Active Directory, U of I Resources in AWS

How to use UOFI Active Directory resources from within the AWS cloud without having to connect to on-campus resources.

When using an Enterprise VPC, UOFI Active Directory services are available in three ways (Please note, in order to access UOFI Active Directory, an Enterprise VPC must be peered with a Core Services VPC - See Amazon Web Services, VPC Guide for Illinois):

  • Kerberos
  • LDAP
  • Windows domain-join

Kerberos

Load-balanced Kerberos authentication is available at the following address (port 88):

  • krb-ad-aws.kerberos.illinois.edu

LDAP

Load-balanced LDAP (on port 389) and LDAPS (on port 636) are available at the following address:
  • ldap-ad-aws.ldap.illinois.edu
LDAP traffic must be encrypted in one of three ways:
  • On port 389, at the authentication layer, any supported SASL mechanism (preferably GSSAPI/Kerberos) with integrity validation (packet signing)
  • On port 389, at the data transport layer, TLS encryption (using STARTTLS/STOPTLS commands)
  • On port 636, at the data transport layer, SSL encryption

Windows Domain-Join

Standard domain-join is also available for Windows OS computers in peered Enterprise VPCs, using the usual UOFI Active Directory DNS name:

  • ad.uillinois.edu




Keywords:aws, activedirectory, active, directory, uofi, cloud, kerberos, ldap, domain, AD   Doc ID:79613
Owner:Active D.Group:University of Illinois Technology Services
Created:2018-01-24 10:46 CDTUpdated:2022-01-27 16:45 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0