To enable Auto Domain Joining to the EC2 instances in AWS EC2 Auto Scaling group
Objective – Here we come up with the scenario like whenever Amazon EC2 Auto Scaling group dynamically scale your Amazon EC2 instances, then new EC2 instances should automatically join to Active directory domain(Can be Microsoft Windows Active Directory domain).
Solution: - Here we have to create user data. we need to create a new launch config and relaunch the instance from AMI.
Solution Approach :
One way to rejoin your instances to AD when launched from ASG is to put a script in the userdata area. When the instance starts, the cloud init utility kicks off the userdata script and run the commands within.
The script will need to perform the following tasks
- generate a random hostname suffix
- delete existing keytab
- join your machine to AD domain
The first task reduces the chance of having duplicated machine name on AD. The second task does what it says. While it does not sound complicated, I propose you to set up a new ASG(Auto Scaling Group) and test the script extensively.
The short story here is that for join to work properly, we HAVE to set hostname to a unique value. When registration happens in windows land with auto scaling, it registers short hostname which on these just reads common name. AD won’t let you join duplicate short named machines so we have to add userdata to add the instance-id unique identifier as it was the most logical method to get a unique value in that field to automate the joins.
So based upon that we could probably do something like:
1) AMI up nodes
2) update launch config via copy to new launch config and ammend the userdata
3) deploy a new instance with the test data and test the domain join.
For Linux Instances we may need to replace pbis with adcli, because we need an ad client that takes password from standard-input in order to run it in a non-interactive manner.
Note – Please feel free to share your thoughts for any other solution approach (if any)
Hope that’s help you