Linux SeamlessDomainJoin is failing to retrieve PARENT_DIRECTORY_ID

[stuhay]

Up until recently, we have had no issues with SeamlessDomain join.

However from monday, it has been failing with ***Failed: Cannot find parent directory Id

From the aws_domainjoin.sh script, it is making this call.

PARENT_DIRECTORY_ID=$($AWSCLI ds describe-directories --region $REGION --query "DirectoryDescriptions[?DirectoryId =='$DIRECTORY_ID'].OwnerDirectoryDescription.DirectoryId | [0]" | sed 's/"//g')

However, the OwnerDirectoryDescription is not being found in the output.

Running aws ds describe-directories manually, it appears that OwnerDirectoryDescription is not in the output. According to https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ds/describe-directories.html it should be there, but it just isn't.

Could it be a bug in describe-directories?

So it seems like a mismatch between our script and AWS.

[stuhay]

Created in error. Please disregard

[fleetcaptain]

I'm running into this issue as well. @stuhay did you find a fix or workaround?

[cresvi]

This happens because you didn't create the Secret that Linux requires for joining an AD domain. You can read how to do it here. Also, don't forget to give permission to the IAM Role used by the EC2 instance to read that secret.

[fleetcaptain]

Thank you, I will give that a try.

[fleetcaptain]

I did forget to add the secret. I added it but am still encountering the issue. I'll open a new issue ticket.

[stuhay]

I'm running into this issue as well. @stuhay did you find a fix or workaround?

I had a problem with my instance profile, so the server wasn't able to lookup the directory (or the password) can't remember exactly which one.

You could always try the two aws cli calls manually on the server to see that your instance profile is allowing everything you need,