sprint 3 documentation - drewwbikk/capstone GitHub Wiki
This is necessary to broadcast domain and DNS information out to the instances on the VPC.
Navigate to the VPC console -> DHCP option sets -> Create DHCP options set. Then, enter the Domain name, and the Domain name servers (make sure to enter ad02's IP as a backup DNS, since that will be set up soon).
Then, associate this new DHCP options set with your VPC (under Actions).
Now, when the instances` DHCP addresses are renewed, they will obtain the new DNS and domain information, allowing them to access DNS.
First, we must create AD sites and subnets for both the local and remote locations. Open Active Directory Sites and Services for ad01 (do this on mgmt01). First, create a new site.
Then, rename the default site to Premise.
Now, create two new subnets.
Launch server manager on ad02. Then, click on the Workgroup to enter the System Properties. Then, change the Computer name to ad02-yourname and add it as a member of yourname.local.
💡 Note: If you get an error, it is likely the firewall on ad01 is blocking a port necessary. Run PortQryUI and run the Domains and Trusts query pointed at ad01.
Once you restart, use RDP the RDP file to log into the instance again, but use "Other User" and log in via a domain user.
In server manager, add ad02 as a managed server.
Add Roles and Features -> select ad02 -> choose Active Directory Domain Services role (check Install Applicable Management Tools) -> Install.
Then, the server must be promoted to a domain controller. Default options should be fine here. Just make sure it's set in the AWS site.
Be sure that DNS has been replicated to ad02. It may take some time after promoting it to a domain controller, but it should replicate. All A records can be located in the same Forward Lookup Zone. However, a separate Reverse Lookup Zone must be created for PTR records in the 192.168.0.0 subnet.
To do this, open DNS manager, select one of the Domain Controllers, and right-click on Reverse Lookup Zones. Add a new zone.
When done, go into the Forward Lookup Zone and update the PTR for ad02. It will automatically add the PTR record into the new reverse zone you just created.
It will take some time for the new zone to replicate over to the other domain controller. Now is a good time to add ad02 as a secondary DNS server in the on-premise DHCP.
Remember to also update any machines that are statically assigned IP addresses (they won't use DHCP to get this info!).
Now is also a great time to add the VPN A records, and the web02 A record.
💡 If you need to force replication, you can do this in Active Directory Sites and Services. Go to the Premise Site and Expand Servers -> ad01 -> NTDS Settings. Then, right-click the connection object, and click Replicate Now.
Lastly, we will need to redo our DHCP options set for our VPC in AWS to set ad02 as the primary DNS server on that subnet.
In AWS, deploy a new EC2 instance running CentOS 7 on a t2.micro instance (There are no Windows 10 AMIs available, only server AMIs. If you want to create your own AMI from a VMWare image running Windows Desktop, you can.). Be sure to put it on the correct VPC and subnet. Create a new security group for general workstations as well (I named mine wks-sg).
💡 Note: You have a couple of options here. Now that the site-to-site VPN is working, you could connect to this instance solely by private IP. Or, you can also associate an Elastic IP with it.
Use the following command to install the packages needed:
sudo yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd
Use the following command to join the linux server to the domain:
realm join [email protected] yourdomain.local
Be sure to make the domain capital letters in order to help realm discover the domain correctly.
Use the following command to check if the domain join was a success. If it is, you will see your domain's details in the output:
realm list
