- Newest
- Most votes
- Most comments
Hello.
Can I join a domain if I configure EC2 to point directly to my on-premises AD DC instead of via ADConnecter?
First of all, I think it would be a good idea to check whether you can refer to the on-premises AD DC from the machine on the VPC.
By the way, do you meet all the prerequisites listed in the document below?
For example, have the service account settings been completed correctly?
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_getting_started.html#prereq_connector
Thank you for the reply.
I have ensured all prereq's have been configured to the best of my knowledge as per documentation, with exception of AWS IAM Identity Centre prerequisites and Multi-factor authentication prerequisites as I simply want to use On-Prem AD creds.
I have now also managed to domain join an EC2 instance to my on-prem domain by applying Route 53 inbound endpoint and rules, although when I try to create the directory once again via the AD Connector I still receive the DNS Port 53 error.
I believe I have everything in place but still no joy! any further advice or suggestions are welcomed!
Thanks
Mark
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
By the way, is communication reaching the on-premises AD DC from AD Connector? For example, try obtaining a packet capture on AD DC and confirming that communication is being received from AD Connector. If the communication is not reaching AD DC, there is a possibility that the communication is blocked on the way.
I think the following blog will be helpful for setting up AD Connector itself. https://theithollow.com/2018/04/23/aws-directory-service-ad-connector/
By the way, I don't really trust it, but I also found a report where an error occurred because the user's password was not complex enough. https://serverfault.com/questions/843776/aws-ad-connector-to-on-premise-ad-failed