AWS Directory Service Data

2024/09/18 - AWS Directory Service Data - 17 new api methods

Changes  Added new AWS Directory Service Data API, enabling you to manage data stored in AWS Directory Service directories. This includes APIs for creating, reading, updating, and deleting directory users, groups, and group memberships.

AddGroupMember (new) Link ¶

Adds an existing user, group, or computer as a group member.

See also: AWS API Documentation

Request Syntax

client.add_group_member(
    ClientToken='string',
    DirectoryId='string',
    GroupName='string',
    MemberName='string',
    MemberRealm='string'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the group.

type GroupName

string

param GroupName

[REQUIRED]

The name of the group.

type MemberName

string

param MemberName

[REQUIRED]

The SAMAccountName of the user, group, or computer to add as a group member.

type MemberRealm

string

param MemberRealm

The domain name that's associated with the group member. This parameter is required only when adding a member outside of your Managed Microsoft AD domain to a group inside of your Managed Microsoft AD domain. This parameter defaults to the Managed Microsoft AD domain.

Note

This parameter is case insensitive.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

CreateUser (new) Link ¶

Creates a new user.

See also: AWS API Documentation

Request Syntax

client.create_user(
    ClientToken='string',
    DirectoryId='string',
    EmailAddress='string',
    GivenName='string',
    OtherAttributes={
        'string': {
            'BOOL': True|False,
            'N': 123,
            'S': 'string',
            'SS': [
                'string',
            ]
        }
    },
    SAMAccountName='string',
    Surname='string'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that’s associated with the user.

type EmailAddress

string

param EmailAddress

The email address of the user.

type GivenName

string

param GivenName

The first name of the user.

type OtherAttributes

dict

param OtherAttributes

An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.

Note

Attribute names are case insensitive.

  • (string) --

    • (dict) --

      The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: BOOL, N, S, SS.

      • BOOL (boolean) --

        Indicates that the attribute type value is a boolean. For example:

        "BOOL": true

      • N (integer) --

        Indicates that the attribute type value is a number. For example:

        "N": "16"

      • S (string) --

        Indicates that the attribute type value is a string. For example:

        "S": "S Group"

      • SS (list) --

        Indicates that the attribute type value is a string set. For example:

        "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

        • (string) --

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the user.

type Surname

string

param Surname

The last name of the user.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'SAMAccountName': 'string',
    'SID': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory where the address block is added.

    • SAMAccountName (string) --

      The name of the user.

    • SID (string) --

      The unique security identifier (SID) of the user.

DeleteGroup (new) Link ¶

Deletes a group.

See also: AWS API Documentation

Request Syntax

client.delete_group(
    ClientToken='string',
    DirectoryId='string',
    SAMAccountName='string'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the group.

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the group.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DisableUser (new) Link ¶

Deactivates an active user account. For information about how to enable an inactive user account, see ResetUserPassword in the Directory Service API Reference .

See also: AWS API Documentation

Request Syntax

client.disable_user(
    ClientToken='string',
    DirectoryId='string',
    SAMAccountName='string'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the user.

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the user.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

SearchGroups (new) Link ¶

Searches the specified directory for a group. You can find groups that match the SearchString parameter with the value of their attributes included in the SearchString parameter.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the SearchGroups.NextToken member contains a token that you pass in the next call to SearchGroups . This retrieves the next set of items.

You can also specify a maximum number of return results with the MaxResults parameter.

See also: AWS API Documentation

Request Syntax

client.search_groups(
    DirectoryId='string',
    MaxResults=123,
    NextToken='string',
    Realm='string',
    SearchAttributes=[
        'string',
    ],
    SearchString='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the group.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request.

type NextToken

string

param NextToken

An encoded paging token for paginated calls that can be passed back to retrieve the next page.

type Realm

string

param Realm

The domain name that's associated with the group.

Note

This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.

This value is case insensitive.

type SearchAttributes

list

param SearchAttributes

[REQUIRED]

One or more data attributes that are used to search for a group. For a list of supported attributes, see Directory Service Data Attributes.

  • (string) --

type SearchString

string

param SearchString

[REQUIRED]

The attribute value that you want to search for.

