A windows machine in one VPC needs to join the AD domain in another VPC.
VPC Peering has been established.
But the domain join does not work.
Which of the following steps would you check to ensure that the AD domain join can work as intended?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
Options A and B are incorrect because changing the connection type does not help.
Option C is CORRECT because, in addition to VPC peering and setting the right route tables, the security group of the AD EC2 instance needs to have the right rule to allow incoming traffic.
Option D is incorrect because the AD should not be placed in a public subnet.
For more information on allowing ingress traffic for AD, please visit the following URL:
https://docs.aws.amazon.com/quickstart/latest/active-directory-ds/ingress.htmlWhen a Windows machine in one VPC needs to join an Active Directory (AD) domain in another VPC, a VPC peering connection can be established between the two VPCs. However, if the domain join does not work, the following steps should be checked:
C. Ensure the security group of the AD server has the right rule to allow the incoming traffic: VPC peering connections allow traffic to flow between VPCs as if they were part of the same network. However, security groups can be used to restrict or allow traffic between resources within a VPC. Therefore, it is important to ensure that the security group associated with the AD server in the target VPC allows inbound traffic from the Windows machine in the source VPC on the relevant ports used for domain join (e.g., TCP ports 88, 389, 445).
A. Change the VPC peering connection to a VPN connection: A VPN connection can be used to create an encrypted tunnel between the two VPCs, providing additional security for the traffic flowing between them. However, this may not be necessary if the VPC peering connection is already providing the required level of security.
B. Change the VPC peering connection to a Direct Connect connection: Direct Connect can be used to establish a dedicated network connection between the two VPCs, which can provide higher throughput and lower latency compared to a VPN connection or VPC peering connection. However, this may not be necessary if the VPC peering connection is already providing the required level of performance.
D. Ensure that the AD is placed in a public subnet: This option is incorrect. It is not recommended to place AD domain controllers in public subnets as it would expose them to the public internet and potential security risks.
Therefore, option C is the correct answer to ensure that the AD domain join can work as intended.