"A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controllers". (Wikipedia) Based on this definition, in order to have a Windows Domain, we need the following configuration: 1. Domain Controller 2. Add Computers to the domain The configuration above seems to be straight forward except that we are in the cloud and more importantly we are on Amazon Web Service (AWS), not on Microsoft Azure (Azure). Why is this important? Windows Domains are easy to setup on Azure because they are Microsoft products thus they are natively suited for that environment. This does not mean that we can't setup a good Windows Domain on AWS.

1. Setting up a Windows Domain in AWS
"A Windows domain is a form of a computer network in which all user accounts, computers, printers and
other security principals, are registered with a central database located on one or more clusters of central
computers known as domain controllers". (Wikipedia)
Based on this definition, in order to have a Windows Domain, we need the following configuration:
1. Domain Controller
2. Add Computers to the domain
The configuration above seems to be straight forward except that we are in the cloud and more
importantly we are on Amazon Web Service (AWS), not on Microsoft Azure (Azure).
Why is this important?
Windows Domains are easy to setup on Azure because they are Microsoft products thus they are
natively suited for that environment. This does not mean that we can't setup a good Windows Domain
on AWS.
The following lines will demonstrate how to do this.
Prerequisites for a Windows Domains on AWS
Because this is a short article, I will assume that you are able to do the following:
• Setting up a Virtual Private Cloud (VPC)
• Setting up Internet Gateway
• Setting up Subnets and understand the principles behind it
• Configure a Route table and its rules
• Setting up Security Group
Provisioning your Datacenter (your VPC)
I will use spot instances for this demo because they are cheaper and they allow me to use powerful
instances.
I will request spot instances fleet of 3 instances as below:
Request Id :sfr-3ceeb6f0-b8d4-4c1e-87e5-ebec086ce481
Request type: fleet
Created :8/24/2017, 12:27:50 PM
State: Active
Status: Fulfilled
Target capacity: 3
Allocation strategy: lowestPrice
Instance type(s): m3.medium
AMI ID ami-ef7cf4f9
Subnet subnet-rf33f44ebc

2. IAM fleet role : aws-ec2-spot-fleet-tagging-role
Max price : $0.1
Persistence maintain
Key pair name keypair
IAM role EC2AdminAccessRole
EBS-optimized no
Request valid from 8/24/2017, 12:24:55 PM
Request valid until 8/25/2018, 12:24:55 PM
Terminate instances at expiration yes
Comments about the fleet request
I have requested a 3 m3. medium instances and I decided that I wanted to maintain them.
I set the maximum bidding price to $0.1/hour per instance. My fleet request is only valid for 24 hours.
Instances role
• 1 instance will be the domain controller
• 1 instance will be a SAN server and a domain client
• 1 instance will be a SAN client and a domain client
More on the SAN server and client in my next article (I will put the link of this article here).
Configure the domain controller
Now that I have my instances created, I will configure my domain controller. I don't need a very
powerful server because my EC2 instance will only be a domain controller.
EC2 Description:
Operating System: Microsoft Windows Server 2016 Datacenter
Hardware Information: Xen HV domU
Processors: Inter ® Xeon ® CPU ES-2670v2@2.50GHz
Installed Memory (RAM): 3.75 GB
Total disk space: 30 GB
Domain controller configuration
1. Login in to the EC2 instance using the Remote Desktop file that I download the from AWS EC2.
2. Click on Start >> Server Manager
3. The following screenshots show the steps that leads to the creation of the new Forrest ( New
domain)
a. Click on "add roles and Features"

3. b. Select the "Role-based or feature-based installation" check box in the next windows.

4. c. Check the "Active Directory Domain Service"
d. Click on next and click on the "add Features " button
e. Click next the "AD DS" and the "confirmation" screens
f. Client on "Promote this server to a domain controller" link and then click on the close
button in the confirmation screen
g. At the Deployment Configuration step select the "add new forest" check box

5. My Root domain name will be "saworks.internal".
h. Follow the remaining step to finalize your domain creation
For the sake of simplicity, I am not adding the remaining screenshot.
Please contact me on twitter (@lecadou), if you have any question.
Add client to your new domain
For this demo:
• Every new client for this domain is in the same availability zone i.e the same subnet
• I shut down the firewall on the client servers so that it can allow inbound traffics from the
domain controller
I use the following steps to join the " saworks.internal" domain
1. From Server Management select " Local server "
2. Click on " workgroup" to join to the domain

6. 3. Once completed the local server proprieties will change to the screen below
At this step, I now have 2 servers in my domain " Saworks.internal". I will do the same for the last server,
the SAN Client.
Conclusion
The Windows Domain on AWS is different than creating it on a private data center or on premise.
The main challenge comes when you have to configure your VPC and its related features and services
such as subnets, routes etc...
Another key to this process is the shutdown of the windows firewall of the client servers to allow
inbound traffic from the domain controller.
Julien-Robert LECADOU,M.S jr@saworks.io, @lecadou , whatsup : 845 536 2631.
Please contact me, if you face challenges moving to the cloud. I am here to help.