Note

Wildcard (*) searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'Groups': [
        {
            'DistinguishedName': 'string',
            'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal',
            'GroupType': 'Distribution'|'Security',
            'OtherAttributes': {
                'string': {
                    'BOOL': True|False,
                    'N': 123,
                    'S': 'string',
                    'SS': [
                        'string',
                    ]
                }
            },
            'SAMAccountName': 'string',
            'SID': 'string'
        },
    ],
    'NextToken': 'string',
    'Realm': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory that's associated with the group.

    • Groups (list) --

      The group information that the request returns.

      • (dict) --

        A group object that contains identifying information and attributes for a specified group.

        • DistinguishedName (string) --

          The distinguished name of the object.

        • GroupScope (string) --

          The scope of the AD group. For details, see Active Directory security groups

        • GroupType (string) --

          The AD group type. For details, see Active Directory security group type.

        • OtherAttributes (dict) --

          An expression of one or more attributes, data types, and the values of a group.

          • (string) --

            • (dict) --

              The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: BOOL, N, S, SS. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              • BOOL (boolean) --

                Indicates that the attribute type value is a boolean. For example:

                "BOOL": true

              • N (integer) --

                Indicates that the attribute type value is a number. For example:

                "N": "16"

              • S (string) --

                Indicates that the attribute type value is a string. For example:

                "S": "S Group"

              • SS (list) --

                Indicates that the attribute type value is a string set. For example:

                "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

                • (string) --

        • SAMAccountName (string) --

          The name of the group.

        • SID (string) --

          The unique security identifier (SID) of the group.

    • NextToken (string) --

      An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    • Realm (string) --

      The domain that's associated with the group.

ListGroupMembers (new) Link ¶

Returns member information for the specified group.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListGroupMembers.NextToken member contains a token that you pass in the next call to ListGroupMembers . This retrieves the next set of items.

You can also specify a maximum number of return results with the MaxResults parameter.

See also: AWS API Documentation

Request Syntax

client.list_group_members(
    DirectoryId='string',
    MaxResults=123,
    MemberRealm='string',
    NextToken='string',
    Realm='string',
    SAMAccountName='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the group.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request.

type MemberRealm

string

param MemberRealm

The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain.

Note

This parameter is optional and case insensitive.

type NextToken

string

param NextToken

An encoded paging token for paginated calls that can be passed back to retrieve the next page.

type Realm

string

param Realm

The domain name that's associated with the group.

Note

This parameter is optional, so you can return members from a group outside of your Managed Microsoft AD domain. When no value is defined, only members of your Managed Microsoft AD groups are returned.

This value is case insensitive.

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the group.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'MemberRealm': 'string',
    'Members': [
        {
            'MemberType': 'USER'|'GROUP'|'COMPUTER',
            'SAMAccountName': 'string',
            'SID': 'string'
        },
    ],
    'NextToken': 'string',
    'Realm': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      Identifier (ID) of the directory associated with the group.

    • MemberRealm (string) --

      The domain name that's associated with the member.

    • Members (list) --

      The member information that the request returns.

      • (dict) --

        A member object that contains identifying information for a specified member.

        • MemberType (string) --

          The AD type of the member object.

        • SAMAccountName (string) --

          The name of the group member.

        • SID (string) --

          The unique security identifier (SID) of the group member.

    • NextToken (string) --

      An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    • Realm (string) --

      The domain name that's associated with the group.

DescribeGroup (new) Link ¶

Returns information about a specific group.

See also: AWS API Documentation

Request Syntax

client.describe_group(
    DirectoryId='string',
    OtherAttributes=[
        'string',
    ],
    Realm='string',
    SAMAccountName='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The Identifier (ID) of the directory associated with the group.

type OtherAttributes

list

param OtherAttributes

One or more attributes to be returned for the group. For a list of supported attributes, see Directory Service Data Attributes.

  • (string) --

type Realm

string

param Realm

The domain name that's associated with the group.

Note

This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.

This value is case insensitive.

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the group.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'DistinguishedName': 'string',
    'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal',
    'GroupType': 'Distribution'|'Security',
    'OtherAttributes': {
        'string': {
            'BOOL': True|False,
            'N': 123,
            'S': 'string',
            'SS': [
                'string',
            ]
        }
    },
    'Realm': 'string',
    'SAMAccountName': 'string',
    'SID': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory that's associated with the group.

