# Active Directory Service Account Amazon WorkSpaces requires Active Directory LDAP for deploying virtual desktops (vDesktops). An **Active Directory Service Account** is necessary for connecting with Active Directory. **WorkSpaces Manager** shares this dependency to interact with Active Directory. Depending on the permissions granted to WorkSpaces Manager within Active Directory, this Service Account may need different permissions on the assigned Organizational Unit (OU). {% hint style="success" %} For details on [Administrator Active Directory Permissions](/install/appendices/administrator-active-directory-permissions.md), please refer to the appendix. {% endhint %} The **Active Directory (AD) Service Account** is also utilized to perform various actions, such as creating user accounts, adding or removing users from existing Active Directory groups, and deleting unused computer objects. {% hint style="warning" %} **WorkSpaces Manager** has the capability to remove orphaned computer objects from Active Directory. However, for this functionality to work and effectively clean up the LDAP directory objects, the Service Account must possess the necessary permissions to delete computer objects. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.nuvens.cloud/install/installation-prerequisites/active-directory-service-account.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.