0

I have the following network setup and try to join EC2 instances with an on-prem active directory.

  1. Ec2 running inside a private non-routable subnet
  2. Ad connector runs in a on-prem connected subnet
  3. the domain is dns resolvable throughout the whole VPC

In this setup is it possible to join the ec2 instance through the AD connector without having the instance a direct connection to the on-prem AD?

When the AD Connector is up and running with status active, should it show up in the on-prem directory as domain controller?

Anyone experience which Windows Server versions are supported for the AD connector? Server 2019?

f7o
  • 663
  • 4
  • 8

1 Answers1

0

After a dive deep in this topic i have answers, which might help others looking into topics arround AD on AWS.

  • The AD Connector only helps with joining an instance to your AD
  • The wording proxy is meant literally (not a technical proxy server), it is the proxy which creates the computer object inside your AD for you, afterwards you need to join the instance (mostly done using a AWS Systems Manager AWS-JoinDirectoryServiceDomain document.
  • The Ec2 instance in fact needs direct network connectivity with the domain controller, of course the domain (fully qualified) needs to be resolvable as well.

Details on the plugin for joining can be found here: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-plugins.html#aws-domainJoin

One important feature for me is, you can define a OU were the computer object should be created!

f7o
  • 663
  • 4
  • 8