    • DistinguishedName (string) --

      The distinguished name of the object.

    • GroupScope (string) --

      The scope of the AD group. For details, see Active Directory security groups.

    • GroupType (string) --

      The AD group type. For details, see Active Directory security group type.

    • OtherAttributes (dict) --

      The attribute values that are returned for the attribute names that are included in the request.

      • (string) --

        • (dict) --

          The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: BOOL, N, S, SS. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          • BOOL (boolean) --

            Indicates that the attribute type value is a boolean. For example:

            "BOOL": true

          • N (integer) --

            Indicates that the attribute type value is a number. For example:

            "N": "16"

          • S (string) --

            Indicates that the attribute type value is a string. For example:

            "S": "S Group"

          • SS (list) --

            Indicates that the attribute type value is a string set. For example:

            "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

            • (string) --

    • Realm (string) --

      The domain name that's associated with the group.

    • SAMAccountName (string) --

      The name of the group.

    • SID (string) --

      The unique security identifier (SID) of the group.

UpdateUser (new) Link ¶

Updates user information.

See also: AWS API Documentation

Request Syntax

client.update_user(
    ClientToken='string',
    DirectoryId='string',
    EmailAddress='string',
    GivenName='string',
    OtherAttributes={
        'string': {
            'BOOL': True|False,
            'N': 123,
            'S': 'string',
            'SS': [
                'string',
            ]
        }
    },
    SAMAccountName='string',
    Surname='string',
    UpdateType='ADD'|'REPLACE'|'REMOVE'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the user.

type EmailAddress

string

param EmailAddress

The email address of the user.

type GivenName

string

param GivenName

The first name of the user.

type OtherAttributes

dict

param OtherAttributes

An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.

Note

Attribute names are case insensitive.

  • (string) --

    • (dict) --

      The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: BOOL, N, S, SS.

      • BOOL (boolean) --

        Indicates that the attribute type value is a boolean. For example:

        "BOOL": true

      • N (integer) --

        Indicates that the attribute type value is a number. For example:

        "N": "16"

      • S (string) --

        Indicates that the attribute type value is a string. For example:

        "S": "S Group"

      • SS (list) --

        Indicates that the attribute type value is a string set. For example:

        "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

        • (string) --

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the user.

type Surname

string

param Surname

The last name of the user.

type UpdateType

string

param UpdateType

The type of update to be performed. If no value exists for the attribute, use ADD . Otherwise, use REPLACE to change an attribute value or REMOVE to clear the attribute value.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DeleteUser (new) Link ¶

Deletes a user.

See also: AWS API Documentation

Request Syntax

client.delete_user(
    ClientToken='string',
    DirectoryId='string',
    SAMAccountName='string'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the user.

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the user.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

RemoveGroupMember (new) Link ¶

Removes a member from a group.

See also: AWS API Documentation

Request Syntax

client.remove_group_member(
    ClientToken='string',
    DirectoryId='string',
    GroupName='string',
    MemberName='string',
    MemberRealm='string'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the member.

type GroupName

string

param GroupName

[REQUIRED]

The name of the group.

type MemberName

string

param MemberName

[REQUIRED]

The SAMAccountName of the user, group, or computer to remove from the group.

type MemberRealm

string

param MemberRealm

The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain.

Note

This parameter is optional and case insensitive.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

UpdateGroup (new) Link ¶

Updates group information.

See also: AWS API Documentation

Request Syntax

client.update_group(
    ClientToken='string',
    DirectoryId='string',
    GroupScope='DomainLocal'|'Global'|'Universal'|'BuiltinLocal',
    GroupType='Distribution'|'Security',
    OtherAttributes={
        'string': {
            'BOOL': True|False,
            'N': 123,
            'S': 'string',
            'SS': [
                'string',
            ]
        }
    },
    SAMAccountName='string',
    UpdateType='ADD'|'REPLACE'|'REMOVE'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the group.

type GroupScope

string

param GroupScope

The scope of the AD group. For details, see Active Directory security groups.

type GroupType

string

param GroupType

The AD group type. For details, see Active Directory security group type.

type OtherAttributes

dict

param OtherAttributes

An expression that defines one or more attributes with the data type and the value of each attribute.

