Prerequisites
This tutorial assumes you already have the following:
Note
Amazon Managed Microsoft AD does not support trust with Single label domains
-
An Amazon Managed Microsoft AD directory created on Amazon. If you need help doing this, see Getting started with Amazon Managed Microsoft AD.
-
An EC2 instance running Windows added to that Amazon Managed Microsoft AD. If you need help doing this, see Manually join an Amazon EC2 Windows instance to your Amazon Managed Microsoft AD Active Directory.
Important
The admin account for your Amazon Managed Microsoft AD must have administrative access to this instance.
-
The following Windows Server tools installed on that instance:
AD DS and AD LDS Tools
DNS
If you need help doing this, see Install the Active Directory Administration Tools for Amazon Managed Microsoft AD.
-
A self-managed (on-premises) Microsoft Active Directory
You must have administrative access to this directory. The same Windows Server tools as listed above must also be available for this directory.
An active connection between your self-managed network and the VPC containing your Amazon Managed Microsoft AD. If you need help doing this, see Amazon Virtual Private Cloud Connectivity Options
. A correctly set local security policy. Check
Local Security Policy > Local Policies > Security Options > Network access: Named Pipes that can be accessed anonymously
and ensure that it contains at least the following three named pipes:netlogon
samr
lsarpc
The NetBIOS and domain names must be unique and cannot be the same to establish a trust relationship
For more information about the prerequisites for creating a trust relationship, see Creating a trust relationship.
Tutorial configuration
For this tutorial, we've already created a Amazon Managed Microsoft AD and a self-managed domain. The self-managed network is connected to the Amazon Managed Microsoft AD's VPC. Following are the properties of the two directories:
Amazon Managed Microsoft AD running on Amazon
Domain name (FQDN): MyManagedAD.example.com
NetBIOS name: MyManagedAD
DNS Addresses: 10.0.10.246, 10.0.20.121
VPC CIDR: 10.0.0.0/16
The Amazon Managed Microsoft AD resides in VPC ID: vpc-12345678.
Self-managed or Amazon Managed Microsoft AD domain
Domain name (FQDN): corp.example.com
NetBIOS name: CORP
DNS Addresses: 172.16.10.153
Self-managed CIDR: 172.16.0.0/16
Next Step
Step 1: Prepare your self-managed AD Domain