Copying an Amazon Managed Microsoft AD group memberships in the Amazon Web Services Management Console
You can copy group memberships from one Amazon Managed Microsoft AD user into another user in the Amazon Web Services Management Console. Group memberships are the roles and permissions that a user inherits when you add them to a group.
Before you begin this procedure, you need to complete the following:
-
To use user and group management or Amazon Directory Service Data CLI, it must be enabled. For more information, see Enable user and group management or Directory Service Data.
-
You can only enable this feature from the Primary Amazon Web Services Region for your directory. For more information, see Primary vs additional Regions.
-
You'll need the necessary IAM permissions to use Amazon Directory Service Data. For more information, see Amazon Directory Service API permissions: Actions, resources, and conditions reference. To get started granting permissions to your users and workloads, you can use Amazon managed policies like AWSDirectoryServiceDataFullAccess or AWSDirectoryServiceDataReadOnlyAccess. For more information, see Security best practices in IAM.
To copy Amazon Managed Microsoft AD group memberships with the Amazon Web Services Management Console
-
Open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/
. -
From the navigation pane, choose Active Directory, and then choose Directories. You're directed to the Directories screen where you can view a list of directories in your Amazon Web Services Region.
-
Choose a directory. You're directed to the Directory details screen.
-
Choose Groups. The tab shows a list of groups in your Amazon Web Services Region.
-
Choose the user whose account you want to copy their group membership. To find a user, enter the user logon name in the search box under the Users section. You're directed to the User details screen.
-
Choose Copy all group memberships. You're directed to a procedure where you can specify which groups you want to copy.
-
For Verify groups to copy, under Groups to copy, select the groups with roles and permissions you want to copy, and then choose Next.
-
For Select destination account, under Account type, choose Existing user account to copy group memberships into an existing user account. Alternatively, choose New user account to create a new user and copy group memberships into the new user account. To find a group, enter the group's name in the search box under the Selected groups section.
-
(Optional) If you choose Existing user account, select destination accounts where you want to copy the roles and permissions into, and then choose Next.
-
(Optional) If you choose New user account, complete the procedure, and then choose Next. For information about creating a user, see Creating a user.
-
-
For Review and copy group memberships, review your choices, and then choose Copy group membership.
-