AWS Managed Microsoft AD Directory Prerequisites

Key Prerequisite for Creating an AWS Managed Microsoft AD Directory

Q: Which of the following is a key prerequisite for creating an AWS Managed Microsoft AD directory? Choose 2 answers from the options given below.

A VPC with 2 subnetsOpening of several ports including port 53

Prev Question Next Question

Question

Which of the following is a key prerequisite for creating an AWS Managed Microsoft AD directory? Choose 2 answers from the options given below.

Answers

A. A VPC with 2 subnets

B. Usage of a NAT Instance in the VPC

C. Opening of several ports including port 53

D. A NAT gateway in the public subnet.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A and C.

The AWS Documentation mentions the following.

To create an AWS Managed Microsoft AD directory, you need a VPC with the following.

· At least two subnets.

Each of the subnets must be in a different Availability Zone.

· The following ports must be open between the two subnets that you deploy your directory into.

This is necessary to allow the domain controllers that AWS Directory Service creates for you to communicate with each other.

A security group will be created and attached to your directory to enable communication between the domain controllers.

oTCP/UDP 53 - DNS.

oTCP/UDP 88 - Kerberos authentication.

oUDP 123 - NTP.

oTCP 135 - RPC.

oUDP 137-138 - Netlogon.

oTCP 139 - Netlogon.

oTCP/UDP 389 - LDAP.

oTCP/UDP 445 - SMB.

oTCP 636 - LDAPS (LDAP over TLS/SSL)

oTCP 873 - Rsync.

oTCP 3268 - Global Catalog.

oTCP/UDP 1024-65535 - Ephemeral ports for RPC.

· The VPC must have default hardware tenancy.

· You cannot create an AWS Managed Microsoft AD in a VPC using addresses in the 198.19.0.0/16 address space.

· AWS Directory Service does not support using Network Address Translation (NAT) with Active Directory.

Using NAT can result in replication errors.

Options B and D are clearly invalid because it is clearly mentioned that NAT should not be used.

For more information on the pre-requisites, please visit the following URL.

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_getting_started_prereqs.html

To create an AWS Managed Microsoft AD directory, there are certain prerequisites that need to be met, which are as follows:

A. A VPC with 2 subnets: To create an AWS Managed Microsoft AD directory, you need to have a VPC (Virtual Private Cloud) with at least two subnets. These subnets should be in different availability zones to ensure high availability and fault tolerance. One subnet is for the domain controllers, and the other is for the management tools.

D. A NAT gateway in the public subnet: A NAT gateway is required for the domain controllers to have internet access for necessary updates and patches. It is recommended to have a NAT gateway in the public subnet for better security.

Therefore, options A and D are the correct answers to this question.

B. Usage of a NAT Instance in the VPC: While using a NAT instance is a possible way to provide internet access to your domain controllers, it is not a prerequisite for creating an AWS Managed Microsoft AD directory.

C. Opening of several ports including port 53: It is not a prerequisite to open several ports including port 53 for creating an AWS Managed Microsoft AD directory. However, you should make sure that the necessary ports are open in your security groups to allow the traffic required for domain communication.

Prev Question Next Question