UPD: removed enable_sso and alias to prevent conflicts

modules/security_identity_compliance/ds-adconnector/main.tf

@@ -1,8 +1,7 @@
 
 resource "aws_directory_service_directory" "connector" {
   name        = var.adc-domainname
-  alias       = var.adc-alias # required by enable-sso
+  enable_sso  = false # enabling this results in error when terraform is ran in member accounts
-  enable_sso  = var.adc-enable-sso
   password    = var.adc-service-account-password
   size        = var.adc-size
   type        = "ADConnector"

modules/security_identity_compliance/ds-adconnector/outputs.tf

@@ -6,6 +6,6 @@ output security-group-id {
   value = aws_directory_service_directory.connector.security_group_id
 }
 
-output connect-settings {
+output customer-dns-ip {
-  value = aws_directory_service_directory.connector.connect_settings
+  value = aws_directory_service_directory.connector.connect_settings[*].customer_dns_ips
 }

modules/security_identity_compliance/ds-adconnector/variables.tf

@@ -5,6 +5,4 @@ variable "adc-dns-ips" {}
 variable "adc-service-account-username" {}
 variable "adc-subnet-ids" {}
 variable "adc-vpc-id" {}
-variable "adc-alias" {}
-variable "adc-enable-sso" {}
 variable "default-tags" {}