AWS Managed Microsoft AD for Aviatrix
Summary
This document describes how to deploy an AWS Directory Service for Microsoft Active Directory for Aviatrix Controller LDAP and OpenVPN LDAP feature.
The AWS Directory Service for Microsoft Active Directory is an AWS service if you need an actual Microsoft Active Directory in the AWS Cloud that supports Active Directory–aware workloads, or AWS applications and services such as Amazon WorkSpaces and Amazon QuickSight, or you need LDAP support for Linux applications.
Please note that in the following steps, most involve following AWS Managed Microsoft AD Test Lab Tutorials to create LDAP service in AWS Cloud.
Follow these steps to configure the AWS AD configuration in your environment and verify LDAP connection.
Setting Up Your Base AWS Managed Microsoft AD in AWS
Verify AWS AD Is Operational by using AD Explorer
Verify AWS AD Is Operational by an Aviatrix Controller with LDAP login verification.
Verify AWS AD Is Operational by an Aviatrix OpenVPN Server with LDAP login verification.
Prerequisites
In order to complete the steps in this guide, you’ll need:
An AWS Account
An Aviatrix Controller which has already onboarded above AWS account
Setting Up Your Base AWS Managed Microsoft AD in AWS
Step A: Set Up Your AWS Environment for AWS Managed Microsoft AD
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/microsoftadbasestep1.html
Step B: Create Your AWS Managed Microsoft AD Directory in AWS
https://docs.aws.amazon.com/en_us/directoryservice/latest/admin-guide/microsoftadbasestep2.html
Create your AWS Managed Microsoft AD directory. In this example, the following domain and dns are created
Domain Name: aws-ad.aviatrixtest.com.
Two domain Name servers are created by AWS AD: 172.31.28.253, 172.31.14.48
Step C: Deploy an EC2 Instance to Manage AWS Managed Microsoft AD
Follow these steps to configure Microsoft AD of your Windows Server EC2 Instance.
Deploy an EC2 Instance to Manage AWS Managed Microsoft AD Check Detail Here
Manually Join a Windows Instance Check Detail Here
Note
TIPS: Use these commands from a command prompt on the instance above %SystemRoot%system32control.exe ncpa.cpl => Make sure the two domain controller IP is in your dns setup %SystemRoot%system32control.exe sysdm.cpl ==> Join domain
Step D: Configure LDAP After logging in to the EC2 Instance with AD authentication (aws-ad.aviatrixtest.comAdmin), configure another user “aduser” to AWS AD domain.
Verify AWS AD Is Operational by using AD Explorer
You can download Microsoft AD Explorer from this link
Verify LDAP information, for example Bind DN and Base DN, and store them for further Aviatrix Controller and OpenVPN LDAP authentication.
Verify AWS AD Is Operational by an Aviatrix Controller with LDAP login verification.
In the Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input the LDAP information from AD Explorer and verify LDAP connection.
Verify AWS AD Is Operational by a Aviatrix OpenVPN Server with LDAP login verification.
In the Aviatrix Controller GUI, go to Setting > Controller > LDAP Login. Input LDAP information from AD Explorer and verify the LDAP connection.
OpenVPN is a registered trademark of OpenVPN Inc.