How do I use Systems Manager to join a new Amazon EC2 Windows instance to my Directory Service domain?

3 minute read
0

I want to use AWS Systems Manager to join a new Amazon Elastic Compute Cloud (Amazon EC2) instance to an AWS Directory Service domain.

Short description

Systems Manager automatically joins a new EC2 instance to a Directory Service domain at launch. You can host the domain on an AWS Directory Service for Microsoft Active Directory or Simple AD directory. The domain can also be in an on-premises network with an AD Connector directory gateway.

Resolution

You can seamlessly join new EC2 Windows instances to a Directory Service directory at launch with the Amazon EC2 launch instance wizard.

Prerequisites

Before you launch an EC2 Windows instance, set the following components:

Configure and launch the EC2 instance

Launch an EC2 instance with the following configurations:

  • A Windows Amazon Machine Image (AMI) that includes the AWS Systems Manager Agent (SSM Agent).
    Note: The agent is included in all AWS provided AMIs for Windows Server. For more details, see Working with SSM Agent on EC2 instances for Windows Server
  • A domain join directory created in Directory Service.
  • An IAM instance profile role configured for Systems Manager and directory access.

Verify that the instance successfully joined the domain

To verify that your EC2 instance successfully joined the domain, complete the following steps:

  1. Open the Systems Manager console.
  2. Choose your AWS Region, and then choose Fleet Manager from the navigation pane.
  3. Select the EC2 instance from the Managed Nodes list.
  4. Choose Associations.
  5. Find the association used to join the domain. The document name follows the format awsconfig_Domain_DIRECTORY_ID_DOMAIN_NAME.
    Note: In the document name, replace DIRECTORY_ID and DOMAIN_NAME with your directory ID and domain name.
  6. Verify that the Association status is Success.

Troubleshooting

If the instance fails to join the directory domain, then use the DirectoryServicePortTest application to verify that the instance communicates with Directory Service.

For more information about working with SSM Agent and other troubleshooting steps, see Working with managed nodes.

For more troubleshooting strategies, see How to troubleshoot errors that occur when you join Windows-based computers to a domain on the Microsoft website.

Related Information

How do I use AWS Systems Manager to join a running EC2 Windows instance to my AWS Directory Service domain?

How can I manage an AWS Managed Microsoft AD or Simple AD directory from an Amazon EC2 Windows instance?

AWS OFFICIAL
AWS OFFICIALUpdated 8 days ago