AWS Managed Microsoft AD for Aviatrix¶
The AWS Directory Service for Microsoft Active Directory is an AWS service if you need an actual Microsoft Active Directory in the AWS Cloud that supports Active Directory–aware workloads, or AWS applications and services such as Amazon WorkSpaces and Amazon QuickSight, or you need LDAP support for Linux applications.
Please note that in the following steps, most involve following AWS Managed Microsoft AD Test Lab Tutorials to create LDAP service in AWS Cloud.
Follow these steps to configure the AWS AD configuration in your environment and verify LDAP connection.
- Setting Up Your Base AWS Managed Microsoft AD in AWS
- Verify AWS AD Is Operational by using AD Explorer
- Verify AWS AD Is Operational by an Aviatrix Controller with LDAP login verification.
- Verify AWS AD Is Operational by an Aviatrix OpenVPN Server with LDAP login verification.
In order to complete the steps in this guide, you’ll need:
- An AWS Account
- An Aviatrix Controller which has already onboarded above AWS account
Setting Up Your Base AWS Managed Microsoft AD in AWS¶
Step A: Set Up Your AWS Environment for AWS Managed Microsoft AD¶
Step B: Create Your AWS Managed Microsoft AD Directory in AWS¶
Create your AWS Managed Microsoft AD directory. In this example, the following domain and dns are created
Domain Name: aws-ad.aviatrixtest.com. Two domain Name servers are created by AWS AD: 172.31.28.253, 172.31.14.48
Step C: Deploy an EC2 Instance to Manage AWS Managed Microsoft AD¶
Follow these steps to configure Microsoft AD of your Windows Server EC2 Instance.
- Deploy an EC2 Instance to Manage AWS Managed Microsoft AD Check Detail Here
- Manually Join a Windows Instance Check Detail Here
TIPS: Use these commands from a command prompt on the instance above %SystemRoot%system32control.exe ncpa.cpl => Make sure the two domain controller IP is in your dns setup %SystemRoot%system32control.exe sysdm.cpl ==> Join domain
Step D: Configure LDAP After logging in to the EC2 Instance with AD authentication (aws-ad.aviatrixtest.comAdmin), configure another user “aduser” to AWS AD domain.
Verify AWS AD Is Operational by using AD Explorer¶
You can download Microsoft AD Explorer from this link
Verify LDAP information, for example Bind DN and Base DN, and store them for further Aviatrix Controller and OpenVPN LDAP authentication.
Verify AWS AD Is Operational by an Aviatrix Controller with LDAP login verification.¶
In the Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input the LDAP information from AD Explorer and verify LDAP connection.