Menu
Active Directory Domain Services on AWS
Quick Start Reference Deployment Guide

Step 2. Launch the Quick Start

In this section, we’ve provided general instructions for deploying the templates in the AWS CloudFormation console, followed by links and parameter tables for each scenario.

  1. Choose one of the following options to deploy the AWS CloudFormation template into your AWS account. For help choosing an option, see the discussion of deployment scenarios earlier in this guide.

    Scenario 1

    Deploy and manage your own AD DS installation on AWS

    
                                                Quick Start launch button for AD DS scenario
                                                  1

    (or launch in existing VPC)

    Scenario 2

    Extend your on-premises AD DS to AWS

    
                                                Quick Start launch button for AD DS scenario
                                                  2

    (or launch in existing VPC)

    Scenario 3

    Deploy AD DS with AWS Directory Service on AWS

    
                                                Quick Start launch button for AD DS scenario
                                                  3

    (or launch in existing VPC)

    The template is launched in the US East (Ohio) Region by default. You can change the region by using the region selector in the navigation bar.

    Each deployment takes approximately one hour.

    Note

    You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For cost estimates, see the pricing pages for each AWS service you will be using in this Quick Start.

  2. On the Select Template page, keep the default URL for the AWS CloudFormation template, and then choose Next.

  3. On the Specify Details page, review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    Note

    You can also download the templates and edit them to create your own parameters based on your specific deployment scenario.

    In the following tables, parameters are listed and described separately for scenario 1, scenario 2, and scenario 3.

    Note

    The two templates provided for each scenario share most, but not all, of the same parameters. For example, the template for an existing VPC also prompts you for the VPC and private subnet IDs in your existing VPC environment.

    Scenario 1: Parameters for deploying and managing your own AD DS

    View the template for new VPC       View the template for existing VPC

    Network configuration:

    Parameter label Parameter name Default Description
    Availability Zones AvailabilityZones Requires input The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify.
    VPC CIDR VPCCIDR 10.0.0.0/16 CIDR block for the Amazon VPC.
    Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 CIDR block for the private subnet located in Availability Zone 1.
    Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 CIDR block for the private subnet located in Availability Zone 2.
    Public Subnet 1 CIDR PublicSubnet1CIDR 10.0.128.0/20 CIDR block for the public subnet located in Availability Zone 1.
    Public Subnet 2 CIDR PublicSubnet2CIDR 10.0.144.0/20 CIDR block for the public subnet located in Availability Zone 2.
    Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input Allowed CIDR block for external access to the Remote Desktop Gateway instances. We recommend that you set this value to a trusted CIDR block.

    Amazon EC2 configuration:

    Parameter label Parameter name Default Description
    Key Pair Name KeyPairName Requires input Public/private key pair, which enables you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Domain Controller 1 Instance Type ADServer1InstanceType m4.xlarge EC2 instance type for the first Active Directory instance.
    Domain Controller 1 NetBIOS Name ADServer1NetBIOSName DC1 NetBIOS name of the first Active Directory server. This can be up to 15 characters long.
    Domain Controller 1 Private IP Address ADServer1PrivateIP 10.0.0.10 Fixed private IP for the first Active Directory server located in Availability Zone 1.
    Domain Controller 2 Instance Type ADServer2InstanceType m4.xlarge EC2 instance type for the second Active Directory instance.
    Domain Controller 2 NetBIOS Name ADServer2NetBIOSName DC2 NetBIOS name of the second Active Directory server. This can be up to 15 characters long.
    Domain Controller 2 Private IP Address ADServer2PrivateIP 10.0.32.10 Fixed private IP for the second Active Directory server located in Availability Zone 1.
    Remote Desktop Gateway Instance Type RDGWInstanceType t2.large EC2 instance type for the first Remote Desktop Gateway instance.

    Microsoft Active Directory configuration:

    Parameter label Parameter name Default Description
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.
    Domain NetBIOS Name DomainNetBIOSName example NetBIOS name of the domain for users of earlier versions of Windows. This can be up to 15 characters long.
    Restore Mode Password RestoreModePassword Requires input Password for a separate administrator account when the domain controller is in restore mode. This must be a complex password that’s at least 8 characters long.
    Domain Admin User Name DomainAdminUser StackAdmin User name for the account that is added as domain administrator. This is separate from the default administrator account.
    Domain Admin Password DomainAdminPassword Requires input Password for the domain administrator user. This must be a complex password that’s at least 8 characters long.

    Microsoft Remote Desktop Gateway configuration:

    Parameter label Parameter name Default Description
    Number of RDGW Hosts NumberOfRDGWHosts 1 The number of RD Gateway instances to create. You can choose 1-4 instances.

    AWS Quick Start configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 Bucket Name QSS3BucketName quickstart-reference S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 Key Prefix QSS3KeyPrefix microsoft/activedirectory/latest/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes.

    Scenario 2: Parameters for extending your on-premises AD DS to AWS

    View the template for new VPC       View the template for existing VPC

    Note

    The default CIDR ranges in this template are provided as examples to help you get started and can be modified to meet your specific requirements. Note that the provided CIDR blocks may overlap with your on-premises networks. If this is the case, you’ll need use unique CIDR ranges to successfully deploy a VPN connection.

