diff --git a/main.tf b/main.tf
index 2138c8c..aec7d1b 100644
--- a/main.tf
+++ b/main.tf
@@ -178,6 +178,7 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
     saml_provider_arn              = var.saml_arn
     self_service_saml_provider_arn = var.self_saml_arn
     root_certificate_chain_arn     = join("", aws_acm_certificate.root[*].arn)
+    active_directory_id            = var.authentication_type == "directory-service-authentication" ? var.active_directory_id : null
   }
 
   connection_log_options {
@@ -187,11 +188,6 @@ resource "aws_ec2_client_vpn_endpoint" "default" {
   }
 
   tags = module.labels.tags
-  lifecycle {
-    ignore_changes = [
-      authentication_options
-    ]
-  }
 }
 
 ##-----------------------------------------------------------------------------
diff --git a/variables.tf b/variables.tf
index 7b9c5b8..9caf0d5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -91,7 +91,13 @@ variable "dns_names" {
 variable "authentication_type" {
   type        = string
   default     = "certificate-authentication"
-  description = "The type of client authentication to be used. "
+  description = "The type of client authentication to be used."
+}
+
+variable "active_directory_id" {
+  type        = string
+  default     = ""
+  description = "The ID of AWS AD to be used with directory-service-authentication authentication type."
 }
 
 variable "saml_arn" {