AWS privateca documentation change
Summary
Removed restriction about using only root domains with Connector for AD and added note about automatic permission delegation with AWS Managed Microsoft AD
Security assessment
The change clarifies permission delegation automation but does not address a specific security vulnerability. The removed root domain restriction expands functionality but lacks explicit security context.
Diff
diff --git a/privateca/latest/userguide/connector-for-ad-getting-started-prerequisites.md b/privateca/latest/userguide/connector-for-ad-getting-started-prerequisites.md index 46b57591e..7fed2ca6e 100644 --- a//privateca/latest/userguide/connector-for-ad-getting-started-prerequisites.md +++ b//privateca/latest/userguide/connector-for-ad-getting-started-prerequisites.md @@ -19,4 +18,0 @@ The private CA must be in the `Active` state to create a Connector for AD. The p -###### Important - -You can only use Connector for Active Directory with an Active Directory's root domain. - @@ -37,0 +34,4 @@ Enrolling domain controllers is not supported when using the Connector for AD wi +###### Note + +If you are using AWS Managed Microsoft AD the additional permissions are delegated automatically when you authorize the Connector for AD service with your directory. You can skip this prerequisite step. + @@ -59,4 +58,0 @@ When using the Directory Service AD Connector, you need to delegate additional p -###### Note - -If you are using AWS Managed Microsoft AD then the additional permissions will be delegated automatically when you authorize the Connector for AD service with your directory. You can skip this prerequisite step. -