2025/07/30 - AWS Directory Service - 7 new1 updated api methods
Changes This release adds support for AWS Managed Microsoft AD Hybrid Edition, introducing new operations: StartADAssessment, DescribeADAssessment, ListADAssessments, DeleteADAssessment, CreateHybridAD, UpdateHybridAD, and DescribeHybridADUpdate; and updated existing operation: DescribeDirectories.
Retrieves information about update activities for a hybrid directory. This operation provides details about configuration changes, administrator account updates, and self-managed instance settings (IDs and DNS IPs).
See also: AWS API Documentation
Request Syntax
client.describe_hybrid_ad_update( DirectoryId='string', UpdateType='SelfManagedInstances'|'HybridAdministratorAccount', NextToken='string' )
string
[REQUIRED]
The identifier of the hybrid directory for which to retrieve update information.
string
The type of update activities to retrieve. Valid values include SelfManagedInstances and HybridAdministratorAccount.
string
The pagination token from a previous request to DescribeHybridADUpdate. Pass null if this is the first request.
dict
Response Syntax
{ 'UpdateActivities': { 'SelfManagedInstances': [ { 'Status': 'Updated'|'Updating'|'UpdateFailed', 'StatusReason': 'string', 'InitiatedBy': 'string', 'NewValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'PreviousValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'StartTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1), 'AssessmentId': 'string' }, ], 'HybridAdministratorAccount': [ { 'Status': 'Updated'|'Updating'|'UpdateFailed', 'StatusReason': 'string', 'InitiatedBy': 'string', 'NewValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'PreviousValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'StartTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1), 'AssessmentId': 'string' }, ] }, 'NextToken': 'string' }
Response Structure
(dict) --
UpdateActivities (dict) --
Information about update activities for the hybrid directory, organized by update type.
SelfManagedInstances (list) --
A list of update activities related to the self-managed instances with SSM in the self-managed instances with SSM hybrid directory configuration.
(dict) --
Contains detailed information about a specific update activity for a hybrid directory component.
Status (string) --
The current status of the update activity. Valid values include UPDATED, UPDATING, and UPDATE_FAILED.
StatusReason (string) --
A human-readable description of the update status, including any error details or progress information.
InitiatedBy (string) --
Specifies if the update was initiated by the customer or Amazon Web Services.
NewValue (dict) --
The new configuration values being applied in this update.
InstanceIds (list) --
The identifiers of the self-managed instances with SSM in the hybrid directory configuration.
(string) --
DnsIps (list) --
The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration.
(string) --
PreviousValue (dict) --
The previous configuration values before this update was applied.
InstanceIds (list) --
The identifiers of the self-managed instances with SSM in the hybrid directory configuration.
(string) --
DnsIps (list) --
The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration.
(string) --
StartTime (datetime) --
The date and time when the update activity was initiated.
LastUpdatedDateTime (datetime) --
The date and time when the update activity status was last updated.
AssessmentId (string) --
The identifier of the assessment performed to validate this update configuration.
HybridAdministratorAccount (list) --
A list of update activities related to hybrid directory administrator account changes.
(dict) --
Contains detailed information about a specific update activity for a hybrid directory component.
Status (string) --
The current status of the update activity. Valid values include UPDATED, UPDATING, and UPDATE_FAILED.
StatusReason (string) --
A human-readable description of the update status, including any error details or progress information.
InitiatedBy (string) --
Specifies if the update was initiated by the customer or Amazon Web Services.
NewValue (dict) --
The new configuration values being applied in this update.
InstanceIds (list) --
The identifiers of the self-managed instances with SSM in the hybrid directory configuration.
(string) --
DnsIps (list) --
The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration.
(string) --
PreviousValue (dict) --
The previous configuration values before this update was applied.
InstanceIds (list) --
The identifiers of the self-managed instances with SSM in the hybrid directory configuration.
(string) --
DnsIps (list) --
The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration.
(string) --
StartTime (datetime) --
The date and time when the update activity was initiated.
LastUpdatedDateTime (datetime) --
The date and time when the update activity status was last updated.
