A wealth of downloads and insights
into cloud computing.
Windows EC2 Instances:
Secure Offline Active Directory Join Using Lambda & SSM
In very broad terms, joining Windows computers to Active Directory (AD) requires a privileged domain user to use their username and password. Manually configuring instances in this way is often impractical at scale. On the AWS platform, it is possible to automate the process by using services such as AD Connector; however, such services are not available in all AWS regions, and also pose certain limitations. Scripting the domain join process is desirable but securing the credentials that will be used by the script and managing these credentials (consider password expiration, user rights assignment, etc) add additional complexity to the process, and limit its flexibility. This whitepaper provides a secure mechanism for joining Amazon EC2 Windows instances to Active Directory domains in a scripted and fully automated fashion.