On Bootstrapping Active Directory for EC2's Windows Images

Mike — Wed, 29 Apr 2009 09:09:00 -0400

Amazon's EC2 service now includes a number of Windows Server 2003 images, starting at $0.125 per hour. These Microsoft sanctioned images are a great alternative to the QEMU shenanigans from the past.

One of the advantages of Amazon's EC2 service is the ability to provision virtual machines via scripts, and without human interaction. Here's a description of my approach to bringing an instance of Active Directory online via script.

Prerequisites:

Amazon EC2 account
command line RDP client (e.g. rdesktop)
dcpromo answer file (I found Daniel Petri's article helpful)

Your RDP client will need to support two features: file sharing, and remote script execution. I've found the Mac RDP clients tough to use via script, but Ubuntu's rdesktop works just fine in a VirtualBox VM.

Starting the Windows Server VM

Choose the Basic Microsoft Windows Server 2003 image or the Basic Microsoft Windows Server 2003 with Authentication Services image; a small standard instance type should be sufficient.

(The Firefox elasticfox EC2 plugin makes it easy to manage windows instances.)

Once your instance is online, you'll need the public DNS name and administrator password for the instance.

Installing Active Directory

Normally, AD is installed and configured by running dcpromo and working through the relevant dialog boxes. Unattended installs are supported via the /answer argument:

   C:> dcpromo /answer:%path_to_answer_file%

Running this command on an EC2 instance poses two challenges: how to run a windows command remotely from a script, and how to copy our dcpromo answer file from our local host to EC2. Fortunately RDP solves both problems. Using rdesktop one can define a script to run on session startup, and a local folder to share with the remote host.

Install Active Directory remotely using rdesktop as follows:

   mpierson:$ rdesktop -r disk:share=/home/mpierson/winshare/ \
     -u Administrator -p <admin_password> \
     -s "dcpromo /answer:\\\\tsclient\\share\\dcpromo.install" \
     <windows_hostname>

where /home/mpierson/winshare/dcpromo.install is the local path of the dcpromo answer file for your AD configuration. (The RDP file share defined by the -r argument will appear in the Windows host network share list with a host name of tsclient.)

FWIW, here is an example answer file for dcpromo.

Access Your AD Domain

Use rdesktop to access your new AD domain as follows:

   mpierson:$ rdesktop 
     -u Administrator -p <admin_password> \
     -d <win_domain_name> \
     <windows_hostname>

where win_domain_name is the DomainNetBiosName defined in your dcpromo answer file.

links for 2007-02-28

Mike — Tue, 27 Feb 2007 19:20:03 -0500

Installing Win2k3

(tags: windows activedirectory howto)

Tech-Blog: Tag windows

On Bootstrapping Active Directory for EC2's Windows Images

Starting the Windows Server VM

Installing Active Directory

Access Your AD Domain

links for 2007-02-28