AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Correct the permissions on the Active Directory group so that IAM Identity Center has read access.

For IAM Identity Center with AD, the connector needs read permissions on the AD groups and users to sync and assign permissions. If 'Domain Users' group doesn't have proper delegation for Identity Center to read members/attributes, it fails. Time sync or re-adding not relevant.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Correct the permissions on the Active Directory group so that IAM Identity Center has read access.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A SysOps administrator uses IAM Identity Center with Active Directory. A new account was added and the Active Directory "Domain Users" group was assigned permissions. Users still get access denied. What resolves this?

Exam-Like

UAnonymous

Last updated: April 30, 2026 at 11:42

Create a new group; add users to provide access.

Correct the time on the Active Directory domain controllers.

Remove and re-add the account to the organization.

Correct the permissions on the Active Directory group so that IAM Identity Center has read access.