IAM Role ARN.

step8

Step 9: Create AWS Directory Services – AD Connector

In the AWS Management Console, navigate to “Directory Service.”

Click on “AD Connector.”

step9

step9b

Choose your AD Connector, then go to the “Networking and security” tab.

step9c

In the “Application Management” Enable the Application access URL.

In the “Application Management” Enable AWS Management Console.

step9d

Add the user to “myrole” created in the Windows server.

step9e

AD connector is connected to the Windows server.

step9f

step9g

Conclusion

Configuring AWS AD Connector involves seamlessly bridging on-premises Active Directory with AWS Directory Service for unified identity and access management. Ensuring proper DNS configuration and integration with the existing Active Directory are key steps for a successful setup.

This facilitates a hybrid cloud environment, allowing organizations to leverage the benefits of AWS while maintaining a consistent, secure, and centralized user authentication system across both on-premises and cloud infrastructure.

Drop a query if you have any questions regarding AWS AD Connector and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an award-winning company and the first in India to offer cloud training and consulting services worldwide. As a Microsoft Solutions Partner, AWS Advanced Tier Training Partner, and Google Cloud Platform Partner, CloudThat has empowered over 850,000 professionals through 600+ cloud certifications winning global recognition for its training excellence including 20 MCT Trainers in Microsoft’s Global Top 100 and an impressive 12 awards in the last 8 years. CloudThat specializes in Cloud Migration, Data Platforms, DevOps, IoT, and cutting-edge technologies like Gen AI & AI/ML. It has delivered over 500 consulting projects for 250+ organizations in 30+ countries as it continues to empower professionals and enterprises to thrive in the digital-first world.

FAQs

1. How do I change the default password after launching the Windows Server instance on AWS?

ANS: – Connect to the instance using Remote Desktop Protocol (RDP) and change the password upon login for enhanced security.

2. What AWS IAM role is required for the Windows Server instance, and how do I set it up for Amazon EC2 Full Access in AWS?

ANS: – Create an AWS IAM role for Amazon EC2 in the AWS Management Console, attach the “AmazonEC2FullAccess” policy, and note the AWS IAM Role ARN.

3. Can I configure DNS settings after installing Active Directory on the Windows Server?

ANS: – Yes, use Server Manager to access DNS tools, create Reverse and Forward Lookup Zones, and configure Ethernet settings for optimal DNS functionality.

WRITTEN BY Shubham .

Shubham works as a Research Intern at CloudThat. He is passionate about technology and cloud computing. He is currently pursuing his Bachelor's Degree in Information Technology. In his free time, Shubham enjoys reading books and playing cricket. Shubham's interest in cloud computing led him to pursue a career in AWS Consulting, where he enjoys helping clients solve complex problems and optimize their cloud infrastructure. He constantly learns and stays up to date with the latest AWS technologies and best practices.