Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > ServerTemplates > v12.11 LTS > ST > Microsoft Active Directory (v12.11 LTS)

Microsoft Active Directory (v12.11 LTS)

 

 

 


Table of Contents    

Long Term Support

icon-lts-v1.png

Stable, tested ServerTemplate assets

    ►   Overview

 

Description

Configures a Microsoft Active Directory server or additional Directory Controllers leveraging Microsoft best practices.

Features

  • Standalone or multiple AD server configurations
  • Volume-based AD database
  • Scheduled, continuous backups

Technical Overview

Supported Clouds

  • AWS EC2

Supported Images

  • Windows 2008R2 - Active Directory is included in the image (and is not installed using a boot script like other applications) in order to reduce boot times.

Security and Firewall Permissions

The firewall permissions for the Active Directory server is configured by setting Windows Firewall permssions. For clouds that use security groups (e.g. AWS EC2) for networking permissions at the cloud level, you must also set up and use a security group that has the same firewall permissions. 

Security Group

TCP
  • 53 - Domain Name System (DNS)
  • 88 - Kerberos - Authentication System
  • 135 - Microsoft EPMAP (End Point Mapper)
  • 137 - NetBIOS NetBIOS Name Service
  • 139 - NetBIOS NetBIOS Session Service
  • 389 - Lightweight Directory Access Protocol (LDAP)
  • 445 - Microsoft-DS Active Directory, Windows shares
  • 636 - Lightweight Directory Access Protocol over TLS/SSL (LDAPS)
  • 3268 - Microsoft Global Catalog (LDAP service which contains data from Active Directory forests)
  • 3269 - Microsoft Global Catalog over SSL (similar to port 3268, LDAP over SSL)
  • 1024-65535Registered Ports
UDP
  • 53 - Domain Name System (DNS)
  • 88 - Kerberos - Authentication System
  • 135 - Microsoft EPMAP (End Point Mapper)
  • 137 - NetBIOS NetBIOS Name Service
  • 138 - NetBIOS NetBIOS Datagram Service
  • 389 - Lightweight Directory Access Protocol (LDAP)
  • 445 - Microsoft-DS Active Directory, Windows shares

Windows Firewall

The SYS AD open ports boot script sets up the Windows Firewall on the server with the same permissions as described above. If security groups are not supported by the cloud, only Windows Firewall is used for controlling network access.

Managing NTDS and SYSVOL Files

The ServerTemplate uses volume-based storage (e.g. Amazon EBS), to store the following important Active Directory data:

  • The Active Directory database (Ntds.dit) and associated log files are stored in a volume mapped to the D:\ drive.
  • The system volume (SYSVOL) tree files are stored in a volume mapped to the E:\ drive.

 

You must to post a comment.
Last modified
00:34, 17 May 2013

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.