AssessmentId (string) --
The identifier of the assessment performed to validate this update configuration.
NextToken (string) --
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent request to retrieve the next set of items.
Retrieves detailed information about a directory assessment, including its current status, validation results, and configuration details. Use this operation to monitor assessment progress and review results.
See also: AWS API Documentation
Request Syntax
client.describe_ad_assessment( AssessmentId='string' )
string
[REQUIRED]
The identifier of the directory assessment to describe.
dict
Response Syntax
{ 'Assessment': { 'AssessmentId': 'string', 'DirectoryId': 'string', 'DnsName': 'string', 'StartTime': datetime(2015, 1, 1), 'LastUpdateDateTime': datetime(2015, 1, 1), 'Status': 'string', 'StatusCode': 'string', 'StatusReason': 'string', 'CustomerDnsIps': [ 'string', ], 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupIds': [ 'string', ], 'SelfManagedInstanceIds': [ 'string', ], 'ReportType': 'string', 'Version': 'string' }, 'AssessmentReports': [ { 'DomainControllerIp': 'string', 'Validations': [ { 'Category': 'string', 'Name': 'string', 'Status': 'string', 'StatusCode': 'string', 'StatusReason': 'string', 'StartTime': datetime(2015, 1, 1), 'LastUpdateDateTime': datetime(2015, 1, 1) }, ] }, ] }
Response Structure
(dict) --
Assessment (dict) --
Detailed information about the self-managed instance settings (IDs and DNS IPs).
AssessmentId (string) --
The unique identifier of the directory assessment.
DirectoryId (string) --
The identifier of the directory associated with this assessment.
DnsName (string) --
The fully qualified domain name (FQDN) of the Active Directory domain being assessed.
StartTime (datetime) --
The date and time when the assessment was initiated.
LastUpdateDateTime (datetime) --
The date and time when the assessment status was last updated.
Status (string) --
The current status of the assessment. Valid values include SUCCESS, FAILED, PENDING, and IN_PROGRESS.
StatusCode (string) --
A detailed status code providing additional information about the assessment state.
StatusReason (string) --
A human-readable description of the current assessment status, including any error details or progress information.
CustomerDnsIps (list) --
The IP addresses of the DNS servers or domain controllers in your self-managed AD environment.
(string) --
VpcId (string) --
Contains Amazon VPC information for the StartADAssessment operation.
SubnetIds (list) --
A list of subnet identifiers in the Amazon VPC in which the hybrid directory is created.
(string) --
SecurityGroupIds (list) --
The security groups identifiers attached to the network interfaces.
(string) --
SelfManagedInstanceIds (list) --
The identifiers of the self-managed AD instances used to perform the assessment.
(string) --
ReportType (string) --
The type of assessment report generated. Valid values are CUSTOMER and SYSTEM.
Version (string) --
The version of the assessment framework used to evaluate your self-managed AD environment.
AssessmentReports (list) --
A list of assessment reports containing validation results for each domain controller and test category. Each report includes specific validation details and outcomes.
(dict) --
Contains the results of validation tests performed against a specific domain controller during a directory assessment.
DomainControllerIp (string) --
The IP address of the domain controller that was tested during the assessment.
Validations (list) --
A list of validation results for different test categories performed against this domain controller.
(dict) --
Contains information about a specific validation test performed during a directory assessment.
Category (string) --
The category of the validation test.
Name (string) --
The name of the specific validation test performed within the category.
Status (string) --
The result status of the validation test. Valid values include SUCCESS, FAILED, PENDING, and IN_PROGRESS.
StatusCode (string) --
A detailed status code providing additional information about the validation result.
StatusReason (string) --
A human-readable description of the validation result, including any error details or recommendations.
StartTime (datetime) --
The date and time when the validation test was started.
LastUpdateDateTime (datetime) --
The date and time when the validation test was completed or last updated.
Creates a hybrid directory that connects your self-managed Active Directory (AD) infrastructure and Amazon Web Services.
You must have a successful directory assessment using StartADAssessment to validate your environment compatibility before you use this operation.
Updates are applied asynchronously. Use DescribeDirectories to monitor the progress of directory creation.
