Cannot delete AD connector, console

Question

When I try to disable the console, it says, "You cannot disable the AWS Management Console because delegated users are still assigned to it. Remove all users and groups from the IAM roles below and try again."

When I click one of the roles it says, "The role 'EC2Admin' and 'EC2Developer' may have been deleted, or the role’s trust with AWS Directory Service no longer exists. Either recreate the role and then reassign your delegated users, or edit the trust to repair it.

How do I delete an inoperable AD connector?

Answer

Hello,

I understand that when you try to delete an inoperable AD connector within Directory Services of your AWS Management console, you get the following error message: “You cannot disable the AWS Management Console because delegated users are still assigned to it. Remove all users and groups from the IAM roles below and try again”.

Please note that when your AD connector switches to an inoperable state, your access to the domain controllers are blocked for security reason. We block the deletion of an AD Connector when there are still applications linked to it to prevent customers from unintentionally breaking an AWS application that is still using the directory.

You will need to submit a request with AWS Support and the support team will ask for specific account details so that they can assist with the deletion of the inoperable AD connector and to avoid being billed for an inoperable AD connector

Reference: [https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_connector_troubleshooting.html#delete_ad_connector]

Reach out to AWS Support : [https://aws.amazon.com/contact-us/]

*** If the answer is helpful, please click "Accept Answer" and upvote it. ***

Kind Regards,

Olu

Cannot delete AD connector, console

관련 콘텐츠