1

So we want to let developers have access into AWS natively, and when building a windows machine have it automatically join the domain and potentially add some tools, etc. Since I am used to using the native Amazon AMIs without domain infrastructure, what is the best way to go about doing this?

Appreciate any help!

Shyatic
  • 141
  • 1
  • 2
  • 6
  • http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Using_WinAMI.html – Michael Hampton Sep 03 '14 at 16:22
  • Doesn't give a lot of guidance around domain joins. – Shyatic Sep 03 '14 at 16:24
  • 2
    So you want to know how to automatically join a domain? Or run sysprep? Or....what? – Michael Hampton Sep 03 '14 at 16:25
  • 1
    "I am used to using the native Amazon AMIs without domain infrastructure" You can't join a non-existent domain... I think you need to clarify your question with exactly what you want to do. If you have DNS resolution working properly there is nothing unusual about the AWS AMIs – TheFiddlerWins Sep 03 '14 at 16:59
  • We have a domain built out, my question is more on launching a new server, that it autojoins the domain. – Shyatic Sep 03 '14 at 17:24

2 Answers2

3

Amazon have recently made this an easier process via the new Amazon Directory Service. You can run a stand alone AD domain "Simple AD" or extend an existing AS to AWS via the "AD Connector"

Essentially Amazon provides something called "SSM" or Simple Systems Manager that helps you manage Windows instances. One of those facilities is "Domain Join". Once you have your sample AD setup, you can use the Domain Join facility described below here. Basically you create an "SSM" document with your AD details and associate this document with your instance.

Ameer Deen
  • 3,598
  • 4
  • 26
  • 27
0

Here is what I have used in the past - just make sure you have the domain infrastructure in place:

$UserData = [System.Convert]::ToBase64String(
    [System.Text.Encoding]::ASCII.GetBytes(@‘
<powershell>
Get-NetFirewallRule | Where { $_.DisplayName -eq “Windows Management Instrumentation (ASync-In)” } |               Enable-NetFirewallRule

Get-NetFirewallRule | Where { $_.DisplayName -eq “Windows Management Instrumentation (DCOM-In)” } |      Enable-NetFirewallRule

Get-NetFirewallRule | Where { $_.DisplayName -eq “Windows Management Instrumentation (WMI-In)” } |    Enable-NetFirewallRule
</powershell>
‘@))

$Reservation = New-EC2Instance - ImageId $AMI -KeyName $KeyName -SubnetId $SubnetId -InstanceType        $InstanceType -MinCount 1 -MaxCount 1 -UserData $UserData

$Instance = $Reservation.RunningInstance[0].InstanceId
$IP = $Reservation.RunningInstance[0].PrivateIpAddress

$Tag = New-Object Amazon.EC2.Model.Tag
$Tag.Key = ‘Name’
$Tag.Value = $ServerName
New-EC2Tag -ResourceId $Instance -Tag $Tag

$LocalPassword = $null
While( $LocalPassword -eq $null) {
Try {
  Write-Host “Waiting for Password.”
   $LocalPassword = Get-EC2PasswordData -InstanceId $InstanceId
        -PemFile $PemFile -ErrorAction SilentlyContinue
]Catch{}
Start-Sleep -s 60

$DomainPassword = $DomainPassword | ConvertTo-SecureString -asPlainText -Force
$DomainCredential = New-Object System.Management.Automation.PSCredential(“administrator”,    $LocalPassword)

Add-Computer -ComputerName $LocalComputer -LocalCredential $LocalCredential
 -NewName $ServerName -DomainName $DomainName
 -Credential $DomainCredential -Restart -Force
Scott Moore
  • 561
  • 1
  • 4
  • 11