# Hybrid Directory between AWS and Simulated On-Premises

Welcome to an advanced hybrid directory demo where we'll guide you through setting up a hybrid environment, connecting to simulated on-premises infrastructure, creating a managed Microsoft AD within AWS, establishing a two-way forest trust, and integrating file systems seamlessly.

Before we dive into the details, a special mention to [Adrian Cantrill](https://learn.cantrill.io/) for his amazing AWS courses and labs. The demo is based on his insightful content, and you can find the complete project on [GitHub](https://github.com/acantril/learn-cantrill-io-labs/tree/master/aws-hybrid-activedirectory).

Let's dive into the details of each stage.

## Stage 1: Provisioning the Hybrid Environment

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1699972406613/ccbe657d-d9bf-46bd-b4fe-80e3bd9d19ef.png align="center")

In this foundational stage, we lay the groundwork for a dynamic hybrid environment using CloudFormation. By orchestrating the creation of simulated on-premises and AWS environments, self-managed Active Directory, and essential on-premises compute resources, we set the stage for a holistic hybrid infrastructure.

Click [here](https://console.aws.amazon.com/cloudformation/home?region=us-east-1#/stacks/quickcreate?templateURL=https://learn-cantrill-labs.s3.amazonaws.com/aws-hybrid-activedirectory/01_HYBRIDDIR.yaml&stackName=HYBRIDDIR) to apply the HybridDirectory Stack. You will need to pick a `Domain Admin Password` to use for the on-premises directory and a `KeyPair` to use.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700656606851/ce73f992-fe50-44c9-b192-0a553e8e338f.jpeg align="center")

Once the deployment is completed, we can move to the next Stage.

## Stage 2: Connecting to Simulated On-Premises

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1699972428375/ab7a8385-b268-419b-834a-bb6306ed36b0.png align="center")

1. **Install Remote Desktop Application:**
    
    * Provide users with remote access by installing the Microsoft Remote Desktop application tailored to their respective operating systems.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700659885453/f34d53b5-2569-4491-bc7b-31c3b119323e.jpeg align="center")
        
2. **Locate Jumpbox Details:**
    
    * Identify and locate the Jumpbox details. This Jumpbox serves as the gateway to our on-premises environment, serving as a centralized entry point.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700659755152/42778478-e9a2-468b-b213-396b381eb760.jpeg align="center")
        
3. **Connect to Jumpbox:**
    
    * Use the identified Jumpbox details to establish a connection. This connection will act as a gateway, allowing access to the simulated on-premises environment.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700659978948/3fcedfbf-75c9-4a3e-941d-e90e8a58a0d9.jpeg align="center")
        
4. **Connect to Other Instances:**
    
    * Once connected to the Jumpbox, log the Private IP Address of the following instances:
        
        * Client - 192.168.11.196
            
        * FileServer - 192.168.10.95
            
        * DC1 - 192.168.10.100
            
        * DC2 - 192.168.11.100
            
    * Establishing these connections is crucial as it initiates the integration of on-premises resources, simulating a real-world infrastructure.
        
    * Connect to the 'Client' instance which simulates a client machine within the A4L Onpremises environment.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700660479389/e5dd9425-471e-4ad5-abfe-c7607250555c.jpeg align="center")
        
5. **Access FileServer:**
    
    * Navigate to the FileServer instance after establishing the connections.
        
        ```plaintext
        \\FileServer\A4LFiles
        ```
        
    * Validate the functionality of our simulated on-premises file-sharing system by browsing the FileServer and creating a text document. This step ensures that the file-sharing system is operational and ready for use.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700660801466/bf4e44c7-b7fc-4217-9858-fad32b86372a.jpeg align="center")
        

## Stage 3: Creating Managed Microsoft AD within AWS

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1699972468980/84a90cbe-7de1-4fb0-b07f-2a31a93620d8.png align="center")

1. **Create Directory:**
    
    * The creation of a managed Microsoft AD within AWS opens the gateway to a fully functional, cloud-based Active Directory, serving as a backbone for AWS services.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700676579689/5f079e1b-8c00-4f36-94b3-5112e922b42c.jpeg align="center")
        
2. **Create Jump Box in AWS:**
    
    * Launching a domain-joined JumpBox in AWS facilitates seamless management and interaction with the AWS-based Active Directory.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700676639523/6119c802-feed-458b-aac0-c3ff3eacf614.jpeg align="center")
        
3. **Connect to Jump Box:**
    
    * Connecting to the JumpBox allows administrators to wield control over AWS resources from within the AWS environment.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700700779387/aa8441ab-2ba9-406f-8b9b-54321db2c549.jpeg align="center")
        
4. **Install Admin Tools:**
    
    * Installing RSAT ensures the availability of domain management tools, simplifying administrative tasks within the AWS-based Active Directory.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700700745222/302e2696-f7e7-4c71-b8a0-534d420cf48b.jpeg align="center")
        
5. **Verify Domain Works:**
    
    * Confirming domain functionality assures the successful integration and operation of the AWS-based Active Directory.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700701200338/732e22a7-e5da-4c6e-862f-482b0d49f41b.jpeg align="center")
        

