Automatically Add EC2 Instances to Active Directory Domain – Part 1

Windows Servers are in AWS will show some glitches in sometimes. My previous article explains how Windows Server 2016 had some issues with DNS Suffix and Forwarders. This time I got a chance to play around with PowerShell automations. The requirement is automatically add EC2 instances to Active directory domain during the instance launch. It might be an On Demand purpose ec2 or launched by an Auto scaling group.

Wait, you may think like there are many blog posts available in AWS, then what else I wrote. The reason for this blog post is all of the AWS Blogs were using Cloudformation templates and SSM Agents to Automate this. In one post AWS Directory Service is also used. But here we aren’t gonna use any additional AWS Services except S3.

Part 2 will have my own encrypting method using AES Encryption to encrypt the user name and password without converting the PS file to EXE.

The challenge while adding the DNS:

By using the below Powershell command we can add the Primary and Secondary DNS IP for windows servers.

Set-DNSClientServerAddress -interfaceAlias Ethernet -ServerAddresses ("X.X.X.X")

OR

Set-DNSClientServerAddress -interfaceIndex 12 -ServerAddresses ("X.X.X.X")

Here the interfaceAlias is Ethernet and interfaceIndex 12, but its not same for all the instances. interfaceIndex will be varying for each instance even if those all are same instance type. But interfaceAlias will be varying based on the instance type.

Solution:

To mitigate this, I have extracted the actual Alias name from the NetAdapter cmdlet function,

Get-NetAdapter | where {$_.ifDesc -notlike "TAP*"} | foreach InterfaceAlias | select -First 1

This will give us the exact alias name. If we have more than one ENI, then it’ll pick the first one.

Lets start implementing the solution.

Continue Reading from my blog

http://www.sqlgossip.com/automatically-add-ec2-instances-to-ad-part-1/