Install the Active Directory Administration Tools for AWS Managed Microsoft AD - AWS Directory Service

Install the Active Directory Administration Tools for AWS Managed Microsoft AD

To manage your Active Directory from an Amazon EC2 Windows Server instance, you need to install the Active Directory Domain Services and Active Directory Lightweight Directory Services Tools on the instance. Use the following procedure to install these tools on an EC2 Windows Server instance.

Before you can begin this procedure, complete the following:

  1. Create an AWS Managed Microsoft AD Active Directory. For more information, see Create your AWS Managed Microsoft AD Active Directory.

  2. Launch and join an EC2 Windows Server instance to your AWS Managed Microsoft AD Active Directory. The EC2 instance needs the following policies to create users and groups: AWSSSMManagedInstanceCore and AmazonSSMDirectoryServiceAccess. For more information, see Launch directory administration instance in your AWS Managed Microsoft AD Active Directory and Seamlessly join an Amazon EC2 Windows instance to your AWS Managed Microsoft AD Active Directory.

  3. You will need the credentials for your Active Directory domain Administrator. These credentials were created when the AWS Managed Microsoft AD was created. If you followed the procedure in Create your AWS Managed Microsoft AD Active Directory, your Administrator username includes your NetBIOS name, corp\admin.

Install the Active Directory Administration Tools on EC2 Windows Server instance

To install the Active Directory administration tools on EC2 Windows Server instance
  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the Amazon EC2 console, choose Instances, select the Windows Server instance, and then choose Connect.

  3. In the Connect to instance page, choose RDP client.

  4. In the RDP client tab, choose Download Remote Desktop File, then choose Get Password to retrieve your password.

  5. In the Get Windows password, choose Upload private key file. Choose the .pem private key file associated with the Windows Server instance. After uploading the private key file, select Decrypt password.

  6. In the Windows Security dialog box, copy your local administrator credentials for the Windows Server computer to sign in. The username can be in the following formats: NetBIOS-Name\admin or DNS-Name\admin. For example, corp\admin would be the username if you followed the procedure in Create your AWS Managed Microsoft AD Active Directory.

  7. Once signed in to the Windows Server instance, open Server Manager from the Start menu by choosing Server Manager.

  8. In the Server Manager Dashboard, choose Add roles and features.

  9. In the Add Roles and Features Wizard choose Installation Type, select Role-based or feature-based installation, and choose Next.

  10. Under Server Selection, make sure the local server is selected, and choose Features in the left navigation pane.

  11. In the Features tree, select and open Remote Server Administration Tools, Role Administration Tools, and AD DS and AD LDS Tools. With AD DS and AD LDS Tools selected, Active Directory module for Windows PowerShell, AD DS Tools, and AD LDS Snap-ins and Command-Line Tools are selected. Scroll down and select DNS Server Tools, and then choose Next.

    
                        Installing Microsoft AD Tools, the Add Roles and Features Wizard Features Tree with tools selected.
  12. Review the information and choose Install. When the feature installation is finished, the Active Directory Domain Services and Active Directory Lightweight Directory Services Tools are available from the Start menu in the Administrative Tools folder.

Alternative Methods to installing Active Directory Administration Tools on EC2 Windows Server instance

  • Here are some other methods to install the Active Directory Administration Tools:

    • You can optionally choose to install the Active Directory Administration Tools using Windows PowerShell. For example, you can install the Active Directory remote administration tools from a PowerShell prompt using Install-WindowsFeature RSAT-ADDS. For more information, see Install-WindowsFeature on the Microsoft website.

    • You can also launch a directory administration EC2 instance in the AWS Management Console that already has the Active Directory Domain Services and Active Directory Lightweight Directory Services Tools installed by following the procedures in Launch directory administration instance in your AWS Managed Microsoft AD Active Directory.