Master Active Directory & Client Machine Domain Setup with AWS Windows Server

Introduction :

Setting up Active Directory Domain Services (AD DS) on a Windows Server within AWS provides a secure, centralized authentication system for managing users, devices, and policies. Whether you're a system administrator, cloud engineer, or IT enthusiast, this guide will walk you through the entire process—from deploying a domain controller to joining a client machine to the domain.

By the end of this guide, you'll have a fully functional Active Directory environment running on AWS, ready for user authentication, group policies, and centralized management.

AUTHORS : Manasvi Mathur ? Aniruddh Saxena

Step 1 : Launch a Windows Server Instance in AWS

1?? Login to AWS Management Console

1. Open your web browser and go to AWS Console.
2. Click Sign in to the Console.
3. Enter your AWS Root Account or IAM user credentials.
4. Navigate to EC2 Dashboard.

2?? Launch Windows Server Instance

( Instance 1 - Active Directory Domain Controller )

• In the EC2 Dashboard, Click Launch Instance.

• Instance Name and Tags : Enter a name for your instance and assign tags if necessary.

• Select an Amazon Machine Image (AMI)

• Choose Instance Type :

° Select t2.medium (Recommended for AD DS).

° Click Next.

3?? Create Key Pair & Launch Instance

• Choose Create a new Key Pair.

• Enter Key Pair Name (e.g., Instance1).

• Choose RSA → Check .pem Key file format
• Click on Create Key Pair

4?? Network Settings

• Network: Choose your existing VPC.
• Subnet: Select a subnet in your desired AWS region.
• Auto-assign Public IP: Enable (for RDP access).
• IAM Role: Leave as None for now.

Firewall(Security Groups) → Select Create security group

• ? Allow RDP Traffic from : Anywhere (0.0.0.0/0)
• ? Allow HTTPS Traffic from the Internet
• ? Allow HTTP Traffic from the internet

5?? Add Storage

1. Specify storage requirements (default is 8 GB for free-tier).
2. Click Next.

6?? Summary

• Specify the number of instances you want to launch in the summary section.
• Review all settings to ensure everything is correct
• Click?“Launch Instance”.
• Once the instance is launched, you’ll see a success message. Scroll down and click on the “View all Instances” button.

• In the Instances List, locate your newly launched instance and wait for it to reach the “Running” state with passing status checks.

• Note Instance 1 Private IPV4 Address : 172.31.7.165

7?? Similarly Create Another Instance : Instance 2 (Window Server -Client Machine)

1. Note Instance 2 Private IPV4 Address : 172.31.4.166

8?? Configure Security Groups (Inbound & Outbound Rules)

Security Groups are needed to allow Instance 2 to communicate with Instance 1 - Active Directory Domain Controller .

8.1 Inbound Rules for Both Instances (Instance 1 & 2)

• Select Instance 1 → Scroll Down and Click on “Security”
• You’ll see Inbound and Outbound rules → Note down their Security group Name : “launch-wizard-7”

• Select “Security Groups” in Network Settings on left side. OR , Go to EC2 Dashboard → Security Groups.
• Select the Security Group attached to Instance 2 → Select “launch-wizard-7” → Go to “Inbound rules” → Click on Edit Inbound rules.

• Edit inbound rules → Click “Add rule”

• Add the following rules :

8.2 Outbound Rules for Both Instances (Instance 1 & 2)

1. Similarly select Outbound Rules for Instance 2 → “launch-wizard-7”
2. Add the following rule:

Repeat these steps for Instance 1 → Security group ( launch-wizard-6)

• Add Inbound and Outbound Rules for launch-wizard-6 (Instance 1, Security group)

Step 2 : Install Active Directory Domain Services on Instance 1 ( Active Directory Domain Controller) :

1?? Login to Instance 1 using RDP :

Get the Administrator Password:

• Go to AWS EC2 Console → Click on Instances.
• Select Instance 1 Active Directory Domain Controller).
• Click Connect

• Click on RDP Client.

• In RDP Client → Click on Download Remote Desktop File

• Click Get Password → Browse and upload your .pem key file.

• Click Decrypt Password → Copy the Administrator password.