See also: AWS API Documentation
Request Syntax
client.create_hybrid_ad( SecretArn='string', AssessmentId='string', Tags=[ { 'Key': 'string', 'Value': 'string' }, ] )
string
[REQUIRED]
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that contains the credentials for the service account used to join hybrid domain controllers to your self-managed AD domain. This secret is used once and not stored.
The secret must contain key-value pairs with keys matching customerAdAdminDomainUsername and customerAdAdminDomainPassword. For example: {"customerAdAdminDomainUsername":"carlos_salazar","customerAdAdminDomainPassword":"ExamplePassword123!"}.
string
[REQUIRED]
The unique identifier of the successful directory assessment that validates your self-managed AD environment. You must have a successful directory assessment before you create a hybrid directory.
list
The tags to be assigned to the directory. Each tag consists of a key and value pair. You can specify multiple tags as a list.
(dict) --
Metadata assigned to a directory consisting of a key-value pair.
Key (string) -- [REQUIRED]
Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
Value (string) -- [REQUIRED]
The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
dict
Response Syntax
{ 'DirectoryId': 'string' }
Response Structure
(dict) --
DirectoryId (string) --
The unique identifier of the newly created hybrid directory.
Retrieves a list of directory assessments for the specified directory or all assessments in your account. Use this operation to monitor assessment status and manage multiple assessments.
See also: AWS API Documentation
Request Syntax
client.list_ad_assessments( DirectoryId='string', NextToken='string', Limit=123 )
string
The identifier of the directory for which to list assessments. If not specified, all assessments in your account are returned.
string
The pagination token from a previous request to ListADAssessments. Pass null if this is the first request.
integer
The maximum number of assessment summaries to return.
dict
Response Syntax
{ 'Assessments': [ { 'AssessmentId': 'string', 'DirectoryId': 'string', 'DnsName': 'string', 'StartTime': datetime(2015, 1, 1), 'LastUpdateDateTime': datetime(2015, 1, 1), 'Status': 'string', 'CustomerDnsIps': [ 'string', ], 'ReportType': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Assessments (list) --
A list of assessment summaries containing basic information about each directory assessment.
(dict) --
Contains summary information about a directory assessment, providing a high-level overview without detailed validation results.
AssessmentId (string) --
The unique identifier of the directory assessment.
DirectoryId (string) --
The identifier of the directory associated with this assessment.
DnsName (string) --
The fully qualified domain name (FQDN) of the Active Directory domain being assessed.
StartTime (datetime) --
The date and time when the assessment was initiated.
LastUpdateDateTime (datetime) --
The date and time when the assessment status was last updated.
Status (string) --
The current status of the assessment. Valid values include SUCCESS, FAILED, PENDING, and IN_PROGRESS.
CustomerDnsIps (list) --
The IP addresses of the DNS servers or domain controllers in your self-managed AD environment.
(string) --
ReportType (string) --
The type of assessment report generated. Valid values include CUSTOMER and SYSTEM.
NextToken (string) --
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent request to retrieve the next set of items.
Initiates a directory assessment to validate your self-managed AD environment for hybrid domain join. The assessment checks compatibility and connectivity of the self-managed AD environment.
A directory assessment is automatically created when you create a hybrid directory. There are two types of assessments: CUSTOMER and SYSTEM. Your Amazon Web Services account has a limit of 100 CUSTOMER directory assessments.
The assessment process typically takes 30 minutes or more to complete. The assessment process is asynchronous and you can monitor it with DescribeADAssessment.
The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410].
Note: You must provide exactly one DirectoryId or AssessmentConfiguration.
See also: AWS API Documentation
Request Syntax
client.start_ad_assessment( AssessmentConfiguration={ 'CustomerDnsIps': [ 'string', ], 'DnsName': 'string', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, 'InstanceIds': [ 'string', ], 'SecurityGroupIds': [ 'string', ] }, DirectoryId='string' )
dict
Configuration parameters for the directory assessment, including DNS server information, domain name, Amazon VPC subnet, and Amazon Web Services System Manager managed node details.
