AWS Active Directory Tutorial

  1. Create an AWS Managed Microsoft AD directory

First, you’ll need to create an AWS Managed Microsoft AD directory. You can do this by running the following command:

aws ds create-directory --name my-directory --password mypassword --edition Standard --size Small

This command creates a new directory named “my-directory” with the password “mypassword”. You can change these values to something more appropriate for your needs. The “edition” parameter specifies which edition of AWS Managed Microsoft AD to use (Standard or Enterprise), and the “size” parameter specifies the size of the directory (Small, Large, or xLarge).

  1. Configure DNS

After your directory is created, you’ll need to configure DNS. This is necessary so that your instances can locate and communicate with the directory. You can do this by running the following command:

aws ds create-dns --directory-id my-directory --dns-ip-addresses 10.0.0.2 10.0.0.3

This command creates DNS records for your directory using the IP addresses 10.0.0.2 and 10.0.0.3. You’ll need to replace these values with the IP addresses of your own directory.

  1. Launch EC2 instance and join domain

Next, you’ll need to launch an EC2 instance and join it to your directory. You can do this by running the following commands:

aws ec2 run-instances --image-id ami-0c55b159cbfafe1f0 --count 1 --instance-type t2.micro --key-name my-key-pair --security-group-ids sg-xxxxxxxx --subnet-id subnet-xxxxxxxx

aws ds create-computer --directory-id my-directory --computer-name my-instance --password mypassword

aws ds create-trust --directory-id my-directory --remote-domain-name mydomain.com --trust-password mypassword

The first command launches a new EC2 instance using the specified AMI, instance type, key pair, security group, and subnet. You’ll need to replace these values with your own.

The second command creates a new computer object in your directory with the specified name and password. You’ll need to replace “my-instance” and “mypassword” with your own values.

The third command creates a trust relationship between your AWS Managed Microsoft AD directory and an external domain. You’ll need to replace “mydomain.com” and “mypassword” with your own values.

  1. Test Active Directory

Finally, you can test that your Active Directory is working properly by running the following command:

aws ds describe-directories --directory-ids my-directory

This command will return information about your directory, including its status and DNS information. If everything is working properly, you should see a “DirectoryStatus” of “Active”.

Congratulations, you’ve successfully set up AWS Active Directory with CLI commands!