AWS Managed Microsoft AD for Aviatrix

Summary

This document describes how to deploy an AWS Directory Service for Microsoft Active Directory for Aviatrix Controller LDAP and OpenVPN LDAP feature.

The AWS Directory Service for Microsoft Active Directory is an AWS service if you need an actual Microsoft Active Directory in the AWS Cloud that supports Active Directory–aware workloads, or AWS applications and services such as Amazon WorkSpaces and Amazon QuickSight, or you need LDAP support for Linux applications.

Please note that in the following steps, most involve following AWS Managed Microsoft AD Test Lab Tutorials to create LDAP service in AWS Cloud.

image9

Follow these steps to configure the AWS AD configuration in your environment and verify LDAP connection.

  1. Setting Up Your Base AWS Managed Microsoft AD in AWS
  2. Verify AWS AD Is Operational by using AD Explorer
  3. Verify AWS AD Is Operational by an Aviatrix Controller with LDAP login verification.
  4. Verify AWS AD Is Operational by an Aviatrix OpenVPN Server with LDAP login verification.

Prerequisites

In order to complete the steps in this guide, you’ll need:

  1. An AWS Account
  2. An Aviatrix Controller which has already onboarded above AWS account

Setting Up Your Base AWS Managed Microsoft AD in AWS

Step A: Set Up Your AWS Environment for AWS Managed Microsoft AD

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/microsoftadbasestep1.html

Step B: Create Your AWS Managed Microsoft AD Directory in AWS

https://docs.aws.amazon.com/en_us/directoryservice/latest/admin-guide/microsoftadbasestep2.html

Create your AWS Managed Microsoft AD directory. In this example, the following domain and dns are created

Domain Name: aws-ad.aviatrixtest.com. Two domain Name servers are created by AWS AD: 172.31.28.253, 172.31.14.48 image0 image4

Step C: Deploy an EC2 Instance to Manage AWS Managed Microsoft AD

Follow these steps to configure Microsoft AD of your Windows Server EC2 Instance.

  1. Deploy an EC2 Instance to Manage AWS Managed Microsoft AD Check Detail Here
  2. Manually Join a Windows Instance Check Detail Here

Note

TIPS: Use these commands from a command prompt on the instance above %SystemRoot%system32control.exe ncpa.cpl => Make sure the two domain controller IP is in your dns setup %SystemRoot%system32control.exe sysdm.cpl ==> Join domain

image3 image6

Step D: Configure LDAP After logging in to the EC2 Instance with AD authentication (aws-ad.aviatrixtest.comAdmin), configure another user “aduser” to AWS AD domain.

image7

Verify AWS AD Is Operational by using AD Explorer

You can download Microsoft AD Explorer from this link

Verify LDAP information, for example Bind DN and Base DN, and store them for further Aviatrix Controller and OpenVPN LDAP authentication.

image2 image1

Verify AWS AD Is Operational by an Aviatrix Controller with LDAP login verification.

In the Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input the LDAP information from AD Explorer and verify LDAP connection.

image8

Verify AWS AD Is Operational by a Aviatrix OpenVPN Server with LDAP login verification.

In the Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input LDAP information from AD Explorer and verify the LDAP connection.

image10

OpenVPN is a registered trademark of OpenVPN Inc.