This article explains how to synchronize Active Directory users and groups to AWS IAM Identity Center using SCIM and PowerShell, addressing the limitation that ADFS does not support SCIM.

• Uses PowerShell to sync AD users/groups via IAM IDC SCIM RESTful API
• Implements serverless architecture with AWS Fargate running scheduled container tasks
• Stores AD and SCIM credentials securely in AWS Secrets Manager
• Stores configuration parameters in AWS Systems Manager Parameter Store
• PowerShell script runs every 12 hours to create/update users and groups
• Links AD users to IAM IDC users via SID stored as externalId
• Disables IAM IDC users when disabled in AD
• Does not delete users or groups, only creates and updates
• Solution uses Windows containers on Fargate for familiar DevOps tooling

This approach enables organizations with ADFS implementations to automatically synchronize their on-premises AD with AWS IAM Identity Center without requiring SCIM support from ADFS.