Active Directory in AWS

Amazon Web Services (AWS) Windows instances can be used to run Active Directory (AD) services. Installing AD is not difficult but how do you make it work in an open cloud? Augusto Rosa has a great post which shows, step-by-step, how to do it. The main effort is to make sure that EC2 security groups are created correctly so ports are open between members of the AD but not open to everyone else.

Augusto reviews DNS settings but does not include any information about delegating a sub-domain to the AD server. AD relies heavily on DNS so uses its own DNS server instance. Each AD is likely to be it’s own sub-domain and that’s certainly the case when installing AD in AWS. For example, our main domain is ‘’ and the domain for the AD is ‘’ For other members to find this server, information about the server must be included in DNS zone records of the DNS server used to store records for ‘’ zone. In our case that’s Route 53, the AWS DNS service.

This is one of those situations in which, when you know the answer, it is blindingly obvious. However when you are in the dark stumbling around trying to feel for the light switch, not so much. The answer, of course, is delegation. Initially, I’d created a new zone using Route 53 but that didn’t work. For me the answer came in this TechNet article about delegation which I found useful. After reading it I realized that it’s only necessary to add two records to the ‘’ zone:

AWS DNS Records

Now any client is able to find the sub-domain ‘’ and is able to find the nameserver for the sub-domain. I know that if anyone who knows this stuff reads this post they will be staggered that it is even necessary to write it down – and know I’m in that category. However, right now, I still remember the frustration of not quite seeing the solution so I’m committing this to a post so I can be reminded when, again, I forget in the future.

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Other Posts

Reader Comments

Sorry, comments are closed.