LogoLogo
  • Welcome to WorkSpaces Manager
  • Overview
    • Change Log
      • Stable
      • Beta
    • Portal Requirements
      • Software Requirements
      • Hardware Requirements
    • Installation Prerequisites
      • Active Directory Service Account
      • Amazon WorkSpaces Cost Optimizer
      • CloudWatch Log Group & Eventbridge Rule
      • Port Requirements
      • AWS Service Endpoints
    • Installation Procedure
      • Subscribe to WorkSpaces Manager License Key
      • Request a License Key
      • Subscribe to WorkSpaces Manager Appliance
      • Deploy WorkSpaces Manager Appliance via CloudFormation
      • Configure WorkSpaces Manager
    • Upgrade Procedures
      • From Version 5
      • WSM Update Tool
      • Latest Version Updates
    • Alternate deployment options
      • Install manually on EC2
      • Deployment from Shared AMI
        • Security Group
        • IAM Requirements: Custom Policies
        • IAM Requirements: Role and EC2 instance profile
        • Shared AMI (Amazon Machine Image)
      • Create AMI via Packer
      • Deploy an RDS Database via Terraform
    • WorkSpaces Performance Monitor Agent
    • High Availability (HA)
    • Appendices
      • Administrator Active Directory Permissions
      • SES Configuration
      • HTTPS/TLS Encryption
      • Friendly Portal URL Address
      • GPO and values for WorkSpaces Performance Monitor Agent
      • GPO and value for Disconnection after idle time
      • IAM Policies in JSON format
      • AWS CLI v2
      • LDAP (Active Directory) Troubleshooting for WSM
      • RDS Database Options
Powered by GitBook
On this page
  1. Overview
  2. Installation Prerequisites

Active Directory Service Account

PreviousInstallation PrerequisitesNextAmazon WorkSpaces Cost Optimizer

Last updated 4 months ago

Amazon WorkSpaces requires Active Directory LDAP for deploying virtual desktops (vDesktops). An Active Directory Service Account is necessary for connecting with Active Directory. WorkSpaces Manager shares this dependency to interact with Active Directory. Depending on the permissions granted to WorkSpaces Manager within Active Directory, this Service Account may need different permissions on the assigned Organizational Unit (OU).

For details on , please refer to the appendix.

The Active Directory (AD) Service Account is also utilized to perform various actions, such as creating user accounts, adding or removing users from existing Active Directory groups, and deleting unused computer objects.

WorkSpaces Manager has the capability to remove orphaned computer objects from Active Directory. However, for this functionality to work and effectively clean up the LDAP directory objects, the Service Account must possess the necessary permissions to delete computer objects.

Administrator Active Directory Permissions