CustomerDnsIps (list) -- [REQUIRED]
A list of IP addresses for the DNS servers or domain controllers in your self-managed AD that are tested during the assessment.
(string) --
DnsName (string) -- [REQUIRED]
The fully qualified domain name (FQDN) of the self-managed AD domain to assess.
VpcSettings (dict) -- [REQUIRED]
Contains VPC information for the CreateDirectory, CreateMicrosoftAD, or CreateHybridAD operation.
VpcId (string) -- [REQUIRED]
The identifier of the VPC in which to create the directory.
SubnetIds (list) -- [REQUIRED]
The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets.
(string) --
InstanceIds (list) -- [REQUIRED]
The identifiers of the self-managed instances with SSM that are used to perform connectivity and validation tests.
(string) --
SecurityGroupIds (list) --
By default, the service attaches a security group to allow network access to the self-managed nodes in your Amazon VPC. You can optionally supply your own security group that allows network traffic to and from your self-managed domain controllers outside of your Amazon VPC.
(string) --
string
The identifier of the directory for which to perform the assessment. This should be an existing directory. If the assessment is not for an existing directory, this parameter should be omitted.
dict
Response Syntax
{ 'AssessmentId': 'string' }
Response Structure
(dict) --
AssessmentId (string) --
The unique identifier of the newly started directory assessment. Use this identifier to monitor assessment progress and retrieve results.
Deletes a directory assessment and all associated data. This operation permanently removes the assessment results, validation reports, and configuration information.
You cannot delete system-initiated assessments. You can delete customer-created assessments even if they are in progress.
See also: AWS API Documentation
Request Syntax
client.delete_ad_assessment( AssessmentId='string' )
string
[REQUIRED]
The unique identifier of the directory assessment to delete.
dict
Response Syntax
{ 'AssessmentId': 'string' }
Response Structure
(dict) --
AssessmentId (string) --
The unique identifier of the deleted directory assessment.
Updates the configuration of an existing hybrid directory. You can recover hybrid directory administrator account or modify self-managed instance settings.
Updates are applied asynchronously. Use DescribeHybridADUpdate to monitor the progress of configuration changes.
The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410].
See also: AWS API Documentation
Request Syntax
client.update_hybrid_ad( DirectoryId='string', HybridAdministratorAccountUpdate={ 'SecretArn': 'string' }, SelfManagedInstancesSettings={ 'CustomerDnsIps': [ 'string', ], 'InstanceIds': [ 'string', ] } )
string
[REQUIRED]
The identifier of the hybrid directory to update.
dict
We create a hybrid directory administrator account when we create a hybrid directory. Use HybridAdministratorAccountUpdate to recover the hybrid directory administrator account if you have deleted it.
To recover your hybrid directory administrator account, we need temporary access to a user in your self-managed AD with administrator permissions in the form of a secret from Amazon Web Services Secrets Manager. We use these credentials once during recovery and don't store them.
If your hybrid directory administrator account exists, then you don’t need to use HybridAdministratorAccountUpdate, even if you have updated your self-managed AD administrator user.
SecretArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that contains the credentials for the AD administrator user, and enables hybrid domain controllers to join the managed AD domain. For example:
{"customerAdAdminDomainUsername":"carlos_salazar","customerAdAdminDomainPassword":"ExamplePassword123!"}.
dict
Updates to the self-managed AD configuration, including DNS server IP addresses and Amazon Web Services System Manager managed node identifiers.
CustomerDnsIps (list) -- [REQUIRED]
The IP addresses of the DNS servers or domain controllers in your self-managed AD environment.
(string) --
InstanceIds (list) -- [REQUIRED]
The identifiers of the self-managed instances with SSM used in hybrid directory.
(string) --
dict
Response Syntax
{ 'DirectoryId': 'string', 'AssessmentId': 'string' }
Response Structure
(dict) --
DirectoryId (string) --
The identifier of the updated hybrid directory.
AssessmentId (string) --
The identifier of the assessment performed to validate the update configuration. This assessment ensures the updated settings are compatible with your environment.
