diff --git a/muranorepository/Services/activeDirectory-manifest.yaml b/muranorepository/Services/activeDirectory-manifest.yaml
index 08569c0..57e6c13 100644
--- a/muranorepository/Services/activeDirectory-manifest.yaml
+++ b/muranorepository/Services/activeDirectory-manifest.yaml
@@ -21,6 +21,7 @@ heat:
 - NNSecurity.template
 - DefaultSecurity.template
 - WindowsSecurity.template
+- DomainSecurity.template
 scripts:
 - Install-RoleSecondaryDomainController.ps1
 - Install-RolePrimaryDomainController.ps1
diff --git a/muranorepository/Services/heat_templates/DomainSecurity.template b/muranorepository/Services/heat_templates/DomainSecurity.template
new file mode 100644
index 0000000..3db4bfa
--- /dev/null
+++ b/muranorepository/Services/heat_templates/DomainSecurity.template
@@ -0,0 +1,17 @@
+{
+    "Resources": {
+        "$MuranoSecurityGroup-{envName}": {
+            "Type": "AWS::EC2::SecurityGroup",
+            "Properties": {
+                "SecurityGroupIngress": [
+                    {
+                        "ToPort": "53",
+                        "IpProtocol": "tcp",
+                        "FromPort": "53",
+                        "CidrIp": "$cidr"
+                    }
+                ]
+            }
+        }
+    }
+}
diff --git a/muranorepository/Services/workflows/AD.xml b/muranorepository/Services/workflows/AD.xml
index 8df34a0..30c2209 100644
--- a/muranorepository/Services/workflows/AD.xml
+++ b/muranorepository/Services/workflows/AD.xml
@@ -10,6 +10,7 @@
 	<rule match="$.services[?(@.type == 'activeDirectory' and not @.securityTemplates)]">
         <set path="securityTemplates">
             <list>
+                <text>DomainSecurity</text>
                 <text>WindowsSecurity</text>
             </list>
         </set>