By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Setting up Microsoft Exchange Server on EC2

0

I am trying to onboard AD and Microsoft Exchange (O365, Outlook) from a third party.

So far, I have completed this ("Test Lab") step for AWS Managed AD: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_tutorial_test_lab_base.html. This is the next: https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_tutorial_test_lab_trust.html.

I understand the above, two tutorials to be prereqs for this task - https://aws.amazon.com/blogs/modernizing-with-aws/how-to-run-microsoft-exchange-server-on-aws-using-amazon-ec2/ - however, I cannot find the second part indicated in that blog post. If anyone knows where that is, it would help.

  1. Do I need AWS Managed AD in order to have a place to bring in the third party's AD Objects (users, groups, etc)? I want my organization to be able to take advantage of AWS SSO, as well as profiles available to associate with AWS Users and Groups, as well.
  2. Do I need to set up the trust between AWS Managed AD and the self-managed Active Directory installation on EC2? I am assuming the email server will run on that same EC2, right?
Topics
Security, Identity, & ComplianceComputeAWS Well-Architected Framework
Tags
Security, Identity, & ComplianceAWS Identity and Access ManagementMicrosoft ExchangeAWS Directory ServiceSecurity
Language
English
jvg
asked a year ago468 views
1 Answer
1
Accepted Answer

I believe you don't need to set up additional EC2 AD DS instances if you use AWS Managed AD. Follow these steps to set up AD using AWS Managed AD: https://fitdevops.in/how-to-setup-aws-managed-microsoft-active-directory/ Once you have that in place you can install MS Exchange and connect it to your AWS Managed AD deployment.

However, if this is a new setup, why not just use managed services for both AD and Exchange? Look at the instructions in this video starting with Architecture #3 - https://youtu.be/14BTX5gCs38 With this setup, you can provide the same service, but you won't have to manage the Exchange configuration.

profile picture
Carlos del Castillo
answered a year ago
  • jvg
    a year ago

    Managed services for both seems like a solid way to go. Would you happen to know which pieces I need to bring from my current, third-party vendor in order to get these managed services looking and operating "the same" when I turn them on Day 1? EG, all my current users, groups (AD), and O365 applications and their content (Outlook, etc)? I have done a small AD migration in the past just for the developers in my org, and all that was really needed was the SAML config from the third party; but I have not done onboarded an email server and its contents before.

  • Carlos del Castillo
    a year ago

    There is actually a document to walk you through the migration of both Active Directory and Exchange:

    Hope this helps and good luck!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content