How to set up AD FS on AWS Directory Service without Domain Administrator account?
I have created a AWS Managed Microsoft AD, and I have a Windows Server 2019 EC2 instance where I am trying to enable AD FS. I have joined the EC2 instance to the domain, installed AD tools, and am able to perform basic AD tasks using the default AD Admin user. So far so good.
However when I try to configure AD FS, I get stuck with this error
"The credential provided is not a domain administrator. Provide a credential that is a member of the Domain Admins group and try again."
Taking a look at the AWS docs, I found this.
To perform operational management of your directory, AWS has exclusive control of accounts with Enterprise Administrator and Domain Administrator privileges. This includes exclusive control of the AD administrator account.
So..... how could I possibly enable AD FS unless I had access to the AD administrator account?
You can't.
When you install ADFS it searches for available DC and writes a number of entries to AD.
To do this, it needs domain admin.
You don't need domain admin. to run ADFS. It can use a service account.
- AWS Elastic Beanstalk - Environment must have instance profile associated with it
- How to delete all images in an ECR repository?
- How to Remove Delete Markers from Multiple Objects on Amazon S3 at once
- AWS MediaConvert: HLS Output Video Plays Without Audio, Despite .aac and .ts Files in S3
- EC2 Instance Cloning
- CDK Unable to Add CodeStarNotification to CodePipeline
- Invalid index in dynamic block
- AWS Cloudformation- How to do string Uppercase or lowercase in json/yaml template
- AWS CodeArtifact public npm package version missing
- R random numbers almost the same but not identical
- AWS CodePipeline: GitHub > CodePipeline (CodeBuild - Maven Java .WAR) > S3/CodeArtifact > Elastic Beanstalk (Apache Tomcat)
- InvalidImage(ImageLayerFailure: UnsupportedImageLayerDetected when deploying AWS Docker Lambda using AWS CDK
- Proper syntax in redshift sql for "schema"."table"."field"?
- Getting 'blocked by CORS policy' error while adding authentication from AWS
- Does AWS Step-functions-local support map tasks?
- How to find an Amazon EC2 AMI if I only have the id?
- Amazon EMR 7.2 does not support Ganglia?
- AccessDenied on AWS Athena
- Parsing secrets from AWS secrets manager using AWS cli
- Boto3 generate_presigned_url, SignatureDoesNotMatch error
- serverless Cannot have overlapping suffixes in two rules if the prefixes are overlapping for the same event type
- Error copying parquet file to Redshift having comma separated data in one column
- module initialization error: Cannot load native module 'Crypto.Cipher._raw_ecb' at AWS lambda
- AWS EC2 > IGW Outbound Traffic Filtering by Domain or URL
- The new key policy will not allow you to update the key policy in the future
- How to modify the nginx.conf file during AWS Elastic Beanstalk deployment
- DynamoDB not as scalable as it seems?
- How can I print / debug all available fields of a data source resource?
- How to upgrade AWS EC2 instance type t2.medium to t3.medium?
- chmod unable to change permissions