I want to use AWS Systems Manager to join a new Amazon Elastic Compute Cloud (Amazon EC2) instance to an AWS Directory Service domain.
Short description
Use Systems Manager to automatically join a new instance to the domain at launch. You can use either AWS Directory Service for Microsoft Active Directory or Simple AD to host the domain on Directory Service. You can also use the AD Connector directory gateway to locate the domain over an on-premises network.
Note: If you use VPC endpoints for Systems Manager, then requests to join an EC2 instance to an AWS Directory Service domain fail. For more information, see VPC endpoint restrictions and limitations.
Resolution
To join new Windows EC2 instances to an AWS Directory Service directory at launch, use the Amazon EC2 launch instance wizard.
Prerequisites:
Configure and launch the EC2 instance
To launch the EC2 instance, complete the steps in Seamlessly join an Amazon EC2 Windows instance to your AWS Managed Microsoft AD Active Directory.
Note: The AWS Systems Manager Agent is included in all AWS-provided Amazon Machine Images (AMIs) for Windows Server 2016 and Windows Server 2019. It's also included in Windows Server 2008-2012 R2 AMIs published in November 2016 or later. For more information, see Working with SSM Agent on EC2 instances for Windows Server.
Verify that the instance successfully joined the domain
Complete the following steps:
- Open the AWS Systems Manager console and choose your AWS Region.
- In the navigation pane, choose Managed Instances.
- Select the instance in the list, then choose Associations.
- Locate the association used to join the domain. The association has a Document name in the following format: awsconfig_Domain_<DIRECTORYID>_<DOMAIN_NAME>
- Verify that the Association status is Success.
Troubleshooting
If the instance fails to join the directory domain, use the DirectoryServicePortTest application to verify that the instance can communicate with the Directory Service. For more information on DirectoryServicePortTest, see Test your AD connector. For more information about working with the AWS Systems Manager agent and other troubleshooting steps, see Working with managed nodes.
For more troubleshooting strategies, see How to troubleshoot errors that occur when you join Windows-based computers to a domain on the Microsoft website.
Related information
How do I use AWS Systems Manager to join a running EC2 Windows instance to my AWS Directory Service domain?
How can I manage an AWS Managed Microsoft AD or Simple AD directory from an Amazon EC2 Windows instance?
Configure instance permissions required for Systems Manager
How do I troubleshoot seamless domain join for Windows instances in Systems Manager?