So in AWS I created a Microsoft AD and managed to join a computer to the domain after changing the DHCP optionset. I then rebooted the machine and logged in as the admin account that was created with the domain, but soon realized that the admin account have very strict privileges. I can create new users and add computers to the AD, but that's about it… I can't add users to the domain admin group or even to the remote desktop users group.
Anyone know if there is any way to access the real administrator account when creating a windows active directory in AWS?
Best Answer
Noticed that AWS create delegated groups for you so after i added my users to the "AWS delegated administrators" group everything was fine.
As to why they lock you out of the real domain admin account and groups is beyond me though... sigh