Getting error on Fsx creation with Self managed AD

This error message indicates that Amazon FSx is unable to establish a connection with your Microsoft Active Directory domain controllers, specifically due to issues with the specified organizational unit (OU) or the service account's access to it. Even though you've followed the steps to create the service account and delegate permissions, there are a few things you can check to resolve this issue:

1. Verify the OU: Double-check that the organizational unit you specified during the FSx creation process exists and is spelled correctly. Make sure there are no typos in the OU's distinguished name.

2. Service Account Permissions: Ensure that the service account has the necessary permissions to join computers to the specified OU. The account should have permissions to create computer objects in the OU and join computers to the domain.

3. Service Account Credentials: Verify that the service account credentials (username and password) provided during the FSx creation process are correct and haven't expired.

4. Network Connectivity: Although you mentioned ensuring proper network connectivity, it's worth double-checking that the VPC security groups and network ACLs allow traffic on the required ports between the FSx file system and your Active Directory domain controllers.

5. DNS Configuration: Ensure that the DNS server IP addresses provided during the FSx creation process are correct and reachable from the VPC where the FSx file system is being created.

6. Active Directory Validation: Run the Amazon FSx Active Directory validation tool against your Active Directory configuration. This tool can help identify any potential issues with your setup before you attempt to create the file system.

7. OU Object Movement: If you've moved any computer objects that Amazon FSx created in the OU after a previous file system creation, this could cause issues. It's best practice not to move these objects after they're created by FSx.

If you've verified all these points and are still encountering the error, you may need to update your file system's Active Directory configuration. You can do this through the Amazon FSx console by selecting your file system, going to the "Networking and security" tab, and choosing "Update." Alternatively, you can use the Amazon FSx API operation UpdateFileSystem to make these changes.

If the issue persists after trying these steps, it may be helpful to contact AWS support for further assistance, as they can provide more specific guidance based on your exact configuration.
Sources
Creating a new Amazon FSx file system fails - Amazon FSx for Windows File Server
File system is in a misconfigured state - Amazon FSx for Windows File Server
Joining an Amazon FSx file system to a self-managed Microsoft Active Directory domain - Amazon FSx for Windows File Server
Troubleshoot FSx for Windows File Server in a Misconfigured state | AWS re:Post
Best practices for FSx for Windows File Server - Amazon FSx for Windows File Server