How to connect LDAP after joining EC2 instance to Directory Service Domain?

Question

Hi folks,
I have setup Directory Service in aws, and created windows instance(management instance) to join the domain, and I installed ldap in the windows server, configured public DNS (Alibaba cloud DNS) to point to EIP of the windows server instance, now in windows server I can use ldp.exe and local domain to connect the ldap service, but if want to use public DNS to connect the ldap service, it will fail because the DNS will be resolved as windows server address, then how can I configure the public DNS to point to domain controller? or how to configure in windows server to forward traffic to DCs?
thanks in advance if you can share your idea about this.
Best regards,
Bryan

Answer

My understanding is that the Directory Service is private so can not be directly exposed to the internet.  
Easiest way would to be add a load balancer to bridge public/private subnets pointing to the DS servers/endpoints.  
However, exposing AD to the internet is not a great idea with out lots of controls and security on AD and the VPC. Also bear in mind that AD also uses more than just a single "server" DNS record.  
  
What are you trying to achieve by opening up the directory to the internet?  
It might be easier/wiser to create a "multi site" AD setup and have a DC in another location/cloud that is connected to AWS via secure network (VPN, DX).

How to connect LDAP after joining EC2 instance to Directory Service Domain?

Relevant content