{'DirectoryDescriptions': {'HybridSettings': {'SelfManagedDnsIpAddrs': ['string'], 'SelfManagedInstanceIds': ['string']}}}
Obtains information about the directories that belong to this account.
You can retrieve information about specific directories by passing the directory identifiers in the DirectoryIds parameter. Otherwise, all directories that belong to the current account are returned.
This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeDirectoriesResult.NextToken member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items.
You can also specify a maximum number of return results with the Limit parameter.
See also: AWS API Documentation
Request Syntax
client.describe_directories( DirectoryIds=[ 'string', ], NextToken='string', Limit=123 )
list
A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned.
An empty list results in an InvalidParameterException being thrown.
(string) --
string
The DescribeDirectoriesResult.NextToken value from a previous call to DescribeDirectories. Pass null if this is the first call.
integer
The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.
dict
Response Syntax
{ 'DirectoryDescriptions': [ { 'DirectoryId': 'string', 'Name': 'string', 'ShortName': 'string', 'Size': 'Small'|'Large', 'Edition': 'Enterprise'|'Standard', 'Alias': 'string', 'AccessUrl': 'string', 'Description': 'string', 'DnsIpAddrs': [ 'string', ], 'Stage': 'Requested'|'Creating'|'Created'|'Active'|'Inoperable'|'Impaired'|'Restoring'|'RestoreFailed'|'Deleting'|'Deleted'|'Failed'|'Updating', 'ShareStatus': 'Shared'|'PendingAcceptance'|'Rejected'|'Rejecting'|'RejectFailed'|'Sharing'|'ShareFailed'|'Deleted'|'Deleting', 'ShareMethod': 'ORGANIZATIONS'|'HANDSHAKE', 'ShareNotes': 'string', 'LaunchTime': datetime(2015, 1, 1), 'StageLastUpdatedDateTime': datetime(2015, 1, 1), 'Type': 'SimpleAD'|'ADConnector'|'MicrosoftAD'|'SharedMicrosoftAD', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'ConnectSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'CustomerUserName': 'string', 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ], 'ConnectIps': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed', 'StageReason': 'string', 'SsoEnabled': True|False, 'DesiredNumberOfDomainControllers': 123, 'OwnerDirectoryDescription': { 'DirectoryId': 'string', 'AccountId': 'string', 'DnsIpAddrs': [ 'string', ], 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed' }, 'RegionsInfo': { 'PrimaryRegion': 'string', 'AdditionalRegions': [ 'string', ] }, 'OsVersion': 'SERVER_2012'|'SERVER_2019', 'HybridSettings': { 'SelfManagedDnsIpAddrs': [ 'string', ], 'SelfManagedInstanceIds': [ 'string', ] } }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Contains the results of the DescribeDirectories operation.
DirectoryDescriptions (list) --
The list of available DirectoryDescription objects that were retrieved.
It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.
(dict) --
Contains information about an Directory Service directory.
DirectoryId (string) --
The directory identifier.
Name (string) --
The fully qualified name of the directory.
ShortName (string) --
The short name of the directory.
Size (string) --
The directory size.
Edition (string) --
The edition associated with this directory.
Alias (string) --
The alias for the directory. If no alias has been created for the directory, the alias is the directory identifier, such as d-XXXXXXXXXX.
AccessUrl (string) --
The access URL for the directory, such as http://<alias>.awsapps.com. If no alias has been created for the directory, <alias> is the directory identifier, such as d-XXXXXXXXXX.
Description (string) --
The description for the directory.
DnsIpAddrs (list) --
The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected.
(string) --
Stage (string) --
The current stage of the directory.
ShareStatus (string) --
Current directory status of the shared Managed Microsoft AD directory.
ShareMethod (string) --
The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( ORGANIZATIONS) or with any Amazon Web Services account by sending a shared directory request ( HANDSHAKE).
ShareNotes (string) --
A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.
LaunchTime (datetime) --
Specifies when the directory was created.
StageLastUpdatedDateTime (datetime) --
The date and time that the stage was last updated.
Type (string) --
The directory type.
VpcSettings (dict) --
A DirectoryVpcSettingsDescription object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed Microsoft AD directory.
