AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an AD Connector associated with on-premises AD; set it as the IAM Identity Center identity source; assign permission sets to groups.

AD Connector is a proxy to on-premises AD for IAM Identity Center (SSO), integrates directly without new domain or EC2 DC. Assign permission sets to AD groups for access. Most efficient, uses existing AD over Direct Connect.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Create an AD Connector associated with on-premises AD; set it as the IAM Identity Center identity source; assign permission sets to groups.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company uses AWS Organizations across multiple accounts. A SysOps administrator must centrally manage user accounts and permissions, integrated with the existing on-premises Active Directory, using IAM Identity Center and Direct Connect. What is the MOST operationally efficient solution?

Exam-Like

UAnonymous

Last updated: April 30, 2026 at 11:42

Create a Simple AD domain with a forest trust; set it as the IAM Identity Center identity source.

Create an Active Directory domain controller on EC2 joined to on-premises AD; set it as the IAM Identity Center identity source.

Create an AD Connector associated with on-premises AD; set it as the IAM Identity Center identity source; assign permission sets to groups.

Use the built-in SSO directory; manually copy users and groups from onpremises AD.