Connect to the Windows Server using RDP:

1. Open Remote Desktop Connection (RDP) on your PC or (Win+R → type mstsc → Press Enter). In the Computer field, Enter Public IP of Instance 1 (from AWS console).

2. Click Connect → Press Enter :

• Username: Administrator
• Password: (Paste the decrypted password)

• Click OK → Click Yes to accept the security certificate

• You should now be connected to the Windows Server.

Repeat same steps for Instance 2 Window Server -Client Machine)

2?? Install Active Directory Domain Services (AD DS) Instance 1 :

2.1 Open Server Manager :

• After logging into Windows Server, Server Manager should open automatically.

• If it doesn’t, click Start → Search for Server Manager → Open it.

2.2 Add Active Directory Domain Services (AD DS) Role :

• In Server Manager, click Manage → Select Add Roles and Features.

• Click Next on the Before You Begin page.

2.3 Select Installation Type :

• Choose Role-based or feature-based installation → Click Next.

2.4 Select Server :

• Ensure Instance 1 (Local Server Name) : EC2AMAZ-HJ09PCI :
• In Server is selected → Click Next.
• The loading might take a few minutes.

2.5 Select Server Roles:

• Check Active Directory Domain Services → Click Add Features when prompted.
• Click Next.

2.6 Select Features:

• Keep the default selections and click Next.

2.7 AD DS Overview:

• Read the summary about Active Directory Domain Services → Click Next.

2.8 Confirm Installation:

• Click Install.

• The Installation will take a few minutes.

3?? Promote Server to Domain Controller

After Installation, a Notification appears in Server Manager.

3.1 Click on Notification

(Top Right Corner : Flag Icon ??) → Click "Promote this server to a domain controller ".

3.2 Deployment Configuration:

• Select Add a new forest.
• Enter your Root Domain Name → Example: infotrade.com.
• Click Next.

3.3 Domain Controller Options:

• Check Domain Name System (DNS) and Global Catalog (GC).
• Set DSRM Password (for Directory Services Recovery Mode) → Click Next.

3.4 DNS Options:

• Ignore the delegation warning and click Next.

3.5 Additional Options:

• Keep NetBIOS name default (it will auto-generate from your domain name : INFOTRADE ) → Click Next.

3.6 Review Paths:

• Ignore the default Database, Log, and SYSVOL paths → Click Next.

3.7 Review & Install:

• Check the summary, ensure everything is correct, → Click Next

3.8 Prerequisites Check

• Click Next → Click Install.

• The server will Restart Automatically after installation.
• if not you’ve to manually, Connect the Instance 1 using RDP
• Select Instance 1 → Click on Connect → Go to RDP Client → Download remote desktop file → Click on Get Password → Select .pem file → Click on Decrypt Password → Copy the Password →Open Remote desktop file and Paste the Administrator Password you copied → Click On “OK” → Then Click “Yes”, Now Instance 2 will be Launched.

4?? Verify AD DS Installation on Instance 1

Instance 1 ( Windows Server - Active Directory Domain Controller)

4.1 Check Domain Controller Status

• In Server Manager, click on Tools → Select Active Directory Users and Computers (ADUC).

• Expand your domain (infotrade.com).
• Click on Domain Controllers.

• You should see Instance 1 (EC2AMAZ-HJ09PCI) listed as a Domain Controller.
• If it's listed, your domain controller setup is working fine.

5?? Verify DNS Settings

• Open Command Prompt (cmd) as Administrator.

Shortcut : Win+X → Terminal (Admin)

• Type the following Command and Press Enter:

ipconfig /all        

• Under Ethernet Adapter, check: IPv4 Address should be 172.31.7.165 (Instance 1, private IPv4 address).
• Ensure : Primary DNS Server: 172.31.7.165 (Instance 1 private IP).
• Ensure : Alternate DNS Server: 127.0.0.1.?
• If DNS Server is incorrect, we need to manually configure the DNS in the next step.

Step 3 : Configure DNS on Instance 1

Instance 1 (Windows Server - Active Directory Domain Controller)

If DNS is not set correctly, follow these steps:

1?? Set Correct DNS on Domain Controller

• Open Control Panel → Click on Network and Internet→ Click on Network and Sharing Center.