## Stage 4: Establishing Two-Way Forest Trust

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1699972477576/810bbaac-adcc-422e-a518-75cb70413430.png align="center")

1. **ONPREM: Ensure That Kerberos Pre-authentication Is Enabled:**
    
    * Ensuring Kerberos pre-authentication is disabled on the CLIENT server streamlines the authentication process within the hybrid environment.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700701764460/f92aaca7-f864-4f74-8d18-c6000d11bd0b.jpeg align="center")
        
2. **ONPREM: Configure DNS Conditional Forwarders for ONPREM:**
    
    * The configuration of DNS conditional forwarders optimizes DNS resolution, enhancing the efficiency of communication between AWS and on-premises environments.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700702030347/94f34c01-8599-4941-a647-98ad2c49e0a4.jpeg align="center")
        
3. **AWS: MicrosoftAD Security Group:**
    
    * Updating security groups in AWS ensures secure communication, fostering a robust and protected hybrid infrastructure.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700702136444/f8487de0-f4bb-40c8-ac6a-32aa41a6cb19.jpeg align="center")
        
4. **AWS: Ensure That Kerberos Pre-authentication Is Enabled:**
    
    * Ensuring Kerberos pre-authentication is enabled on the Admin account within the AWS environment.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700702841155/64f2f17b-37aa-478a-89bb-105b9493c3d3.jpeg align="center")
        
5. **Configure the Trust in Your On-Premises Active Directory:**
    
    * Return to or reconnect to the On-Prem JumpBox.
        
    * Connect to the CLIENT instance and follow the provided instructions to configure the forest trust for two-way authentication.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700703218700/fb948e0b-71e5-40db-85d6-08fd1f1209ce.jpeg align="center")
        
6. **Configure the Trust in Your AWS Managed Microsoft AD Directory**
    
    * Access the AWS console and navigate to the managed Microsoft AD directory.
        
    * Add a trust relationship with [ad.animals4life.org](http://ad.animals4life.org) following the provided instructions.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700703592814/016d0459-4372-4767-a7ed-63afc3e6453a.jpeg align="center")
        
7. **Test the Trust:**
    
    * Verifying the trust establishes a seamless connection, allowing administrators to operate within the AWS environment using on-premises credentials.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700703802001/eb5f3f87-f27a-4742-a698-f699f957ed94.jpeg align="center")
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700704029156/8ee51e60-5495-4d33-a7e3-37111b72a8b5.jpeg align="center")
        
    * Successful verification confirms the seamless trust connection, enabling administrators to confidently operate within the AWS environment using their on-premises credentials.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700704093931/7d143eee-6ca6-4997-b296-443c5aa35bf0.jpeg align="center")
        

## Stage 5: Creating FSx File System

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1699972482922/5a45dcd3-d9a0-4fc1-9a63-0117dd1174f6.png align="center")

1. **Create FSx File System:**
    
    * AWS FSx facilitates the creation of a scalable and high-performance file system, enabling centralized data management.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700706073429/7cc33955-9c13-4dcf-a2ef-d684dfaed44d.jpeg align="center")
        
2. **Verify Access:**
    
    * Confirming access to the FSx file system ensures that file sharing is operational between on-premises and AWS environments.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700706235514/6a7d05e4-0d1a-4504-b1b2-ba6bb35123de.jpeg align="center")
        
3. **Configure DFS Namespace and Folder:**
    
    * Configuring a DFS Namespace unifies file access, directing users to the closest file server, be it on-premises or in AWS.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700706505074/45402328-77f8-40fa-8b15-6ef42d362ff6.jpeg align="center")
        

## Stage 6: Creating Workspaces

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1699972490487/2887db8a-e203-4429-bb24-f9b4597f5c52.png align="center")

1. **Create Workspaces:**
    
    * Leveraging AWS Workspaces introduces the concept of virtual desktops, providing a flexible and scalable desktop computing solution.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700708565034/e06b5c19-c1ce-4eab-95de-beb8ac3ca8a8.jpeg align="center")
        
2. **Workspaces Client:**
    
    * Installing the Workspaces client and connecting to the workspace showcases the feasibility of accessing resources in the hybrid environment from a virtual desktop.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700708641098/6ea6ae2f-3fea-4a88-b091-729dd849185d.jpeg align="center")
        
3. **Adjust Security Group Rules:**
    
    * Updating security group rules ensures that the virtual desktop can seamlessly access resources across security boundaries, creating a cohesive user experience.
        
        ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1700709634312/1f98404a-aab0-436c-8ba6-c1fccd43c39c.jpeg align="center")
        
4. Now we can start migrating our data from On-Premises to AWS.
    

As we embark on the data migration phase from On-Premises to AWS, it's worth noting that this project not only serves as a comprehensive guide for the initial setup but also demonstrates the seamless integration of on-premises and AWS. I encourage you to meticulously explore and adapt these steps to align with your specific requirements, ensuring a streamlined and efficient migration process.