Are you extending your current on premise Windows domain to AWS?
These are general directions for using TrueStack Direct Connect to extend a Windows domain to an AWS Windows server. Contact TrueStack Support for help with TrueStack Direct Connect. TrueStack does not support Windows servers or provide any warranties or guarantees for the following directions. Any modifications made to a Windows domain should be done by a qualified technician.
- First launch a new EC2 Windows Server 2012 R2 or 2016 instance in your AWS account and add it to the TrueStack security group.
- Find the private IP of the AWS Windows server in the instance description in your AWS account. I.E 10.0.0.157.
- In TrueStack Direct Connect, create an installer for your on premise Windows Domain Controller. In the Windows IP field only add the IP of the AWS Windows Server. This will allow the Windows on premise server to have access to the AWS Windows server. In the DNS IP field type in the IP of the on premise Windows Domain Controller. This will direct the VPN to get DNS from the on premise Windows server.
- Download and install the installer you just created on the on premise server. This will install on a physical or virtual server.
- After installation verify that that the on premise server VPN is connected in the console. If the computer is on and connected the name will appear in blue in the database.
- Find the IP of the TAP adapter on the on premise server. It will look similar to this 220.127.116.11. see how
- Add the IP as a Preferred DNS server on the AWS Windows server. see how
- Add the AWS Windows server to the on premise server’s domain.
- Before promoting the server, open DNS on the on premise server. Ensure the server is listening on all IP addresses and that Zone Transfers are allowed. See how
- Before promoting the server, ensure that your local administrator password on the AWS Windows server is not the same as the Domain administrator password. If it is, change the local administrator password on the AWS Windows server. See how
- Promote the AWS Windows server to a domain controller. Be sure to use domain credentials when you promote the server.
- On the on premise server the local computers need to lookup the local IP address of the server in order to find the server’s DNS name. This is probably a class A,B or C IP address similar to this 192.168.1.25. To ensure they don’t find the IP of the tap adapter, instead, which looks similar to this 18.104.22.168, turn off Zone Transfers on both servers. See how If the computers associate the TAP adapters IP with the on premise server, the computers won’t be able to access resources on the server. (Zone transfers aren’t required for AD replication however having it turned on during domain controller promotion is helpful). Also un-register the TAP connection’s IP address in DNS. See how
- Then clean up DNS. In DNS on the on premise server the IP for the on premise server should be from the local adapter, for example 192.168.1.25. On the AWS Windows server the IP for the on premise server should be the IP of the TAP adapter, for example 22.214.171.124. If, in the future, you need to sync DNS on both servers, you can turn Zone Transfers back on. Once the zones are in sync you can turn off Zone Transfers and clean up DNS again.