Shortcut: Win + R → Type ncpa.cpl → Enter (opens Network Connections).

• Click on Change Adapter Settings (left panel).

• Right-click on Ethernet → Click Properties.

• Select Internet Protocol Version 4 (TCP/IPv4) → Click Properties.

• Click on “ Use the following DNS server addresses”.
• Set : Preferred DNS Server: 172.31.7.165 (Instance 1 private IP)
• Set : Alternate DNS Server: 127.0.0.1 (Optional)
• Click OK → Close all windows.

2?? Restart DNS Service

1. Open Command Prompt (Admin) and type:

• Shortcut: Win + X → Click Command Prompt (Admin) / Terminal(Admin).

net stop dns
net start dns
ipconfig /flushdns        

3?? Verify DNS Settings

• Open Command Prompt (cmd) /Terminal as Administrator.

Shortcut: Win + X → Click Command Prompt (Admin).

• Type the following command and press Enter:
• IPv4 Address should be 172.31.7.165 (Instance 1 private IP).

ipconfig
ipconfig /all        

• Under Ethernet Adapter, Check :
• IPv4 Address should be 172.31.7.165 (Instance 1 private IP).
• DNS Server should be 172.31.7.165 (Instance 1 private IP, ).
• Restart your server to apply changes.

Step 4: Configure the Client Machine (Instance 2)

Instance 2 (Window Server -Client Machine)

Now, we will prepare the client machine (Instance 2) so it can join the domain.

1?? Set DNS on Client Machine

• Open Control Panel → Click on Network and Sharing Center.

Shortcut: Win + R → Type ncpa.cpl → Enter (opens Network Connections).

• Click Change Adapter Settings (left panel).

• Right-click on Ethernet → Click Properties.

• Select Internet Protocol Version 4 (TCP/IPv4) → Click Properties.

• Change DNS settings to :
• Preferred DNS Server: 172.31.7.165 (Domain Controller private IP)
• Alternate DNS Server: Leave blank.

• Click OK → Close all windows.

2?? Verify DNS Resolution

• Open Command Prompt as Administrator on Instance 2.

Shortcut: Win + X → Click Command Prompt (Admin).

• Run the following command:

nslookup infotrade.com        

• The response should show 172.31.7.165 (Domain Controller private IP).
• If it does NOT show the correct IP, restart Instance 2 and try again.

3?? Test connectivity to the domain controller:

ping 172.31.7.165        

• If you get a Reply from 172.31.7.165, you are good to proceed.
• If Request Timed Out, check Security Groups (see next step).

4??Update Security Groups (Inbound & Outbound Rules)

• Add Inbound Rules (For Both Instances)
• Open Window Defender Firewall → Advanced Settings

Shortcut: Win + X → Click Windows Firewall → Advanced Settings → Inbound Rules.

• Select Inbound Rules → Click on New Rule on the right-side

• Select Port

• Select TCP and All Local Ports
• Or add the following rules for Secured Access :

° All ICMP - IPv4 (For Ping) → Source: 172.31.0.0/16. Port: N/A

° RDP → Source: Your IP. Port: 3389

° DNS (UDP) → Source: 172.31.0.0/16. Port: 53

° LDAP (TCP) → Source: 172.31.0.0/16. Port: 389

° Kerberos (TCP) → Source: 172.31.0.0/16. Port: 88

• Name the Rule : ALL TCP → Click Finish.

• Similarly, add All UDP in Both the Instances
• Add Outbound Rules (For Both Instances)

Shortcut: Win + X → Click Windows Firewall → Advanced Settings → Outbound Rules.

• Select Outbound Rules → Click on New Rule on the right-side
• Select Port
• Select TCP and All Local Ports
• Similarly, add All UDP in Both the Instances

Step 5 : Join Client Machine (Instance 2) to the Domain

1?? Change Domain Settings

• Shortcut: Win + R, Type sysdm.cpl, and press Enter.

• System Properties : Computer Name → Computer Description(Client)
• Click on Change..

