Active Directory Service Account

Amazon WorkSpaces requires Active Directory LDAP for deploying virtual desktops (vDesktops). An Active Directory Service Account is necessary for connecting with Active Directory. WorkSpaces Manager shares this dependency to interact with Active Directory. Depending on the permissions granted to WorkSpaces Manager within Active Directory, this Service Account may need different permissions on the assigned Organizational Unit (OU).

For details on Administrator Active Directory Permissions, please refer to the appendix.

The Active Directory (AD) Service Account is also utilized to perform various actions, such as creating user accounts, adding or removing users from existing Active Directory groups, and deleting unused computer objects.

WorkSpaces Manager has the capability to remove orphaned computer objects from Active Directory. However, for this functionality to work and effectively clean up the LDAP directory objects, the Service Account must possess the necessary permissions to delete computer objects.

PreviousInstallation Prerequisites NextAmazon WorkSpaces Cost Optimizer

Last updated 4 months ago