  • (string) --

    • (dict) --

      The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: BOOL, N, S, SS.

      • BOOL (boolean) --

        Indicates that the attribute type value is a boolean. For example:

        "BOOL": true

      • N (integer) --

        Indicates that the attribute type value is a number. For example:

        "N": "16"

      • S (string) --

        Indicates that the attribute type value is a string. For example:

        "S": "S Group"

      • SS (list) --

        Indicates that the attribute type value is a string set. For example:

        "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

        • (string) --

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the group.

type UpdateType

string

param UpdateType

The type of update to be performed. If no value exists for the attribute, use ADD . Otherwise, use REPLACE to change an attribute value or REMOVE to clear the attribute value.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

ListGroupsForMember (new) Link ¶

Returns group information for the specified member.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListGroupsForMember.NextToken member contains a token that you pass in the next call to ListGroupsForMember . This retrieves the next set of items.

You can also specify a maximum number of return results with the MaxResults parameter.

See also: AWS API Documentation

Request Syntax

client.list_groups_for_member(
    DirectoryId='string',
    MaxResults=123,
    MemberRealm='string',
    NextToken='string',
    Realm='string',
    SAMAccountName='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the member.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request.

type MemberRealm

string

param MemberRealm

The domain name that's associated with the group member.

Note

This parameter is optional, so you can limit your results to the group members in a specific domain.

This parameter is case insensitive and defaults to Realm

type NextToken

string

param NextToken

An encoded paging token for paginated calls that can be passed back to retrieve the next page.

type Realm

string

param Realm

The domain name that's associated with the group.

Note

This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.

This value is case insensitive and defaults to your Managed Microsoft AD domain.

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The SAMAccountName of the user, group, or computer that's a member of the group.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'Groups': [
        {
            'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal',
            'GroupType': 'Distribution'|'Security',
            'SAMAccountName': 'string',
            'SID': 'string'
        },
    ],
    'MemberRealm': 'string',
    'NextToken': 'string',
    'Realm': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory that's associated with the member.

    • Groups (list) --

      The group information that the request returns.

      • (dict) --

        A structure containing a subset of fields of a group object from a directory.

    • MemberRealm (string) --

      The domain that's associated with the member.

    • NextToken (string) --

      An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    • Realm (string) --

      The domain that's associated with the group.

ListGroups (new) Link ¶

Returns group information for the specified directory.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListGroups.NextToken member contains a token that you pass in the next call to ListGroups . This retrieves the next set of items.

You can also specify a maximum number of return results with the MaxResults parameter.

See also: AWS API Documentation

Request Syntax

client.list_groups(
    DirectoryId='string',
    MaxResults=123,
    NextToken='string',
    Realm='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the group.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request.

type NextToken

string

param NextToken

An encoded paging token for paginated calls that can be passed back to retrieve the next page.

type Realm

string

param Realm

The domain name associated with the directory.

Note

This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.

This value is case insensitive.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'Groups': [
        {
            'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal',
            'GroupType': 'Distribution'|'Security',
            'SAMAccountName': 'string',
            'SID': 'string'
        },
    ],
    'NextToken': 'string',
    'Realm': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory that's associated with the group.

    • Groups (list) --

      The group information that the request returns.

      • (dict) --

        A structure containing a subset of fields of a group object from a directory.

    • NextToken (string) --

      An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    • Realm (string) --

      The domain name associated with the group.

CreateGroup (new) Link ¶

Creates a new group.

See also: AWS API Documentation

Request Syntax

client.create_group(
    ClientToken='string',
    DirectoryId='string',
    GroupScope='DomainLocal'|'Global'|'Universal'|'BuiltinLocal',
    GroupType='Distribution'|'Security',
    OtherAttributes={
        'string': {
            'BOOL': True|False,
            'N': 123,
            'S': 'string',
            'SS': [
                'string',
            ]
        }
    },
    SAMAccountName='string'
)
type ClientToken

string

param ClientToken

A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.

