How to spin up a new AWS DC when BLUNTSESSIONS is down

How to spin up a new AWS DC when BLUNTSESSIONS is down

  1. Log into Amazon Web Services (AWS).  https://aws.amazon.com/
  2. Click on EC2 under Compute.
  3. In the EC2 Dashboard, click on Instances > Launch Instance.
  4. Select Microsoft Windows Server 2012 R2 Base.
  5. Choose t.2 medium as the Instance Type and click on Next: Configure Instance Details.
  6. For Network, choose vpc-98f82cfd (172.16.0.0/16) | JonesIT UTM VPC.  For Subnet, choose subnet-ec00cca9b (172.16.33.0/24) | JonesIT Private 1 | us-west-2a.  Click on Next: Add Storage.
  7. Keep Root as 30GB.  Click on Add New Volume and make it 10GB.  Click on Next: Tag Instance.
  8. Name the instance anything you want, i.e. JIT-DC10.  Click on Next: Configure Security Group.
  9. Under Assign a security group, choose Select an existing security group.  Choose JonesIT Internal (Security Group ID: sg-32056457).  Click on Review and Launch.
  10. Click on Launch.
  11. Select Choose an existing key pair and then choose JIT-KeysToKingdom under Select a key pair.  Click on Launch Instances.
  12. Connect to new instance by downloading the RDP shortcut from AWS.  You will need to download the JIT-KeysToKingdom PEM file to decrypt the initial password.  The PEM file is available on Google Drive (https://drive.google.com/open?id=0B9RcbKF2qlVdMUVCOFhzcllfR0U).
  13. Remote into your new instance.
  14. Change the adapter settings to give the new instance a static IP address.  Make sure the Default Gateway is set to 172.16.33.5 (Sophos UTM) and that the Primary DNS Server points to 10.0.33.5 (JIT-DC01).
  15. Change the computer name to something appropriate, i.e. JIT-DC10 and join to the itjones.com domain.
  16. Install LogMeIn and LabTech agent.  The LabTech agent will need Microsoft .NET 2.0 installed first.  Install .NET 2.0 from within Server Manager.
  17. Launch Server Manager and add the Active Directory Domain Services role.
  18. Promote it to a domain controller. (https://www.interworks.com/blog/ijahanshahi/2014/01/06/promoting-windows-2012r2-server-domain-controller)
  19. Make sure to create a DSRM password (c******9!), replicate from an existing DC, and to store the AD DS database, log files, and SYSVOL on D:. (AD DS database folder = D:\Windows\NTDS, Log files folder = D:\Windows\NTDS, SYSVOL folder = D:\Windows\SYSVOL)
  20. Remote into BLUNTSESSIONS.
  21. Change the Primary DNS Server on BLUNTSESSIONS to the IP address of the new domain controller.

Have more questions? Submit a request

Comments

Powered by Zendesk