Starting point
So far, I've gotten my VPC and routing configured in AWS, and created an EC2 instance running Windows 2016 Server. I've run Windows Update to bring the server up to date on patches and renamed the server to STARBASE-HUB. I've installed the DNS and ActiveDirectory Directory Services roles on STARBASE-HUB.
Doing work
Alright, so... the first thing I wanted to do was set up an ActiveDirectory domain to link together my virtual WAN.I own the domain pyhakon.net. ActiveDirectory is based off of a DNS structure - you don't HAVE to give it a valid domain name to work off of, but since I have one, I figured I might as well. Making a Windows server a domain controller requires that it also be a DNS server, so it made sense to make that domain controller the "root" of my sandbox network. I made my sandbox domain "starbase.pyhakon.net" because I'm a nerd. Accordingly, since this server was going to be the "nexus" of my kingdom, I named it STARBASE-HUB.
I already use AWS Route 53 to handle DNS for pyhakon.net, so all I had to do was add an "A" record for starbase.pyhakon.net pointing to the Elastic IP I have assigned to my DC/DNS server, then delegated authority with an "NS" record for the subdomain `starbase.pyhakon.net` to `starbase.pyhakon.net`. Anything under starbase.pyhakon.net, will now get referred to starbase.pyhakon.net itself for resolution. (I'm not really touching on Route 53 because it's not part of this setup.)
Next order of business was to set up the DNS server on STARBASE-HUB. This means opening up the DNS Manager from the Tools menu of Server Manager.
Right now I just want to set up a basic Primary Forward Lookup Zone for starbase.pyhakon.net. Accepted pretty much all the defaults. After that was done, I added an "A" record for starbase.pyhakon.net and for starbase-hub.starbase.pyhakon.net.
 |
| DNS manager showing starbase zone setup, and an nslookup query confirming the host resolves. |
I went into Server Manager, which was complaining that I never configured the server as a DC after installing ActiveDirectory.
Next I got asked what I was trying to do with my domain controller: add it to an existing domain, create a new domain within a forest, or a new forest. Simple answer: domains belong to forests, and if you don't have an existing forest, you have to create one.
Next I got a warning that it couldn't create a delegation upstream for starbase.pyhakon.net, because the upstream DNS server is not Windows, it's Route 53. This is fine - I already did that delegation manually.
It asked me if I was okay with "STARBASE" as the NetBIOS domain name. Sure.
Asked me to set up a few paths. Defaults were fine.
Review options, and... go.
It pointed out a few warnings, mainly that I should disable "Allow cryptography algorithms compatible with Windows NT 4.0" for security, that I didn't have a static IP address assigned to the machine (which is fine - EC2 will make sure I always get the same IP address) and the previously mentioned DNS error.
Happy with itself, the server rebooted. When I reconnected, RDP complained that it no longer recognized the server (which now identified itself as starbase-hub.starbase.pyhakon.net.) I was okay with this, but now had to wait for the Group Policy Client to set itself up... which takes forever the first time.
Cool. I now have my own ActiveDirectory domain.
What's Next
Next I want to make a new domain within the forest, which is going to control all my VMs running on my local machine. This is going to take some design work, which I'm going to do tomorrow since it's 10:15 now.
The KITanium Art of Creation
ReplyDeleteTo see the design titanium welder behind the KITanium project, click here: kite titanium titanium tubing · Download this free download · Materials: snow peak titanium spork glass, micro touch titanium trim where to buy concrete, titanium hair clipper