AWS Managed Microsoft AD for Aviatrix¶
AWS Directory Service for Microsoft Active Directory is a AWS service if you need an actual Microsoft Active Directory in the AWS Cloud that supports Active Directory–aware workloads, or AWS applications and services such as Amazon WorkSpaces and Amazon QuickSight, or you need LDAP support for Linux applications.
Please note that the following steps, most of them we are following AWS Managed Microsoft AD Test Lab Tutorials to create LDAP service in AWS Cloud.
Follow these steps to configure AWS AD configuration in your environment and verify LDAP connection.
- Setting Up Your Base AWS Managed Microsoft AD in AWS
- Verify AWS AD Is Operational by using AD Explorer
- Verify AWS AD Is Operational by a Aviatrix Controller with LDAP login verification.
- Verify AWS AD Is Operational by a Aviatrix OpenVPN Server with LDAP login verification.
In order to complete the steps in this guide, you’ll need:
- AWS Account
- An Aviatrix Controller which has already onboarded above AWS account
Setting Up Your Base AWS Managed Microsoft AD in AWS¶
Step A: Set Up Your AWS Environment for AWS Managed Microsoft AD¶
Step B: Create Your AWS Managed Microsoft AD Directory in AWS¶
Create Your AWS Managed Microsoft AD directory In this example, following domain and dns are created
Domain Name: aws-ad.aviatrixtest.com Two domain Name servers are created by AWS AD: 172.31.28.253, 172.31.14.48
Step C: Deploy an EC2 Instance to Manage AWS Managed Microsoft AD¶
Follow these steps to configure Microsoft AD of your Windows Server EC2 Instance
- Deploy an EC2 Instance to Manage AWS Managed Microsoft AD Check Detail Here
- Manually Join a Windows Instance Check Detail Here
TIPS: Using the these commands from a command prompt on the instance for above %SystemRoot%system32control.exe ncpa.cpl => Make sure two domain controller IP is in your dns setup %SystemRoot%system32control.exe sysdm.cpl ==> Join domain
Step D: Configure LDAP After login to EC2 Instnace with AD authentication (aws-ad.aviatrixtest.comAdmin), configure another user “aduser” to AWS AD domain
Verify AWS AD Is Operational by using AD Explorer¶
You can download Microsoft AD Explorer from this link
Verify LDAP information for example Bind DN and Base DN and store them for further Aviatrix Controller and OpenVPN LDAP authentication.
Verify AWS AD Is Operational by a Aviatrix Controller with LDAP login verification.¶
In Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input LDAP information from AD Explorer and verify LDAP connection.