Creating my Lab domain using PowerShell

This is a script I use to Create a simple domain for lab purposes

net user administrator P@ssw0rd

Rename-Computer DC1

Install-WindowsFeature AD-Domain-Services -IncludeManagementTools

import-Module ADDSDeployment

$param = @{'CreateDnsDelegation'=$false;










Install-ADDSForest @param -SafeModeAdministratorPassword (convertTo-SecureString -AsPlainText "P@ssw0rd" -Force )

Posted in AWS

Using PowerShell to start EC2 windows Instance with a data file

This script assumes that you downloaded and installed the AWS PowerShell tools and you have access keys.

Start by creating a data file. I am using a PowerShell block that I am calling c:\temp\dataFile.txt which contains the following text.

net user administrator P@ssw0rd

Set-AWSCredentials -AccessKey AXXXXXXXXXXXXXXXXXX -SecretKey OXXXXXXXXXXXXXXXXfffffffffffffff
New-EC2Instance -ImageId ami-b6af04a0 -MinCount 1 -MaxCount 1 -InstanceType t2.nano -SecurityGroupid 'sg-fffffffff' -Region us-east-1 -SubnetId subnet-9999999 -AssociatePublicIp $true -KeyName mypem -UserDataFile C:\temp\dataFile.txt -EncodeUserData


Creating a Site to Site VPN between your site and AWS

Out of the box you get 1 VPC with two networks.


You can create your own VPC with your own networks or you can use the ones provided.

In this example I am going to use the ones provided and I am going to go as far as I can to set up a vpn to my cisco router without actually committing to paying for the service.

First we need to create a customer gateway

From the VPC Dashboard navigate down to Customer Gateways. Then click Create Customer Gateway.



Add a name for the tag choose Static add the public IP address of your router. (If you do not know what the IP address is use google or

Then click yes create



Virtual Private Gateway defines the routers at the amazon side.  

Click create Virtual Private Gateway.


Name the gateway and click yes create.


Attach to VPC



It takes a little while for this to happen.

Now Click on create VPN connection.


Create a name for the VPN add the static IP address and click Yes create.

This is also where you can view the costs of setting this up.



The VPN costs 5 cents US per connection hour this is at the end of November 2014.


This is the AWS side of the VPN setup the next step is to configure your side.

To do this  Click on Download configuration


Select the configuration closest to your router or firewall.

Click yes download and open the configuration with wordpad.


This is designed to be copied and pasted into the running configuration of your router.

if your router is not on the standard list of routers there is a generic option which gives you a list of configuration settings that you will configure on that router or firewall.

After this it is almost finished there is just one step to go. You need to go back to the routing table


Click edit. Then create a route to your private network.


After this you should be able to ping the server in your VCP subnet from computers in your private subnet and vica versa remembering that there may be firewalls and security groups that may need to be altered to make this happen.




Posted in AWS

Creating a functional domain using VPC in AWS

In this example I am going to create a functional domain called PDT.local it will have a Domain controller a Terminal server and a Member server which I will put on it’s own subnet. I will be allowing access only through the Terminal server from the internet and I will be using this server to connect to the other servers. In a production network I might do this differently but this is just an example.

My servers will be set up as following:




Step 1 Log on to the AWS console and select VPC


Click on the Start VPC Wizard


At the select VPC configuration wizard choose the option that suits you best I am choosing VPC with a Single Public Subnet.

Click Select.

Screen Shot 2014-11-13 at 11.55.59 am

Enter a master CIDR block in this case and for the public subnet


Screen Shot 2014-11-13 at 12.10.08 pm

Click Create VPC

Screen Shot 2014-11-13 at 12.10.16 pm

The wizard then takes a couple of minutes to create the networking components.

When it is finished click on Subnets

Screen Shot 2014-11-13 at 12.16.44 pm

Then Create Subnet

Give the subnet a name tag select the correct VPC and the Availability Zone that you selected earlier and enter a CIDR block. In this case This is the subnet where I will be putting the member server.

Screen Shot 2014-11-13 at 12.19.27 pm

The next step is to create Security groups there will need to be at least one for each subnet.

Screen Shot 2014-11-13 at 12.32.27 pm

Screen Shot 2014-11-13 at 12.35.38 pm

Now we need to create rules for the Security Groups.

Click on the Security group and go to the Inbound rules tab then click edit.

I am only going to configure inbound rules but if you need more granular control you can configure outbound rules too.

Screen Shot 2014-11-13 at 12.42.07 pm

Click on Edit.

Screen Shot 2014-11-13 at 12.45.58 pm

There is a nice feature here now where you get to choose the source security group from a pop up menu. I am going to give all access to the Member servers security group and port 3389 access from the internet. Normally you would lock this down to a specific IP address or range.

