在 AWS Managed AD 和运行 Windows Server Core 版本的本地 Active Directory 之间创建信任关系
AWS customers’ IT administrators who are managing AWS Managed Microsoft AD may sometimes need to establish a trust relationship with an on-premises Active Directory running Windows Server Core edition. Since Windows Server Core does not have a graphical user interface (GUI), it can only be managed via the command line using PowerShell or remote management tools, meaning there is no desktop interface available. To create a trust relationship on a Windows Server Core edition, there are two options:
Option 1: Launch a manage Windows server with graphical user interface (GUI)
Join the manage instance to the onprem AD and install RSAT tools
Ensure that manage instance can reach the AWS Managed Microsoft AD domain controllers by opening the required ports [1]
Option 2: Run the following scrip on your self-managed AD to create the trust:
Update = "remoteforest" with your remote domain name
Specify the trust type on the value $remoteForest,": Examples:
==========================================
==========================================
After creating the trust on the self-managed AD, set the trust password (/passwordT:password) by executing the following command on a DC core edition using self-managed credentials (/userO:administrator /passwordO:*): [2]
==========================================
==========================================
Example:
Next, attempt to establich the trust on the AWS Managed AD console [3] using the trust password (/passwordT:password) generated earlier.
Reference Links:
[1] Step 1: Prepare your self-managed AD Domain - https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_tutorial_setup_trust_prepare_onprem.html
[2] Active Directory Forest Recovery - Reset a trust password on one side of the trust - https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-reset-trust
[3] Step 3: Create the trust relationship - Configure the trust in your self-managed Active Directory - https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_tutorial_setup_trust_create.html#tutorial_setup_trust_onprem_trust
最后更新于