AWS Managed Microsoft AD for Aviatrix

Summary

This document describes how to deploy AWS Directory Service for Microsoft Active Directory for Aviatrix Controller LDAP and OpenVPN LDAP feature.

AWS Directory Service for Microsoft Active Directory is a AWS service if you need an actual Microsoft Active Directory in the AWS Cloud that supports Active Directory–aware workloads, or AWS applications and services such as Amazon WorkSpaces and Amazon QuickSight, or you need LDAP support for Linux applications.

Please note that the following steps, most of them we are following AWS Managed Microsoft AD Test Lab Tutorials to create LDAP service in AWS Cloud.

image9

Follow these steps to configure AWS AD configuration in your environment and verify LDAP connection.

  1. Setting Up Your Base AWS Managed Microsoft AD in AWS
  2. Verify AWS AD Is Operational by using AD Explorer
  3. Verify AWS AD Is Operational by a Aviatrix Controller with LDAP login verification.
  4. Verify AWS AD Is Operational by a Aviatrix OpenVPN Server with LDAP login verification.

Prerequisites

In order to complete the steps in this guide, you’ll need:

  1. AWS Account
  2. An Aviatrix Controller which has already onboarded above AWS account

Setting Up Your Base AWS Managed Microsoft AD in AWS

Step A: Set Up Your AWS Environment for AWS Managed Microsoft AD

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/microsoftadbasestep1.html

Step B: Create Your AWS Managed Microsoft AD Directory in AWS

https://docs.aws.amazon.com/en_us/directoryservice/latest/admin-guide/microsoftadbasestep2.html

Create Your AWS Managed Microsoft AD directory In this example, following domain and dns are created

Domain Name: aws-ad.aviatrixtest.com Two domain Name servers are created by AWS AD: 172.31.28.253, 172.31.14.48 image0 image4

Step C: Deploy an EC2 Instance to Manage AWS Managed Microsoft AD

Follow these steps to configure Microsoft AD of your Windows Server EC2 Instance

  1. Deploy an EC2 Instance to Manage AWS Managed Microsoft AD Check Detail Here
  2. Manually Join a Windows Instance Check Detail Here

Note

TIPS: Using the these commands from a command prompt on the instance for above %SystemRoot%system32control.exe ncpa.cpl => Make sure two domain controller IP is in your dns setup %SystemRoot%system32control.exe sysdm.cpl ==> Join domain

image3 image6

Step D: Configure LDAP After login to EC2 Instnace with AD authentication (aws-ad.aviatrixtest.comAdmin), configure another user “aduser” to AWS AD domain

image7

Verify AWS AD Is Operational by using AD Explorer

You can download Microsoft AD Explorer from this link

Verify LDAP information for example Bind DN and Base DN and store them for further Aviatrix Controller and OpenVPN LDAP authentication.

image2 image1

Verify AWS AD Is Operational by a Aviatrix Controller with LDAP login verification.

In Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input LDAP information from AD Explorer and verify LDAP connection.

image8

Verify AWS AD Is Operational by a Aviatrix OpenVPN Server with LDAP login verification.

In Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input LDAP information from AD Explorer and verify LDAP connection.

image10

OpenVPN is a registered trademark of OpenVPN Inc.