Sprint 3 - drewwbikk/capstone GitHub Wiki

Deliverable Statement

Sprint 3's objective is to integrate ADDS into the cloud. This involves setting up a redundant domain controller in the cloud to the domain controller on premise, and expanding DNS to include both subnet spaces.

Objectives

  • Deploy ADDS onto the domain controller in the cloud
  • Join to the domain and add as a secondary domain controller
  • Deploy a windows workstation in the cloud and join it to the domain

Discrete Tasks

Link to Implementation Project Board

Link to Project Board for Sprint 3

  • Install ADDS
  • Join ad02 to domain
  • Add ad02 as second domain controller
  • Add AWS subnet to DNS
  • Deploy and domain join a workstation on AWS

Documentation

Sprint 3 Documentation

Outcomes

Almost all outcomes were achieved for this Sprint. ad02 was domain joined, ADDS was installed, ad02 was promoted to a domain controller, DNS was configured across the board, and a workstation was deployed and domain-joined on AWS. However, the workstation that was deployed was not a Windows workstation as it was intended to be; this is because Amazon does not supply AMIs for Windows 10 or other Windows workstation images. Therefore, a CentOS instance was deployed and domain-joined, since the purpose of that goal was showing that instances could become domain-joined.

Reflection

This Sprint went much better than Sprint 2. Overall, I am quite happy with how it turned out. I learned a lot about which ports AD needs to communicate with normal joined computers, as well as ports needed to communicate with domain controllers. I had to spend some time on this because I was having issues joining ad02 to the domain. DNS was already pointed at ad01, and in the log, everything was working right up until the domain join. I couldn't find any issues similar to mine on forums (most issues there are related to DNS). So, I figured it was a problem with the AWS security group. To test, I allowed all connections, and it still didn't work. Then, I considered Windows Firewall. After looking through Windows Firewall and researching what ports need to be open, I found that there were no rules opening these ports by default on this AMI of Windows Server. After opening the ports, and ensuring they were opened on ad01, the domain join went well. However, communicating with ad02 through mgmt01 was quite slow at first. Once it was promoted to a domain controller, I could do all work on ad01 and replicate it to ad02, eliminating the issue. For the next and final Sprint, I'll be deploying a file system that can be used both on-premise and on AWS. This Sprint, as well as Sprint 2, has shown me that I can't always count on AWS's offerings to work with my specific on-premise network, so it will be interesting to see what, if any, AWS services I use for file sharing/storage, or if I'll have to resort to potentially redundant file sharing instances on premise and AWS.