From Scripts to Scalable Systems
How to Migrate On-Premises Active Directory to AWS Using AWS Managed Microsoft AD

How to Migrate On-Premises Active Directory to AWS Using AWS Managed Microsoft AD

Avinash Reddy's photo
Avinash Reddy
·

3 min read

By following these steps, one can successfully migrate an on-premises Active Directory to AWS using AWS Managed AD.

Active Directory (AD) is a directory service by Microsoft that organizes information about resources in a network. In this blog, we'll explore how to migrate a client's user list from an on-premises Active Directory to the cloud using AWS Managed Microsoft AD, allowing AWS to handle all the management tasks.

Before diving into it, the problem statement is a client with a large number of users in their organization deciding to migrate to the cloud but is concerned about a seamless user migration process.

To migrate an on-premises Active Directory to AWS, you will need several AWS services: EC2, IAM Identity Center and Directory Service.

Launch an EC2 Windows Instance:

An windows instance launched with EC2 acts as an on-premises simulator. So, launch a t2.medium instance type.

Create a Directory:

Create a directory, standard edition, along with a password.

Change DNS Settings:

Change the DNS of the instance from network settings, based on the DNS of remote directory. This sync ensures if there are any changes made like user creation.

Login to the windows instance and change the default DNS settings.

Install the necessary tools for AWS integration.

Enter Domain DNS and Credentials:

Enter the domain DNS from the Directory Service and provide the necessary credentials to approve the connection.

Restart the Instance:

Restart the instance. This process may take a while.

Configure IAM Identity Center:

Go back to IAM Identity Center

Navigate to settings from IAM > change the identity source.

Follow the prompts and accept the terms.

If you notice the above screenshot, this step disconnects the identity center from the default identity source and connects it to the AWS Directory Service, which is linked to the EC2 instance.

Sync Users:

Now, whenever new users are created in the on-premises simulator (the Windows instance), they are routed to the IAM Identity Center.

Make sure to resume the sync, so it keeps an eye on the resource creation.

Generate and Share the Link:

The link generated can be provided to the client for access.

Add Users in On-Premises AD:

Add users in the on-premises AD to check functionality.

Connect using the new credentials.

Notice the directory name (corp.avi.com) appearing in AD.

Create and Sync Groups:

Add users then add them to a custom group, such as Admins-group.

Everything created here is synced in the backend. Now, let’s import this group into AWS through IAM identity center.

Assign Permission Sets:

After the users or groups are imported, it’s time to add a permission set, which contains policies that determine a user’s permissions to access the AWS account, where I gave access to few services.

Access AWS Accounts:

Now that the users are successfully imported and given permissions, they can access their AWS accounts by clicking the link from the IAM identity center’s dashboard - portal URL.

Enable MFA:

This is how the MFA console looks like for the new user.

AWS Services Covered:

  • Directory Service: Used to create and manage the directory in AWS.

  • IAM Identity Center: Facilitates single sign-on (SSO) and user management.

  • EC2: Provides the virtual server to simulate the on-premises environment.

By following these steps, one can successfully migrate an on-premises Active Directory to AWS using Managed AD.

Thanks for the read, let me know how you like it :)

#AWS #ActiveDirectory #CloudMigration

AWS #ActiveDirectory cloudmigrationCloud Migration