AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Explanation:

AD Connector is a directory gateway that lets you redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud. It is the most operationally efficient solution to integrate AWS IAM Identity Center with an existing on-premises Active Directory over an existing AWS Direct Connect connection. It avoids the overhead of managing additional infrastructure (like EC2 instances) or synchronizing/copying users manually.

Explanation:

Comments (0)

No comments yet.

Question 29 A company uses AWS Organizations to host several applications across multiple AWS accounts. Several teams are responsible for building and maintaining the infrastructure of the applications across the AWS accounts. A SysOps administrator must implement a solution to ensure that user accounts and permissions are centrally managed. The solution must be integrated with the company's existing on-premises Active Directory environment. The SysOps administrator already has enabled AWS IAM Identity Center (AWS Single Sign-On) and has set up an AWS Direct Connect connection. What is the MOST operationally efficient solution that meets these requirements?

Real Exam

Community

RRitesh

Last updated: May 3, 2026 at 18:34

Create a Simple AD domain, and establish a forest trust relationship with the on-premises Active Directory domain. Set the Simple AD domain as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

Create an Active Directory domain controller on an Amazon EC2 instance that is joined to the on-premises Active Directory domain. Set the Active Directory domain controller as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

Create an AD Connector that is associated with the on-premises Active Directory domain. Set the AD Connector as the identity source for IAM Identity Center. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.

Use the built-in SSO directory as the identity source for IAM Identity Center. Copy the users and groups from the on-premises Active Directory domain. Create the required role-based permission sets. Assign each group of users to the AWS accounts that the group will manage.