How to Automate Amazon WorkSpaces Deployment from an Active Directory Group


Use PowerShell and a guided script to save time and effort when by deploying Amazon WorkSpaces to many users at once

Key Takeaways:

  • Using a PowerShell script and a guided script, you can deploy WorkSpaces to many Active Directory (AD) users at once
  • There are prerequisites to using this method, including granting proper permissions, a directory or AD connector, and installing the AD Module for Windows PowerShell
  • You will have to choose a region to deploy WorkSpaces, so be sure your region is listed
  • After running the script, remember to check the error log and make corrections as needed.

You probably already use Amazon WorkSpaces to create scalable, cost-effective, and efficient managed virtual desktops in the cloud. As more and more organizations move to remote working, deployment of Amazon WorkSpaces on a large scale can help lessen the administrative workload and save time.

By deploying WorkSpaces using a PowerShell script, you can simplify deployment to thousands of Active Directory (AD) users by using custom bundles that provide templated operating systems for deployment or AWS-provided bundles. Let’s go through the requirements and how to execute the script, deploy at scale, and then confirm the successful deployment. 

Meet these requirements before starting

The prerequisites for deployment include:

1. An AD deployment containing a group to deploy Amazon WorkSpaces to an Active Directory on Amazon Elastic Compute Cloud (Amazon EC2) instances.

2. A Directory or AD Connectorregistered in WorkSpaces, and be sure the subnets that contain the directory or AD connector have adequate free IP address for your deployment.  

3. A system connected to the AD Domain being queried for user and group information and to run the script.  This can be done using an Amazon EC2 instance, a WorkSpaces instance, or a domain-joined local machine.

4. A user role with appropriate permissions or an AWS Identity and Access Management (IAM)user. Any user role needs the permissions to query the Directory Services, WorkSpaces Bundles, and the rights to create Amazon WorkSpaces. Configure the PowerShell Session to use your AWS Identity and Access Management (AIM) credentials if you are an AWS AIM user.

5. Be sure the AD module for Windows PowerShellis installed on the system executing the script, as well as the AWS Tools for PowerShell.

Execute the script and deploy WorkSpaces

After you’ve configured the system to meet the prerequisites, download and save the script to that location, naming the file FILENAME.  To execute the script, type: “.\FILENAME.PS1”. This will begin a guided process.

The script will prompt you for the path for the log file where the output was saved when you created WorkSpaces, so type the path or accept the default and then press “enter.” A folder will be created for you if the path doesn’t exist.

The script takes an AD group name as an input and prompts for a group name, then a WorkSpace provision will be made for all enabled users. When you enter a group name, the script sends a query to the group to find out how many users it has, which is when you should confirm the quantity of WorkSpaces the script is creating.

The script will then prompt you for which region to deploy WorkSpaces and give you a list of region options. Once you select a region, the script asks the AWS account for a list of directories where users can be deployed. You’ll type in the DirectoryID for the directory the WorkSpaces will join in that region.

You’ll then see a list of available bundles with the custom bundles you own at the end. When you select this, the script creates a WorkSpace for all users in the AD group.

Then you’ll see pending and available WorkSpaces — no modifications are made to existing WorkSpaces, so existing operations won’t be impacted by running this script multiple times. 

Confirm deployment by examining the log file

The script prompted you for a path or created one when you accepted the default option. You’ll now review that log file. The file format is CSV, so you can easily export it for use in Microsoft Excel or another spreadsheet application to filter and sort results. 

Review the log for any errors that don’t match the console status, such as a duplicated WorkSpace.

The PowerShell and deployment script allows you to deploy WorkSpaces for all of your AD group members quickly and easily, while the insights offered by the log provide quick error resolution. 

For businesses that want to deploy workspaces quickly and efficiently, it pays to partner with an Amazon Managed Services Partner. A partner ensures your company can receive expert support as it tries to bolster its WorkSpaces desktop replacement strategy.

From cloud consulting to managed services and beyond, contact the CloudHesive team today to learn how we can help you build a robust cloud strategy that increases operational efficiencies.

Related Blogs

  • Ensuring HIPAA compliance with Amazon Connect: A Guide for Healthcare SaaS Providers

    Healthcare IT – HIPAA Compliance Best Practices in Amazon Connect Healthcare application providers are responsible for ensuring systems protect patient data to comply with HIPAA regulations. HIPAA...

    Learn More
  • Ensuring Robust Security in Amazon Cloud Environments

    Amazon has the tools and CloudHesive has the expertise to keep your SaaS data safe.   Rock-solid security is crucial in all cloud environments, especially for SaaS platforms, which handle...

    Learn More
  • What You Need to Know about Cloud Security in the Generative AI Era

    Key Takeaways: Find out how generative AI is changing cloud security. Learn best practices for cloud security in the generative AI era.  Discover generative AI tools and techniques for enhancing and...

    Learn More