A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.

If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an ConflictException .

Note

This parameter is optional when using the CLI or SDK.

This field is autopopulated if not provided.

type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the group.

type GroupScope

string

param GroupScope

The scope of the AD group. For details, see Active Directory security group scope.

type GroupType

string

param GroupType

The AD group type. For details, see Active Directory security group type.

type OtherAttributes

dict

param OtherAttributes

An expression that defines one or more attributes with the data type and value of each attribute.

  • (string) --

    • (dict) --

      The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

      Note

      This is a Tagged Union structure. Only one of the following top level keys can be set: BOOL, N, S, SS.

      • BOOL (boolean) --

        Indicates that the attribute type value is a boolean. For example:

        "BOOL": true

      • N (integer) --

        Indicates that the attribute type value is a number. For example:

        "N": "16"

      • S (string) --

        Indicates that the attribute type value is a string. For example:

        "S": "S Group"

      • SS (list) --

        Indicates that the attribute type value is a string set. For example:

        "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

        • (string) --

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the group.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'SAMAccountName': 'string',
    'SID': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory that's associated with the group.

    • SAMAccountName (string) --

      The name of the group.

    • SID (string) --

      The unique security identifier (SID) of the group.

DescribeUser (new) Link ¶

Returns information about a specific user.

See also: AWS API Documentation

Request Syntax

client.describe_user(
    DirectoryId='string',
    OtherAttributes=[
        'string',
    ],
    Realm='string',
    SAMAccountName='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the user.

type OtherAttributes

list

param OtherAttributes

One or more attribute names to be returned for the user. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.

  • (string) --

type Realm

string

param Realm

The domain name that's associated with the user.

Note

This parameter is optional, so you can return users outside your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.

This value is case insensitive.

type SAMAccountName

string

param SAMAccountName

[REQUIRED]

The name of the user.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'DistinguishedName': 'string',
    'EmailAddress': 'string',
    'Enabled': True|False,
    'GivenName': 'string',
    'OtherAttributes': {
        'string': {
            'BOOL': True|False,
            'N': 123,
            'S': 'string',
            'SS': [
                'string',
            ]
        }
    },
    'Realm': 'string',
    'SAMAccountName': 'string',
    'SID': 'string',
    'Surname': 'string',
    'UserPrincipalName': 'string'
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory that's associated with the user.

    • DistinguishedName (string) --

      The distinguished name of the object.

    • EmailAddress (string) --

      The email address of the user.

    • Enabled (boolean) --

      Indicates whether the user account is active.

    • GivenName (string) --

      The first name of the user.

    • OtherAttributes (dict) --

      The attribute values that are returned for the attribute names that are included in the request.

      Note

      Attribute names are case insensitive.

      • (string) --

        • (dict) --

          The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

          Note

          This is a Tagged Union structure. Only one of the following top level keys will be set: BOOL, N, S, SS. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

          'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
          • BOOL (boolean) --

            Indicates that the attribute type value is a boolean. For example:

            "BOOL": true

          • N (integer) --

            Indicates that the attribute type value is a number. For example:

            "N": "16"

          • S (string) --

            Indicates that the attribute type value is a string. For example:

            "S": "S Group"

          • SS (list) --

            Indicates that the attribute type value is a string set. For example:

            "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

            • (string) --

    • Realm (string) --

      The domain name that's associated with the user.

    • SAMAccountName (string) --

      The name of the user.

    • SID (string) --

      The unique security identifier (SID) of the user.

    • Surname (string) --

      The last name of the user.

    • UserPrincipalName (string) --

      The UPN that is an Internet-style login name for a user and is based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.

ListUsers (new) Link ¶

Returns user information for the specified directory.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the ListUsers.NextToken member contains a token that you pass in the next call to ListUsers . This retrieves the next set of items.

You can also specify a maximum number of return results with the MaxResults parameter.

See also: AWS API Documentation

Request Syntax

client.list_users(
    DirectoryId='string',
    MaxResults=123,
    NextToken='string',
    Realm='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the user.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request.

type NextToken

string

param NextToken

An encoded paging token for paginated calls that can be passed back to retrieve the next page.

type Realm

string

param Realm

The domain name that's associated with the user.

