How can I host active directory from Amazon EC2?

Question

I know EC2 pretty well, but I'm totally new to Active Directory.

I'm trying to set up a computer hosting Active Directory on EC2. I want to be able to join the domain from computers running on EC2, as well as computers in my own office.

I have it working OK for computers on the same local network (VPC) as the server, but I can't join the domain from computers in our office. I'm pretty sure that the reason is because when I do a DNS query to the Active Directory Server, it's returning its own internal IP address, instead of its publicly accessible IP address.

How can I make Active Directory return the public external IP address for DNS lookups, rather than the internal IP address?

Answer 1

In general, I would never make a domain controller internet-accessible.

If it was me, I would create a site-to-AWS VPN. AWS supports VPN connectivity to most industry standard stuff (Juniper, Cisco, many others).

In the VPC dashboard:

• Create an AWS virtual private gateway
• Define your customer (on-site) gateway
• Create a VPN connection to associate the two

At that point, you'd need to create routes in the related networking gear and AWS VPC subnets so traffic is being directed appropriately.

That way, you can have nice/easy connectivity to your DC but it's across a secure channel.