AWS Managed Microsoft Active Directory

Jul 15, 2024

Lecture on AWS Managed Microsoft Active Directory

Introduction

  • Purpose: Integrate identities with AWS workloads and services.
  • Options: Migrate and set up trusts with self-managed AD or deploy AWS Managed Microsoft AD as the primary authentication source.

Deployment Steps

Accessing Directory Service

  • Methods: Console, CLI, Infrastructure as Code.
  • Console Demonstration:
    • Default Selection: AWS Managed Microsoft AD.
    • Steps:
      1. Select Setup Directory
      2. Choose Enterprise Edition
      3. Provide DNS name and NetBIOS name
        • Example: demo.corp.local, NetBIOS: demo
      4. Set password for delegated admin account
      5. Specify VPC and subnets (e.g., uswest 1B and uswest 1C)
      6. Review options and create directory
      7. Deployment: Domain controllers and ENIs injected into subnets

Multi-Region Configuration

  • Example: Extend directory to another region (us-east-2)
    • Select VPC, non-overlapping CIDR ranges, and two subnets (2A, 2B)

Seamless Domain Join Feature

  • Purpose: Automate Windows and Linux systems joining AWS Managed AD.
    • Example: Using an EC2 instance
      • Steps:
        1. Launch instance
        2. Select directory from dropdown (demo.corp.local)
        3. Attach IAM role with necessary permissions
        4. Instance automatically joins the domain

Integration with Services

Amazon Workspaces

  • Purpose: Deploy virtual cloud-based Windows and Linux desktops.
  • Integration Steps:
    • Example: Register directory and deploy workspace
      1. Select directory in Workspaces service
      2. Register directory
      3. Choose subnets (2A, 2B)
      4. Optionally enable self-service permissions
      5. Assign users from directory or create new users
        • Example: Create user John Smith
      6. Select bundle (e.g., Free Tier)
      7. Review options and create workspaces
      8. User receives email for password reset

Amazon RDS SQL Instances

  • Purpose: Use AD credentials to access SQL databases.
  • Integration Steps:
    • Example: Create new database and enable Windows authentication
      1. Select Microsoft SQL as engine option
      2. Enable Windows authentication
      3. Select directory (e.g., demo.corp.local)
      4. Create the database

Summary

  • Capabilities Demonstrated:
    • Multi-region AD deployment
    • Seamless domain joins
    • Integration with Amazon Workspaces and RDS SQL
  • Ease of Deployment: Suitable for both testing and production.