Note

This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.

This value is case insensitive.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'NextToken': 'string',
    'Realm': 'string',
    'Users': [
        {
            'Enabled': True|False,
            'GivenName': 'string',
            'SAMAccountName': 'string',
            'SID': 'string',
            'Surname': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory that's associated with the user.

    • NextToken (string) --

      An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    • Realm (string) --

      The domain that's associated with the user.

    • Users (list) --

      The user information that the request returns.

      • (dict) --

        A structure containing a subset of the fields of a user object from a directory.

        • Enabled (boolean) --

          Indicates whether the user account is active.

        • GivenName (string) --

          The first name of the user.

        • SAMAccountName (string) --

          The name of the user.

        • SID (string) --

          The unique security identifier (SID) of the user.

        • Surname (string) --

          The last name of the user.

SearchUsers (new) Link ¶

Searches the specified directory for a user. You can find users that match the SearchString parameter with the value of their attributes included in the SearchString parameter.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the SearchUsers.NextToken member contains a token that you pass in the next call to SearchUsers . This retrieves the next set of items.

You can also specify a maximum number of return results with the MaxResults parameter.

See also: AWS API Documentation

Request Syntax

client.search_users(
    DirectoryId='string',
    MaxResults=123,
    NextToken='string',
    Realm='string',
    SearchAttributes=[
        'string',
    ],
    SearchString='string'
)
type DirectoryId

string

param DirectoryId

[REQUIRED]

The identifier (ID) of the directory that's associated with the user.

type MaxResults

integer

param MaxResults

The maximum number of results to be returned per request.

type NextToken

string

param NextToken

An encoded paging token for paginated calls that can be passed back to retrieve the next page.

type Realm

string

param Realm

The domain name that's associated with the user.

Note

This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.

This value is case insensitive.

type SearchAttributes

list

param SearchAttributes

[REQUIRED]

One or more data attributes that are used to search for a user. For a list of supported attributes, see Directory Service Data Attributes.

  • (string) --

type SearchString

string

param SearchString

[REQUIRED]

The attribute value that you want to search for.

Note

Wildcard (*) searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes.

rtype

dict

returns

Response Syntax

{
    'DirectoryId': 'string',
    'NextToken': 'string',
    'Realm': 'string',
    'Users': [
        {
            'DistinguishedName': 'string',
            'EmailAddress': 'string',
            'Enabled': True|False,
            'GivenName': 'string',
            'OtherAttributes': {
                'string': {
                    'BOOL': True|False,
                    'N': 123,
                    'S': 'string',
                    'SS': [
                        'string',
                    ]
                }
            },
            'SAMAccountName': 'string',
            'SID': 'string',
            'Surname': 'string',
            'UserPrincipalName': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • DirectoryId (string) --

      The identifier (ID) of the directory where the address block is added.

    • NextToken (string) --

      An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    • Realm (string) --

      The domain that's associated with the user.

    • Users (list) --

      The user information that the request returns.

      • (dict) --

        A user object that contains identifying information and attributes for a specified user.

        • DistinguishedName (string) --

          The distinguished name of the object.

        • EmailAddress (string) --

          The email address of the user.

        • Enabled (boolean) --

          Indicates whether the user account is active.

        • GivenName (string) --

          The first name of the user.

        • OtherAttributes (dict) --

          An expression that includes one or more attributes, data types, and values of a user.

          • (string) --

            • (dict) --

              The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: BOOL, N, S, SS. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
              • BOOL (boolean) --

                Indicates that the attribute type value is a boolean. For example:

                "BOOL": true

              • N (integer) --

                Indicates that the attribute type value is a number. For example:

                "N": "16"

              • S (string) --

                Indicates that the attribute type value is a string. For example:

                "S": "S Group"

              • SS (list) --

                Indicates that the attribute type value is a string set. For example:

                "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

                • (string) --

        • SAMAccountName (string) --

          The name of the user.

        • SID (string) --

          The unique security identifier (SID) of the user.

        • Surname (string) --

          The last name of the user.

        • UserPrincipalName (string) --

          The UPN that is an internet-style login name for a user and based on the internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.