By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Cannot delete AD connector

0

We have an AD connector that cannot be deleted.

It says the console is still attached as an authorized application.

When I try to disable the console, it says "You cannot disable the AWS Management Console because delegated users are still assigned to it. Remove all users and groups from the IAM roles below and try again."

When I click one of the roles it says "The role 'AWS_PRJ_W' may have been deleted or the role’s trust with AWS Directory Service no longer exists. Either recreate the role and then reassign your delegated users, or edit the trust to repair it." Even though that seems a little ridiculous (creating more things to enable something else to be deleted), I gave it a quick try but it still complained about the role.

How do I delete an inoperable AD connector?

Topics
Security, Identity, & Compliance
Tags
AWS Directory Service
Language
English
bwyoung
asked 5 years ago1.1K views
4 Answers
1

We block the deletion of the AD Connector when there are still applications linked to it as a safety precaution to prevent customers from unintentionally breaking an AWS application that is still using the directory. However, that can sometimes be more frustrating than helpful. This post is a good example. The error about "the role’s trust with AWS Directory Service no longer exists" means that the AD Connector is Inoperable because it no longer has access to your domain controllers. So you have to update your network settings to reestablish connectivity between the AD Connector and your domain in order to delete those roles. As you have pointed out, this is a lot of work just to delete something. Therefore, I have manually unauthorized the AWS Management Console from your AD connector. This will allow you to delete the AD Connector with out any additional work.

profile pictureAWS
JoeD_AWS
answered 5 years ago
profile picture
EXPERT
Gary Mclean
reviewed 7 months ago
0

Thank you, that worked well. The domain this was connected to is no longer accessible so it would have been impossible to delete otherwise!

Brian

bwyoung
answered 5 years ago
0

How do I go about requesting a manual fix to this problem?

NimLND
answered 4 years ago
0

Hi I have the same problem You cannot disable the AWS Management Console because delegated users are still assigned to it. Remove all users and groups from the IAM roles below and try again I cant delete the role although I dont have any user assign to the role can you help me? santos

Santos
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content