Resolution
----------

IAM Identity Center won't sync users from your [AWS Managed Microsoft AD](https://docs.aws.amazon.com/singlesignon/latest/userguide/connectawsad.html) or [self-managed AD](https://docs.aws.amazon.com/singlesignon/latest/userguide/connectonpremad.html) in the default "Domain Users" group. This occurs because IAM Identity Center can't read AD primary groups and their memberships.

To resolve this issue, [create new groups in your Managed AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_group.html), assign users to the groups, and sync the users to IAM Identity Center. Use new groups instead of the default "Domain Users" group to allow group membership in the IAM Identity Center identity store.

For more information, see [Active Directory "Domain Users" group does not properly sync into IAM Identity Center](https://docs.aws.amazon.com/singlesignon/latest/userguide/troubleshooting.html#issue11).

Related information
-------------------

[IAM Identity Center configurable AD sync](https://docs.aws.amazon.com/singlesignon/latest/userguide/provision-users-from-ad-configurable-ADsync.html)

[Connect Active Directory and specify a user](https://docs.aws.amazon.com/singlesignon/latest/userguide/get-started-connect-id-source-ad-idp-specify-user.html)

[How do I use the IAM Identity Center and the AWS access portal?](https://repost.aws/knowledge-center/user-portal-for-aws-sso)

My Active Directory (AD) users didn't sync to AWS IAM Identity Center.

Sync Active Directory users to the IAM Identity Center

Why didn't my AD users sync to IAM Identity Center?

Security, Identity, & Compliance

Why didn't my AD users sync to IAM Identity Center?

Resolution

Related information

Relevant content