Why didn't my AD users sync to IAM Identity Center?

Resolution

IAM Identity Center won't sync users from your AWS Managed Microsoft AD or self-managed AD in the default "Domain Users" group. This occurs because IAM Identity Center can't read AD primary groups and their memberships.

To resolve this issue, create new groups in your Managed AD, assign users to the groups, and sync the users to IAM Identity Center. Use new groups instead of the default "Domain Users" group to allow group membership in the IAM Identity Center identity store.

For more information, see Active Directory "Domain Users" group does not properly sync into IAM Identity Center.

Related information

IAM Identity Center configurable AD sync

Connect Active Directory and specify a user

How do I use the IAM Identity Center and the AWS access portal?