Screen Shot 2014-11-13 at 12.52.54 pm

For member servers I am locking it down to only traffic from the Domain Controllers Security group I am allowing all traffic but this could be made more specific.

Screen Shot 2014-11-13 at 12.56.06 pm

Now it is time to spin up the 3 instances two in the subnet and one in the .2.0 subnet.

Go back into EC2 launch an instance The first one I am going to build is the Terminal Server as that is the one I am connect to the internet.

So just build an instance as normal only on the Configure Instance Details screen choose as follows.

select the Network and the subnet and for the internet facing server select enabled under the Auto-assign Public IP choice.

Screen Shot 2014-11-13 at 1.19.50 pm

Then just make sure it is in the correct security group.

Then build the other 2 instances taking care to put them in the correct security groups.

While the 3 instances are building I am going to create network interfaces so that I can assign my servers static IP addresses. Actually I am only going to do this for the Domain controller but in a production environment I would do this for all the servers.

So under the EC2 console navigate to Network interfaces

Screen Shot 2014-11-13 at 1.42.29 pm

Click Create Network Interface and enter a description, select the correct subnet, enter a private IP address and select the correct security groups for this interface.

Click yes create.

Screen Shot 2014-11-13 at 1.49.39 pm

Select the network interface and click attach.

And attach it to the Correct instance.

This server now has two network interfaces you can disable the network interface that has the dynamically assigned IP address from inside the server.

Now it is time to log on.

Screen Shot 2014-11-13 at 1.59.11 pm

go to the instance and click connect.

Having logged on the Terminal server I confirm that I can ping the other two servers and then I create RDP connections to them.

For the Domain controller I renamed it and disabled the adapter with the dynamic IP address.

I did the same for the member server and then for the Terminal Server.

Now for the Domain Controller I am going to add the Domain Services role and promote it to a Domain Controller.

Set a local admin password for the other two servers one that is easier to remember than the AWS assigned one or document the AWS assigned one.

The one last step that needs to be done before you can add the servers to the domain is to do an ipconfig /all find out the DNS server address go into the network adapter properties and change the primary DNS server to that of the Domain Controller and the secondary to the DNS server you discovered with ipconfig.

Screen Shot 2014-11-13 at 2.56.47 pm

then ping the fully qualified domain name of the DC and you should be able to join the domain.

One interesting point of note is that the Terminal server was not able to ping the DC by it’s  name until I added a statically assigned network adaptor. After that all three servers are on the domain and could be configured further.

Screen Shot 2014-11-13 at 3.26.42 pm





Posted in AWS

Assigning a static IP address to a windows instance in AWS VPC

This is the procedure that I use to give Windows servers in AWS VPC a static IP address.

The first step create a security group that allows RDP and ping from my address

Go into the VPC dashboard navigate to Security Groups and click on Create Security Group.


Fill in the Create Security Group screen with a name tag and group name as well as a description. Then make sure the VPC option is for the correct subnet. Then click Yes, Create.2

Edit the security group by clicking edit.


Create rules allowing RDP and Ping to come from your source address.

to limit it to one IP address use The slash 32 limits incoming traffic to that exact address.


Create a Network interface and assign it a static IP address.

From the EC2 Console go to Network interfaces and Click Create Network interface


Add a description, make sure it is in the correct subnet, assign an IP address (the first few are reserved so I like to start at 10), Click on the security group created earlier and click Yes, Create.


Create a Windows instance in the correct  VPC subnet and assign it to the Security group created previously.While the instance is building  attach the network interface.

Go into VPC Dashboard > Elastic IP’s and allocate a new address


Then click yes to allocate the address


Right click on the new public address and click associate


Choose Network interface to associate with and choose the network interface that corresponds to the static interface created earlier. And click yes associate.


Log on to the windows instance and disable the Ethernet adapter that has the dynamic ip address.


After this the server will only have one statically assigned IP address

Posted in AWS

Assigning a static IP Address to a Linux VPC Instance

When you create an instance with AWS by default it is assigned a DHCP address. This is not always a good thing and for more control over your environment it is a good idea for instances to get the IP address that you want. In this procedure I am going to spin up an instance of Ubuntu and assign it a static IP address.

I have already configured VPC with two subnets that are routed to the internet.

Step 1 is to create a security group in the VPC environment.



I edited the rules to allow SSH and all ICMP from my computer.

Step 2 is to go into EC2 and create an Instance I use Ubuntu in this example.




Make sure it is in the correct subnet in this case subnet a.

This is really hard to reverse so it is a good idea to get this right in the first place.




