Hello,
I am trying to setup an environment to replicate my on-prem environment.
VPC 1 has 2 ec2 instances, one with Microsoft AD installed. The other instance is added to this domain. I am able to login with domain credentials. domain is 'manual.test.local'
VPC 2 has an AWS managed MS AD, one EC2 instance, joined to this domain. domain is 'awsmanaged.work.local'
Both VPC's are peered & all ports on DCs are able to be connected to (only tested TCP ones).
I want to setup a one way trust from the AWS managed instance.
Setup a conditional forwarder from each domain to the other.
From VPC 1 I am able to resolve names in the AWS Managed domain.
From VPC 2 I am NOT able to resolve names in the EC2 manually installed domain.
I dont believe that it is a security group issue.
If I perform an nslookup from the ec2 instance in VPC 2 to the other domain (to manual.test.local) just using the aws managed DNS servers this fails. If I put the DNS server to be queried as the dc running manual.test.local this resolves as expected.
I have not put anything in route 53.
Do I need to create a Route 53 resolver record? If so is this because it is the AWS Managed domain?
Thanks,
Matt