Disabling an AWS Managed Microsoft AD user

Use the following procedure to disable an AWS Managed Microsoft AD user with user and group management or AWS Directory Service Data in either the AWS Management Console, AWS CLI, or AWS Tools for PowerShell.

Important

When you disable a user's account, the user loses any permissions to access their account and applications.

Before you begin either procedure, you need to complete the following:

Creating your AWS Managed Microsoft AD.
To use user and group management or AWS Directory Service Data CLI, it must be enabled. For more information, see Enable user and group management or Directory Service Data.
You can only enable this feature from the Primary AWS Region for your directory. For more information, see Primary vs additional Regions.
You'll need the necessary IAM permissions to use AWS Directory Service Data. For more information, see AWS Directory Service API permissions: Actions, resources, and conditions reference. To get started granting permissions to your users and workloads, you can use AWS managed policies like AWSDirectoryServiceDataFullAccess or AWSDirectoryServiceDataReadOnlyAccess. For more information, see Security best practices in IAM.
Creating an AWS Managed Microsoft AD user.

AWS Management Console

You can disable an AWS Managed Microsoft AD user account in the AWS Management Console.

To disable an AWS Managed Microsoft AD user account with the AWS Management Console

Open the AWS Directory Service console at https://console.aws.amazon.com/directoryservicev2/.
From the navigation pane, choose Active Directory, and then choose Directories. You're directed to the Directories screen where you can view a list of directories in your AWS Region.
Choose a directory. You're directed to the Directory details screen.
Choose Users. The tab shows a list of users in your directory.
Choose the user whose account you want to disable. You're directed to the User details screen.
Choose Actions. Then choose Disable user account and Disable user account again.

Note

To re-enable your user's account, you must reset the user's password. For more information, see Resetting and enabling an AWS Managed Microsoft AD user's password.

AWS CLI

The following describes how to format a request that disables an AWS Managed Microsoft AD user account with the AWS Directory Service Data CLI.

To disable an AWS Managed Microsoft AD user account with the AWS CLI

Open the AWS CLI, and run the following command, replacing the Directory ID and username with your AWS Managed Microsoft AD Directory ID and username:


aws ds-data disable-user --directory-id d-1234567890 --sam-account-name "jane.doe"

Note

To re-enable your user account, you must reset the user's password. For more information, see Resetting and enabling an AWS Managed Microsoft AD user's password.

AWS Tools for PowerShell

The following describes how to format a request that disables an AWS Managed Microsoft AD user account with AWS Tools for PowerShell.

To disable an AWS Managed Microsoft AD user account with AWS Tools for PowerShell

Open the Windows PowerShell;, and run the following command, replacing the Directory ID and username with your AWS Managed Microsoft AD Directory ID and username:


Disable-DSDUser -DirectoryId d-1234567890 -SAMAccountName "jane.doe"

Note

To re-enable your user account, you must reset the user's password. For more information, see Resetting and enabling an AWS Managed Microsoft AD user's password.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deleting a user

Resetting and enabling a user's password