VpcId (string) --
The identifier of the VPC that the directory is in.
SubnetIds (list) --
The identifiers of the subnets for the directory servers.
(string) --
SecurityGroupId (string) --
The domain controller security group identifier for the directory.
AvailabilityZones (list) --
The list of Availability Zones that the directory is in.
(string) --
ConnectSettings (dict) --
A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. This member is only present if the directory is an AD Connector directory.
VpcId (string) --
The identifier of the VPC that the AD Connector is in.
SubnetIds (list) --
A list of subnet identifiers in the VPC that the AD Connector is in.
(string) --
CustomerUserName (string) --
The user name of the service account in your self-managed directory.
SecurityGroupId (string) --
The security group identifier for the AD Connector directory.
AvailabilityZones (list) --
A list of the Availability Zones that the directory is in.
(string) --
ConnectIps (list) --
The IP addresses of the AD Connector servers.
(string) --
RadiusSettings (dict) --
A RadiusSettings object that contains information about the RADIUS server configured for this directory.
RadiusServers (list) --
An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.
(string) --
RadiusPort (integer) --
The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.
RadiusTimeout (integer) --
The amount of time, in seconds, to wait for the RADIUS server to respond.
RadiusRetries (integer) --
The maximum number of times that communication with the RADIUS server is retried after the initial attempt.
SharedSecret (string) --
Required for enabling RADIUS on the directory.
AuthenticationProtocol (string) --
The protocol specified for your RADIUS endpoints.
DisplayLabel (string) --
Not currently used.
UseSameUsername (boolean) --
Not currently used.
RadiusStatus (string) --
The status of the RADIUS MFA server connection.
StageReason (string) --
Additional information about the directory stage.
SsoEnabled (boolean) --
Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.
DesiredNumberOfDomainControllers (integer) --
The desired number of domain controllers in the directory if the directory is Microsoft AD.
OwnerDirectoryDescription (dict) --
Describes the Managed Microsoft AD directory in the directory owner account.
DirectoryId (string) --
Identifier of the Managed Microsoft AD directory in the directory owner account.
AccountId (string) --
Identifier of the directory owner account.
DnsIpAddrs (list) --
IP address of the directory’s domain controllers.
(string) --
VpcSettings (dict) --
Information about the VPC settings for the directory.
VpcId (string) --
The identifier of the VPC that the directory is in.
SubnetIds (list) --
The identifiers of the subnets for the directory servers.
(string) --
SecurityGroupId (string) --
The domain controller security group identifier for the directory.
AvailabilityZones (list) --
The list of Availability Zones that the directory is in.
(string) --
RadiusSettings (dict) --
A RadiusSettings object that contains information about the RADIUS server.
RadiusServers (list) --
An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.
(string) --
RadiusPort (integer) --
The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.
RadiusTimeout (integer) --
The amount of time, in seconds, to wait for the RADIUS server to respond.
RadiusRetries (integer) --
The maximum number of times that communication with the RADIUS server is retried after the initial attempt.
SharedSecret (string) --
Required for enabling RADIUS on the directory.
AuthenticationProtocol (string) --
The protocol specified for your RADIUS endpoints.
DisplayLabel (string) --
Not currently used.
UseSameUsername (boolean) --
Not currently used.
RadiusStatus (string) --
Information about the status of the RADIUS server.
RegionsInfo (dict) --
Lists the Regions where the directory has replicated.
PrimaryRegion (string) --
The Region where the Managed Microsoft AD directory was originally created.
AdditionalRegions (list) --
Lists the Regions where the directory has been replicated, excluding the primary Region.
(string) --
OsVersion (string) --
The operating system (OS) version of the directory.
HybridSettings (dict) --
Contains information about the hybrid directory configuration for the directory, including Amazon Web Services System Manager managed node identifiers and DNS IPs.
SelfManagedDnsIpAddrs (list) --
The IP addresses of the DNS servers in your self-managed AD environment.
(string) --
SelfManagedInstanceIds (list) --
The identifiers of the self-managed instances with SSM used for hybrid directory operations.
(string) --
NextToken (string) --
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeDirectories to retrieve the next set of items.