Active Directory prerequisites

To ensure proper integration with Active Directory, configure a dedicated service account with the required permissions.

1. Create the Service Account

  1. Open Active Directory Users and Computers.
  2. Navigate to the desired Organizational Unit (OU).
  3. Right-click and select New > User.
  4. Provide a username (e.g., OhlalaOpsService).
  5. Set a secure password and check Password never expires (if applicable).
  6. Complete the wizard to create the account.

2. Assign Required Permissions

  1. Open Active Directory Users and Computers.
  2. Right-click the OU where your EC2 instances reside and select Delegate Control.
  3. In the wizard, click Next, then Add the newly created service account.
  4. Select Create a custom task to delegate and click Next.
  5. Choose Only the following objects in the folder and select:
    • Computer objects
    • Check Create selected objects in this folder
    • Check Delete selected objects in this folder
  6. Click Next and assign the following permissions:
    • Reset password
    • Write
    • Validated write to DNS host name
    • Validated write to service principal name
  7. Click Finish to apply the changes.

3. Verify the Configuration

  • Ensure the service account can create and manage computer objects in the designated OU.
  • Test authentication with the configured credentials.

Ohlala Operations - Automate Windows Server Management on AWS!