-3

I've created an Active Directory Domain Controller on a Windows Server 2012 hosted on AWS and gave it a domain name dev.insidetest.com

Now I am trying to undestand how to join my local computer to this domain.

I'm pretty new to Active Directory and just trying to set up a test environment, and trying to understand how to expose my AWS AD to the world (I understand all of the risks of completely exposing something to the world, this is just testing, no production).

I did open all of the TCP ports on my AWS instance, but can't figure out what are other steps involved and even if this is actually possible.

I've had some experience with setting up something similar, but all of the machines were on my local network, so it was a bit of a different story.

Any suggestions/help is greatly appriciated.

Update:

I did see Should I expose my Active Directory to the public Internet for remote users? but I don't think it's a duplicate, I undestand all the security risks but I am just creating a test environment to play around with LDAP. All I need to know is how to actually do it.

I'd expect that I need to specify the ip of where my AD is hosted as well as open specific TCP posts required for this type of connection.

Community
  • 1
inside
  • 95
  • 3
  • I saw that question before, I don't think it's a duplicate, since there is no real answer on how to actually expose/connect to AD, it just discusses security side of this. – inside Aug 09 '16 at 14:52
  • If your goal is to learn AD, why bother with AWS/Azure? Download the Server 2012 180 day trial and setup a local lab. – DanBig Aug 09 '16 at 17:52
  • @DanBig the goal is to connect to AD hosted on AWS from my local machine – inside Aug 09 '16 at 20:06
  • You need to make a vpn to azure, openning all port is a security risk. – yagmoth555 Aug 12 '16 at 13:37

1 Answers1

0

Your first problem will be DNS. in order for a client to join an Active Directory domain, the client must be using a DNS server that holds an authoritative zone for the domain in question. In this case only the test server you have built will have this information, assuming you installed DNS in active directory integrated mode.

Having said that, I strongly recommend you don't do this, even as a test. Once you have joined your workstation to this test domain, any compromise of the domain controller will expose any clients you have connected. Active Directory is not designed to be exposed to public networks, and there are hundreds of ways you could mis-configure it, that would allow an attacker to take control of the domain controller and anything connected to it, in a matter of minuets.

CodedBeard
  • 249
  • 2
  • 6