Click to select existing security group

Choose the security group that was created in Step 1


Choose the one just created and click review and launch instance.


And click Launch


Select an existing key pair and click to Launch Instance


When you create an instance it gets a randomly assigned IP address. If you want more control a manual static address is a better idea.

To do this you need to create another network card which has a static IP and assign that with the instance.


Navigate to Network Interfaces and click Create Network Interface


Add a description

Assign it to the correct Subnet

And type in a static IP address (1 is actually reserved so I used


Next right click on the interface and click Attach



Select the instance that you want to attach the interface to.

Now the instance has the static network adapter attached.

However the linux instance does not know this yet.

Next you need to associate an elastic IP address this one needs to be associated with the network adapter that was created with the DHCP assigned IP address.


Navigate to VPC Dashboard > Elastic IPs and Allocate New Address


Click Yes Allocate


Select the public IP address and choose Associate Address

Under Associate With  select Network interface



Under Network interface select the interface that has the Dynamic Address not the one with the static address created earlier.

The reason for this is that the script that created the instance can set up the configuration files to point to that interface.


Step 3 SSH into the Server


Doing ifconfig shows the first interface but proves that ubuntu does not even know about the other interface.




As you can see there is only one network interface configured eth0

This is how it is configured


A configuration file needs to be created for eth1 a quick way to do the is using cp to copy eth0 to eth1 and then modify eth1 with vi.


sudo  vi /etc/network/interfaces.d/eth1.cfg


Modify this to eth1 and change the comment to secondary interface.

It is fine that it says dhcp because this is a DHCP reserved address.


Now it is time to bring up the interface with:

sudo ifup eth1


The interface is up and it has the correct IP address.

Now the routing table needs to be modified.


As you can see the default route points to eth0 this need to be changed. So use the following command:

sudo ip route add default via dev eth1 tab 2


sudo ip rule add from tab 2 priority 200


Now go to elastic IPs  and associate the public address with the static interface


Associate it with the Network Interface connected to the Static IP address.

Now the server has a static IP address.

Posted in AWS

Configuring VPC without using the wizard

This procedure is how to configure Amazon’s Virtual Private Connect. I will be creating two subnets for subnet and then creating an internet gateway and setting up routing between subnets and the internet.


Open the AWS console and open the VPC Dashboard


View Your VPCs and Click Create VPC

Create a Name tag [Sydney Core Subnet (]

And Enter a CIDR block


And click Yes, Create.

Now it is time to create subnets


Click on Create Subnet


Type in a name for the subnet

Add it one of the availability Zones

And enter a subnet that falls within the addressing of core VPC subnet


Using the same process create Subnet b


This time I am using the -2b availability zone.


Now it is time to create an internet gateway.


Navigate to Internet Gateways and click Create Internet Gateway


Name the internet gateway and click Create


Click Attach to VPC


Click Yes Attach


As it stands the subnets can talk to each other from a routing point of view.

However neither can get to the internet.

So we need to create routes.


Click on Route Tables then Click on the Routes tab.


Click on Edit


Create a default route and point it at the Internet Gateway which was just created


Click on save


This creates a default gateway for each of the subnets.

Posted in AWS

Starting an AWS Instance

Open the AWS management console

Click services EC2


click EC2


From the EC2 Dashboard click Launch Instance


Choose whatever Linux instance type you want. I usually use Amazon Linux or Ubuntu for this demo I use Amazon Linux it works well enough for this purpose.


Select an instance type I usually choose the M3 medium but if you are new to AWS you can run a t2 micro  for a year for free so if this applies to you. You may as well use it.


click next to configure instance details


Be sure to select enable under Auto-assign Public IP and click next to Add Storage


click Next Tag Instance


Optionally you can create a tag. This is good if you have multiple instances and you want to keep track of what is what.


For the configure Security Group page it is a good idea to change source to My IP if you have a static IP address. It is also a good idea to name the security group something meaningful. If you are doing this for the first time choose Create a new security group otherwise you may want to use and existing one.

Click review and launch


You will most likely see this pop up the first time you do this click next and use the default. Magnetic drives are slower.


Select your existing key pair if have not created one already there is an option to create a new key pair. Acknowledge that you have access to the key pair and click launch instance


Click view instances


Wait until Status Checks changes to 2/2 checks before trying to connect. You may need to press refresh to see that it changes and this does take a few minutes


when you see the green tick 2/2 checks you can connect to the instance.



Posted in AWS

AWS key pair

Creating a key pair and importing it on to your computer

open a AWS management console and under services select EC2 then select Key Pairs




Click on the Create Key Pair button.


Type in a name for the key pair and click Create

3 4

Find a place on your computer to save the file and click save

Posted in AWS