    Network configuration:

    Parameter label Parameter name Default Description
    Availability Zones AvailabilityZones Requires input The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify.
    VPC CIDR VPCCIDR 10.0.0.0/16 CIDR block for the VPC.
    Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 CIDR block for the private subnet located in Availability Zone 1.
    Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 CIDR block for the private subnet located in Availability Zone 2.
    Public Subnet 1 CIDR PublicSubnet1CIDR 10.0.128.0/20 CIDR block for the public subnet located in Availability Zone 1.
    Public Subnet 2 CIDR PublicSubnet2CIDR 10.0.144.0/20 CIDR block for the public subnet located in Availability Zone 2.
    Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input Allowed CIDR block for external access to the Remote Desktop Gateway instances. We recommend that you set this value to a trusted CIDR block.

    Amazon EC2 configuration:

    Parameter label Parameter name Default Description
    Key Pair Name KeyPairName Requires input Public/private key pair, which enables you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Domain Controller 1 Instance Type ADServer1InstanceType m4.xlarge EC2 instance type for the first Active Directory instance.
    Domain Controller 1 NetBIOS Name ADServer1NetBIOSName DC1 NetBIOS name of the first Active Directory server. This can be up to 15 characters long.
    Domain Controller 1 Private IP Address ADServer1PrivateIp 10.0.0.10 Fixed private IP for the first Active Directory server located in Availability Zone 1.
    Domain Controller 2 Instance Type ADServer2InstanceType m4.xlarge EC2 instance type for the second Active Directory instance.
    Domain Controller 2 NetBIOS Name ADServer2NetBIOSName DC2 NetBIOS name of the second Active Directory server. This can be up to 15 characters long.
    Domain Controller 2 Private IP Address ADServer2PrivateIp 10.0.32.10 Fixed private IP for the second Active Directory server located in Availability Zone 1.
    Remote Desktop Gateway Instance Type RDGWInstanceType t2.large EC2 instance type for the first Remote Desktop Gateway instance.

    Microsoft Remote Desktop Gateway configuration:

    Parameter label Parameter name Default Description
    Number of RDGW Hosts NumberOfRDGWHosts 1 The number of RD Gateway instances to create. You can choose 1-4 instances.
    Admin User AdminUser StackAdmin User name for the new local administrator account.
    Admin Password AdminPassword Requires input Password for the administrative account. This must be a complex password that’s at least 8 characters long.
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.

    AWS Quick Start configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 Bucket Name QSS3BucketName quickstart-reference S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 Key Prefix QSS3KeyPrefix microsoft/activedirectory/latest/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes.

    Scenario 3: Parameters for deploying AD DS with AWS Directory Service

    View the template for new VPC       View the template for existing VPC

    Network configuration:

    Parameter label Parameter name Default Description
    Availability Zones AvailabilityZones Requires input The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify.
    VPC CIDR VPCCIDR 10.0.0.0/16 CIDR block for the Amazon VPC.
    Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 CIDR block for the private subnet located in Availability Zone 1.
    Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 CIDR block for the private subnet located in Availability Zone 2.
    Public Subnet 1 CIDR PublicSubnet1CIDR 10.0.128.0/20 CIDR block for the public subnet located in Availability Zone 1.
    Public Subnet 2 CIDR PublicSubnet2CIDR 10.0.144.0/20 CIDR block for the public subnet located in Availability Zone 2.
    Allowed Remote Desktop Gateway External Access CIDR RDGWCIDR Requires input Allowed CIDR block for external access to the Remote Desktop Gateway instances. We recommend that you set this value to a trusted CIDR block.

    Amazon EC2 configuration:

    Parameter label Parameter name Default Description
    Key Pair Name KeyPairName Requires input Public/private key pair, which enables you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Remote Desktop Gateway Instance Type RDGWInstanceType t2.large EC2 instance type for the first Remote Desktop Gateway instance.

    Microsoft Active Directory configuration:

    Parameter label Parameter name Default Description
    Domain DNS Name DomainDNSName example.com Fully qualified domain name (FQDN) of the forest root domain.
    Domain NetBIOS Name DomainNetBIOSName example NetBIOS name of the domain for users of earlier versions of Windows. This can be up to 15 characters long.
    Domain Admin Password DomainAdminPassword Requires input Password for the domain administrator user. This must be a complex password that’s at least 8 characters long.

    Microsoft Remote Desktop Gateway configuration:

    Parameter label Parameter name Default Description
    Number of RDGW Hosts NumberOfRDGWHosts 1 The number of RD Gateway instances to create. You can choose 1-4 instances.

    AWS Quick Start configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 Bucket Name QSS3BucketName quickstart-reference S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 Key Prefix QSS3KeyPrefix microsoft/activedirectory/latest/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes.
  4. On the Options page, you can specify tags (key-value pairs) for resources in your stack and set additional options. When you're done, choose Next.

  5. On the Review page, review and confirm the template settings. Under Capabilities, select the checkbox to acknowledge that the template will create IAM resources.

  6. Choose Create to deploy the stack.

  7. Monitor the status of the stack. When the status is CREATE_COMPLETE, the AD DS cluster is ready.