• Click Change Settings under Computer Name, Domain Changes.
• Click “Domain” under (member of) → Enter Domain Name : infotrade.com.

2?? Enter Domain Admin Credentials

• New Window Opens : Window Security
• Enter Username : .\Administrator

° For Example : infotrade\Administrator

• Enter Password : (Password set during AD DS installation)

° Use passwords with minimum length of 6 characters.

° Use passwords with a minimum of three of the following mix of character types: uppercase, lowercase, numbers, non-alphanumeric symbols (for example , ! @ # $ % ^ & * < > -).

°?For Example : @User1234, @Admin21

• Click OK.

3??Reboot the Machine

• After the message “Welcome to the infotrade.com domain”, click OK.

• Restart the machine (Ctrl + Alt + Del → Click Restart).

• Click on Apply Changes → New Window Occur → Click Restart Now

• Restart Instance 2 using RDP

Step 6 : Post-Domain Join Actions

1?? Reboot the Client Machine, Instance 2 - (Window Server -Client Machine)

Once the domain join process is complete, You need to reboot the client machine to ensure that all domain-related changes are applied:

• Action: Click the Restart Now button if prompted.
• Alternatively: You can manually restart the computer by selecting Start → Power → Restart.

This ensures that the computer applies all the domain settings such as group policies, domain trust, and login configurations.

2?? Log in to the Domain Account ( Instance 1 )

After the client machine reboots, you can now log in using domain credentials:

• On the login screen, you will see two login options:

° Local Account (default account on the machine

° Domain Account (the account that you just joined to the domain).

• Action: Select Other user to log in with the domain credentials.
• Log in with domain credentials :

° In the Username field, enter your domain username in this format :

infotrade\username        

° If logging in as the domain administrator, Use:

infotrade\Administrator        

° Replace infotrade with your actual domain name.

° Replace username with your actual domain user account name.

° Password: Enter the password for your domain account.

• Click Sign in to proceed.

Once logged in, your domain-specific configurations such as access to shared resources, domain group memberships, and domain-specific policies will be applied to your machine.

3?? Verify Domain Authentication (Optional)

To ensure the machine is correctly authenticated in the domain, follow these steps:

Method 1 : Check Domain Membership via System Properties

• Shortcut: Press Win + R, type sysdm.cpl, and press Enter.
• Under Computer Name, verify that the machine is listed as part of the infotrade.com domain.

Method 2 : Verify Domain User Using Command Prompt

• Open Command Prompt (Win + X → Click Command Prompt).
• Run the following command to check the currently logged-in user :

whoami        

° The output should be similar to: This confirms that you are logged in with a domain account

??Final Confirmation : Test Network & Shared Resources

To check domain authentication and connectivity:

1?? Test Ping to Domain Controller (Instance 1) Open Command Prompt (Win + X → Command Prompt). Run: ping 172.31.7.165 If you receive Reply from 172.31.7.165, the domain connection is successful.

• Open Command Prompt (Win + X → Command Prompt).
• Run :

ping 172.31.7.165        

• If you receive Reply from 172.31.7.165, the domain connection is Successful.

2??Access Active Directory (If Permissions Allow)

• Shortcut: Win + X → Active Directory Users and Computers.
• Check if you can browse users, groups, and computers under infotrade.com.

Conclusion :

By following this guide, you’ve successfully deployed an Active Directory domain controller in AWS, configured security settings, and joined a Windows client machine to the domain. This foundational setup allows you to implement centralized authentication, access control, and network management within a cloud-based infrastructure.

For more cloud computing and AWS content, feel free to connect with us on :

Manasvi Mathur | LinkedIn

Aniruddh Saxena | LinkedIn?

Thank You For Reading!

?? Check Out Our Other Hands-On Tutorials Here :

?? Creating Linux Server And Configuring Web Servers on Virtual Machine – Custom Webpage Deployment & Configuration ??Read Here

?? Setting Up Active Directory on Windows Server and Joining a Client Machine to the Domain (With AWS Windows Server Setup) ??Read Here

?? Launching and Accessing an EC2 Instance — A Hands-On Tutorial ??Read Here

? THE END ?