In this lab, we are going to create a stack using Active Directory Services which is provided by Amazon Cloud. We will use CloudFormation service by AWS, to create active directory infrastructure. There are three scenarios that are provided by AWS,
Scenario 1: Deploy and manage your own AD DS installation on the AWS
The AWS CloudFormation template for this scenario builds the AWS Cloud
infrastructure, and sets up and configures AD DS and AD-integrated DNS on the AWS
Cloud. It doesn’t include AWS Directory Service, so we need to handle all AD DS maintenance and monitoring tasks ourselves.
Scenario 2: Extend your on-premises AD DS to the AWS Cloud.
The AWS CloudFormation template for this scenario builds the base AWS Cloud infrastructure for AD DS, and you perform several manual steps to extend your existing network to AWS and to promote your domain controllers. We need to handle all AD DS maintenance and monitoring tasks ourselves.
Scenario 3: Deploy AD DS with AWS Directory Service on the AWS Cloud.
The AWS CloudFormation template for this scenario builds the base AWS Cloud
infrastructure, and deploys AWS Directory Service for Microsoft AD, which offers
managed AD DS functionality on the AWS Cloud. AWS Directory Service takes care of
AD DS tasks such as building a highly available directory topology, monitoring domain
controllers, and configuring backups and snapshots.
STEP 1: We are going to deploy using Active Directory Services, we need to go AWS Architecture to see all the templates which are provided by AWS. In that, we will select Active Directory DS under Microsoft workloads.
STEP 2: We will find the architecture which AWS is going to provide us and what all services will be included when you are deploying that architecture. The default infrastructure will be Scenario 1.
STEP 3: For different Scenario’s we need to scroll down and select Deployment details and click on “Launch the Quick Start”
STEP 4: In here we can find all the detailed information of each scenario, we need to click on ”Launch Quick Start” under Scenario 3. We can use our pre-created VPC or else we can create a new VPC.
STEP 5: This will be the template which is provided by AWS, we will have total four stacks created- VPCStack, ADStack, RDGWStack and the Main Stack.
VPCStack: this contains all the information of our new VPC which is created and also the details of our subnets, internet gateways, vpcid etc.
ADStack: here we will have all the details of our domain, login admin etc.
RDGWStack: We will have details of our instance, which is going to create for our ADDS. We can use the only instance to access our Active Directory infrastructure.
STEP 6: We need to configure all the settings before we implement this infrastructure. Here we need to set the domain, VPC IP address, Subnet IP address, Subnets, username, password. We need the username and password to access our active directory instance. Select the type of instance we require and also key pair to access that instance. We can use our existing Key Pair or create a new one.
STEP 7: We can add tags or IAM roles to the next page and then confirm the order and click on “Create” This will take around 30 minutes to setup everything. And we need to get 4 stacks created and status should be “CREATE_COMPLETE”
STEP 8: Now we will try to access our instance and see whether everything is working or not. We need to go to Instances and select the RGDW instance then Click Connect. We need to download the Remote Desktop File, to access our Active directory services we need to type the username and password which we set for our Active Directory. To find that we need to click on ADStack under that we can see the output and in DomainAdmin tag we will find our username. The password should be with you.
BEFORE ACCESSING THE REMOTE DESKTOP FILE, WE NEED TO CHANGE OUR SECURITY GROUP RULES TO ALLOW RDP ANYWHERE. SO THAT WE CAN ACCESS THIS RDP OR ELSE WE CANNOT ACCESS OUR RDP.
STEP 9: Now we can access our instance with the domain admin username and password.
STEP 10: In the instance go to Server Manager and we can see there are few services already installed. We already created Domain so there is no need to Install Active Directory Domain Services, DHCP, DNS and all the stuff. We just need to access those for that install “Remote Server Administrator Tools” under that “AD DS and AD LDS Tools”
After we install these we can access our Active Directory Services. Just play around create some users and groups.
In Active Directory Sites and Services, we can see there are 3 subnets and 2 servers which created according to our architecture.
So, this is how we create Active Directory using AWS Directory Services.
In this lab, we learned how to create Active Directory infrastructure and then we worked on that by creating users and groups. To consider cost factor we need to turn off the instance which cannot be done in instances, for that we need to select “Auto Scaling Groups” and select ADDS Auto Scaling Group, edit it.
In this lab, we are going to use many Services but EC2 Service is going to charge us because we are using t2.large type. To run this infrastructure we can choose any type of instances, the cost of few instance types are below. Creating a template in CloudFormation is free when using Free Tier but be careful with the services which come with that template to maintain your credits. Always Terminate or Stop your instance after using it.