To set up DNS emulation on-premises, we will utilize the AWS Directory Service to deploy AWS Managed Microsoft Active Directory in two private subnets created by CloudFormation, as illustrated below:
Log in to the AWS Console and navigate to the Directory Service console by using the search box and selecting Directory Services.
Ensure that you have chosen the appropriate Region. Check the top left corner of the AWS Console and select the desired Region (For instance, we’re selecting ap-southeast-1).
If this is your first time accessing Directory Services in your region, you will be directed to the initial welcome screen. Expand the left sidebar and click on Directories.
Select Directory types and then choose AWS Managed Microsoft AD.
On the “Enter Directory Information” page, provide the following details:
For Edition, select Standard Edition.
For Directory DNS name, use onprem.example.com
(ensure this DNS name is unique among your directories).
For Directory NetBIOS name, use onprem
(ensure this NetBIOS name is unique among your directories).
Proceed with the configuration:
For Directory Description, use this to simulate the on-prem AD
.
Set an Admin Password that you can remember. Note the password complexity requirements provided on the screen.
Confirm the password by entering it again.
Click on Next.
In the “Choose VPC and subnets” section, select the VPC named HybridDNS-VPCStack that we previously created, along with two private subnets: Private subnet 1A and Private subnet 2A. Then, proceed to the next step.
On the “Review & create” screen, carefully review the settings, and then click on Create Directory.
The creation of the directory will take approximately 20 minutes. During this time, AWS will provision two Windows servers and promote them to Active Directory domain controllers for the specified AD forest. This forest will be a new AD forest. The process will be marked as complete when the status changes to Active.
Once the directory has been successfully created, you can view its details by clicking on the Directory ID. The two DNS IP addresses listed represent the IP addresses of elastic network interfaces (ENI) associated with your availability zone for communication with AWS Managed Microsoft AD Domain Controllers.