Microsoft AD on AWS, Prepare On-Prem AD for 2 Way Trust

Anuj Varma — Tue, 06 Feb 2018 18:25:00 +0000

Microsoft AD creates a fully managed, Microsoft Active Directory in the AWS cloud and is powered by Windows Server 2012 R2 and operates at the 2012 R2 functional level.

When you create a directory with Microsoft AD, AWS Directory Service creates two domain controllers and adds the DNS service on your behalf.

The domain controllers are created in different subnets in a VPC; this redundancy helps ensure that your directory remains accessible even if a failure occurs. If you need more domain controllers, you can add them later.

What gets created?

AWS Directory Service creates two domain controllers and adds the DNS service on your behalf
Creates a new AWS Reserved OU to store all AWS specific accounts
Creates a security group for the domain controllers.

Preparing On-Prem AD for 2-way Trust

Configure the on-premises firewall so that the following ports are open to the CIDRs for all subnets used by the VPC that contains your Microsoft AD.
Allow both incoming and outgoing traffic from 10.0.0.0/16 (the CIDR block of our Microsoft AD’s VPC) on the following ports:

TCP/UDP 53 – DNS
TCP/UDP 88 – Kerberos authentication
TCP/UDP 389 – LDAP
TCP 445 – – SMB

Ensure That Kerberos Pre-authentication Is Enabled
Configure DNS Conditional Forwarders for Your On-premises Domain

The post Microsoft AD on AWS, Prepare On-Prem AD for 2 Way Trust appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

AD on AWS Archives - Anuj Varma, Hands-On Technology Architect, Clean Air Activist

Microsoft AD on AWS, Prepare On-Prem AD for 2 Way Trust

What gets created?

Preparing On-Prem AD for 2-way Trust

Ensure That Kerberos Pre-authentication Is Enabled

Configure DNS Conditional Forwarders for Your On-premises Domain