Setup a small Windows Domain lab in AWS EC2

A few things to note about this article:

The following steps takes for granted that the audience is familiar with launching EC2 instances and has a fundamental grasp of the VPC service.

Additionally, this will provide a Windows Domain, but the best practices for redundancy and available are not adhered to below.

For additional information on how AWS assists in the creation of production scale AD domains, follow this link:

docs.aws.amazon.com/quickstart/latest/active-directory-ds/architecture.html

Create the Domain Controller instance

Begin by launching a Windows Server 2016 Base instance (type of your choosing) to serve as the Domain Controller.

Create a VPC and Subnet and create a new Security Group that includes RDP from your IP address and All Traffic from the subnet range the Domain Controller is occupying.

Once the instance is created, select the instance and click Actions> Launch More Like This. This new server will be the first computer to join the domain after the domain controller has been configured.

Configure the Domain in Windows Server 2016

Log into the server using the key pair to decrypt the Administrator password.

Once in, launch the Server Manager and navigate to the Local Server tab to disable IE Enhanced Security Configuration.

Select Off for both Administrators and Users as seen below.

Verify the server's IP address, Subnet mask, and Default gateway from ipconfig.

Open Network and Sharing Center and modify the properties on the Ethernet connection connected on the server.

Select Internet Protocol Version 4 and click Properties. Set the IP address, Subnet mask, and Default gateway as static to match the information from ipconfig. Populate the Perferred DNS server with 127.0.0.1

The RDP session will disconnect after this change is made. Wait patiently for it to reconnect (about 2-3 minutes max).

Before proceeding, make the decision to rename the server prior to the promotion to a Domain Controller.

Once ready, launch the Server Manager and select Manage> Add Roles and Features.

Click Next three times, keeping all defaults.

Select Active Directory Domain Services and click Add Features. Select DNS Server and click Add Features.

Click Next three more times, then Install, and finally, Close.

Once the features have been added, you will see a yellow notification on the Server Manager. Click the notification and choose to Promote this server to a domain controller.

Choose Add new forest and select a root domain name. Select a restore password and click Next 5 times and Install.

Be patient while waiting for the reboot as the new features and settings are being applied. Once it is reachable by RDP, log in using the Administrator account and the decrypted password from earlier.

Joining hosts to the domain

The second machine created prior to promoting the first server to a domain controller can now be joined to the domain.

Connect using the Administrator decrypted password.

Before it can resolve the domain controller, you will need to modify the DNS for the IPv4 Properties and point it to the domain controllers IP address.

Once this is done, connect the machine to the domain using the Full Qualified Domain Name of the domain from the last section.

Report abuse