- Newest
- Most votes
- Most comments
Hello! Great question and thanks for posting! How are your EC2 instances discovering the Active Directory? Are they configured to use DNS (via DHCP options sets on the VPC) or are you using Route53 (the default) and forwarding to the AD DNS servers?
This blog will help guide you to configure and select the best option: https://aws.amazon.com/blogs/networking-and-content-delivery/integrating-your-directory-services-dns-resolution-with-amazon-route-53-resolvers/
Hope this helps you! Good Luck.
Could it be that you are trying to communicate with the AWS Directory Service endpoint? You will need a VPC interface endpoint for this. See: Access AWS Directory Service APIs using an interface endpoint (AWS PrivateLink)
You'll need to make sure that private DNS is configured so that EC2 instances launched look for the proper FQDN. You can test this by manually launching an instance in a private subnet, and ping the FQDN (domain.local) or whatever that might be. If that resolves to the Managed AD endpoints, you're halfway there.
You'll need the proper permissions attached to the instance profile as well. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/launching_instance.html
Test a manual join to AD to ensure that connectivity is there as well. https://docs.aws.amazon.com/directoryservice/latest/admin-guide/join_windows_instance.html
Relevant content
- asked a month ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago