2025/09/30 - AWS Directory Service - 16 updated api methods
Changes AWS Directory service now supports IPv6-native and dual-stack configurations for AWS Managed Microsoft AD, AD Connector, and Simple AD (dual-stack only). Additionally, AWS Managed Microsoft AD Standard Edition directories can be upgraded to Enterprise Edition directories through a single API call.
{'IpRoutes': {'CidrIpv6': 'string'}}
If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC.
Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
See also: AWS API Documentation
Request Syntax
client.add_ip_routes( DirectoryId='string', IpRoutes=[ { 'CidrIp': 'string', 'CidrIpv6': 'string', 'Description': 'string' }, ], UpdateSecurityGroupForDirectoryControllers=True|False )
string
[REQUIRED]
Identifier (ID) of the directory to which to add the address block.
list
[REQUIRED]
IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your self-managed domain.
(dict) --
Contains the IP address block. This is often the address block of the DNS server used for your self-managed domain.
CidrIp (string) --
IP address block in CIDR format, such as 10.0.0.0/24. This is often the address block of the DNS server used for your self-managed domain. For a single IP address, use a CIDR address block with /32. For example, 10.0.0.0/32.
CidrIpv6 (string) --
IPv6 address block in CIDR format, such as 2001:db8::/32. This is often the address block of the DNS server used for your self-managed domain. For a single IPv6 address, use a CIDR address block with /128. For example, 2001:db8::1/128.
Description (string) --
Description of the address block.
boolean
If set to true, updates the inbound and outbound rules of the security group that has the description: "Amazon Web Services created security group for directory ID directory controllers." Following are the new rules:
Inbound:
Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: DNS (UDP), Protocol: UDP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: DNS (TCP), Protocol: TCP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: LDAP, Protocol: TCP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR
Type: All ICMP, Protocol: All, Range: N/A, Source: Managed Microsoft AD VPC IPv4 CIDR
Outbound:
Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0
These security rules impact an internal network interface that is not exposed publicly.
dict
Response Syntax
{}
Response Structure
(dict) --
{'ConnectSettings': {'CustomerDnsIpsV6': ['string']}, 'NetworkType': 'Dual-stack | IPv4 | IPv6'}
Creates an AD Connector to connect to a self-managed directory.
Before you call ConnectDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the ConnectDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
See also: AWS API Documentation
Request Syntax
client.connect_directory( Name='string', ShortName='string', Password='string', Description='string', Size='Small'|'Large', ConnectSettings={ 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'CustomerDnsIps': [ 'string', ], 'CustomerDnsIpsV6': [ 'string', ], 'CustomerUserName': 'string' }, Tags=[ { 'Key': 'string', 'Value': 'string' }, ], NetworkType='Dual-stack'|'IPv4'|'IPv6' )
string
[REQUIRED]
The fully qualified name of your self-managed directory, such as corp.example.com.
string
The NetBIOS name of your self-managed directory, such as CORP.
string
[REQUIRED]
The password for your self-managed user account.
string
A description for the directory.
string
[REQUIRED]
The size of the directory.
dict
[REQUIRED]
A DirectoryConnectSettings object that contains additional information for the operation.
VpcId (string) -- [REQUIRED]
The identifier of the VPC in which the AD Connector is created.
SubnetIds (list) -- [REQUIRED]
A list of subnet identifiers in the VPC in which the AD Connector is created.
(string) --
CustomerDnsIps (list) --
The IP addresses of DNS servers or domain controllers in your self-managed directory.
(string) --
CustomerDnsIpsV6 (list) --
The IPv6 addresses of DNS servers or domain controllers in your self-managed directory.
(string) --
CustomerUserName (string) -- [REQUIRED]
The user name of an account in your self-managed directory that is used to connect to the directory. This account must have the following permissions:
Read users and groups
Create computer objects
Join computers to the domain
list
The tags to be assigned to AD Connector.
(dict) --
Metadata assigned to a directory consisting of a key-value pair.
Key (string) -- [REQUIRED]
Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
Value (string) -- [REQUIRED]
The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
string
The network type for your directory. The default value is IPv4 or IPv6 based on the provided subnet capabilities.
dict
Response Syntax
{ 'DirectoryId': 'string' }
Response Structure
(dict) --
Contains the results of the ConnectDirectory operation.
DirectoryId (string) --
The identifier of the new directory.
{'DnsIpv6Addrs': ['string']}
Creates a conditional forwarder associated with your Amazon Web Services directory. Conditional forwarders are required in order to set up a trust relationship with another domain. The conditional forwarder points to the trusted domain.
See also: AWS API Documentation
Request Syntax
client.create_conditional_forwarder( DirectoryId='string', RemoteDomainName='string', DnsIpAddrs=[ 'string', ], DnsIpv6Addrs=[ 'string', ] )
string
[REQUIRED]
The directory ID of the Amazon Web Services directory for which you are creating the conditional forwarder.
string
[REQUIRED]
The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.
list
The IP addresses of the remote DNS server associated with RemoteDomainName.
(string) --
list
The IPv6 addresses of the remote DNS server associated with RemoteDomainName.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
The result of a CreateConditinalForwarder request.
{'NetworkType': 'Dual-stack | IPv4 | IPv6'}
Creates a Simple AD directory. For more information, see Simple Active Directory in the Directory Service Admin Guide.
Before you call CreateDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
See also: AWS API Documentation
Request Syntax
client.create_directory( Name='string', ShortName='string', Password='string', Description='string', Size='Small'|'Large', VpcSettings={ 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, Tags=[ { 'Key': 'string', 'Value': 'string' }, ], NetworkType='Dual-stack'|'IPv4'|'IPv6' )
string
[REQUIRED]
The fully qualified name for the directory, such as corp.example.com.
string
The NetBIOS name of the directory, such as CORP.
string
[REQUIRED]
The password for the directory administrator. The directory creation process creates a directory administrator account with the user name Administrator and this password.
If you need to change the password for the administrator account, you can use the ResetUserPassword API call.
The regex pattern for this string is made up of the following conditions:
Length (?=^.{8,64}$) – Must be between 8 and 64 characters
AND any 3 of the following password complexity rules required by Active Directory:
Numbers and upper case and lowercase (?=.*d)(?=.*[A-Z])(?=.*[a-z])
Numbers and special characters and lower case (?=.*d)(?=.*[^A-Za-z0-9s])(?=.*[a-z])
Special characters and upper case and lower case (?=.*[^A-Za-z0-9s])(?=.*[A-Z])(?=.*[a-z])
Numbers and upper case and special characters (?=.*d)(?=.*[A-Z])(?=.*[^A-Za-z0-9s])
For additional information about how Active Directory passwords are enforced, see Password must meet complexity requirements on the Microsoft website.
string
A description for the directory.
string
[REQUIRED]
The size of the directory.
dict
A DirectoryVpcSettings object that contains additional information for the operation.
VpcId (string) -- [REQUIRED]
The identifier of the VPC in which to create the directory.
SubnetIds (list) -- [REQUIRED]
The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets.
(string) --
list
The tags to be assigned to the Simple AD directory.
(dict) --
Metadata assigned to a directory consisting of a key-value pair.
Key (string) -- [REQUIRED]
Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
Value (string) -- [REQUIRED]
The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
string
The network type for your directory. Simple AD supports IPv4 and Dual-stack only.
dict
Response Syntax
{ 'DirectoryId': 'string' }
Response Structure
(dict) --
Contains the results of the CreateDirectory operation.
DirectoryId (string) --
The identifier of the directory that was created.
{'Edition': {'Hybrid'}, 'NetworkType': 'Dual-stack | IPv4 | IPv6'}
Creates a Microsoft AD directory in the Amazon Web Services Cloud. For more information, see Managed Microsoft AD in the Directory Service Admin Guide.
Before you call CreateMicrosoftAD, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateMicrosoftAD operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
See also: AWS API Documentation
Request Syntax
client.create_microsoft_ad( Name='string', ShortName='string', Password='string', Description='string', VpcSettings={ 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, Edition='Enterprise'|'Standard'|'Hybrid', Tags=[ { 'Key': 'string', 'Value': 'string' }, ], NetworkType='Dual-stack'|'IPv4'|'IPv6' )
string
[REQUIRED]
The fully qualified domain name for the Managed Microsoft AD directory, such as corp.example.com. This name will resolve inside your VPC only. It does not need to be publicly resolvable.
string
The NetBIOS name for your domain, such as CORP. If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example, CORP for the directory DNS corp.example.com.
string
[REQUIRED]
The password for the default administrative user named Admin.
If you need to change the password for the administrator account, you can use the ResetUserPassword API call.
string
A description for the directory. This label will appear on the Amazon Web Services console Directory Details page after the directory is created.
dict
[REQUIRED]
Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.
VpcId (string) -- [REQUIRED]
The identifier of the VPC in which to create the directory.
SubnetIds (list) -- [REQUIRED]
The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets.
(string) --
string
Managed Microsoft AD is available in two editions: Standard and Enterprise. Enterprise is the default.
list
The tags to be assigned to the Managed Microsoft AD directory.
(dict) --
Metadata assigned to a directory consisting of a key-value pair.
Key (string) -- [REQUIRED]
Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
Value (string) -- [REQUIRED]
The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$").
string
The network type for your domain. The default value is IPv4 or IPv6 based on the provided subnet capabilities.
dict
Response Syntax
{ 'DirectoryId': 'string' }
Response Structure
(dict) --
Result of a CreateMicrosoftAD request.
DirectoryId (string) --
The identifier of the directory that was created.
{'ConditionalForwarderIpv6Addrs': ['string']}
Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.
This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.
See also: AWS API Documentation
Request Syntax
client.create_trust( DirectoryId='string', RemoteDomainName='string', TrustPassword='string', TrustDirection='One-Way: Outgoing'|'One-Way: Incoming'|'Two-Way', TrustType='Forest'|'External', ConditionalForwarderIpAddrs=[ 'string', ], ConditionalForwarderIpv6Addrs=[ 'string', ], SelectiveAuth='Enabled'|'Disabled' )
string
[REQUIRED]
The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship.
string
[REQUIRED]
The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.
string
[REQUIRED]
The trust password. The trust password must be the same password that was used when creating the trust relationship on the external domain.
string
[REQUIRED]
The direction of the trust relationship.
string
The trust relationship type. Forest is the default.
list
The IP addresses of the remote DNS server associated with RemoteDomainName.
(string) --
list
The IPv6 addresses of the remote DNS server associated with RemoteDomainName.
(string) --
string
Optional parameter to enable selective authentication for the trust.
dict
Response Syntax
{ 'TrustId': 'string' }
Response Structure
(dict) --
The result of a CreateTrust request.
TrustId (string) --
A unique identifier for the trust relationship that was created.
{'ConditionalForwarders': {'DnsIpv6Addrs': ['string']}}
Obtains information about the conditional forwarders for this account.
If no input parameters are provided for RemoteDomainNames, this request describes all conditional forwarders for the specified directory ID.
See also: AWS API Documentation
Request Syntax
client.describe_conditional_forwarders( DirectoryId='string', RemoteDomainNames=[ 'string', ] )
string
[REQUIRED]
The directory ID for which to get the list of associated conditional forwarders.
list
The fully qualified domain names (FQDN) of the remote domains for which to get the list of associated conditional forwarders. If this member is null, all conditional forwarders are returned.
(string) --
dict
Response Syntax
{ 'ConditionalForwarders': [ { 'RemoteDomainName': 'string', 'DnsIpAddrs': [ 'string', ], 'DnsIpv6Addrs': [ 'string', ], 'ReplicationScope': 'Domain' }, ] }
Response Structure
(dict) --
The result of a DescribeConditionalForwarder request.
ConditionalForwarders (list) --
The list of conditional forwarders that have been created.
(dict) --
Points to a remote domain with which you are setting up a trust relationship. Conditional forwarders are required in order to set up a trust relationship with another domain.
RemoteDomainName (string) --
The fully qualified domain name (FQDN) of the remote domains pointed to by the conditional forwarder.
DnsIpAddrs (list) --
The IP addresses of the remote DNS server associated with RemoteDomainName. This is the IP address of the DNS server that your conditional forwarder points to.
(string) --
DnsIpv6Addrs (list) --
The IPv6 addresses of the remote DNS server associated with RemoteDomainName. This is the IPv6 address of the DNS server that your conditional forwarder points to.
(string) --
ReplicationScope (string) --
The replication scope of the conditional forwarder. The only allowed value is Domain, which will replicate the conditional forwarder to all of the domain controllers for your Amazon Web Services directory.
{'DirectoryDescriptions': {'ConnectSettings': {'ConnectIpsV6': ['string']}, 'DnsIpv6Addrs': ['string'], 'Edition': {'Hybrid'}, 'NetworkType': 'Dual-stack | IPv4 | IPv6', 'OwnerDirectoryDescription': {'DnsIpv6Addrs': ['string'], 'NetworkType': 'Dual-stack ' '| ' 'IPv4 ' '| ' 'IPv6', 'RadiusSettings': {'RadiusServersIpv6': ['string']}}, 'RadiusSettings': {'RadiusServersIpv6': ['string']}}}
Obtains information about the directories that belong to this account.
You can retrieve information about specific directories by passing the directory identifiers in the DirectoryIds parameter. Otherwise, all directories that belong to the current account are returned.
This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeDirectoriesResult.NextToken member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items.
You can also specify a maximum number of return results with the Limit parameter.
See also: AWS API Documentation
Request Syntax
client.describe_directories( DirectoryIds=[ 'string', ], NextToken='string', Limit=123 )
list
A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned.
An empty list results in an InvalidParameterException being thrown.
(string) --
string
The DescribeDirectoriesResult.NextToken value from a previous call to DescribeDirectories. Pass null if this is the first call.
integer
The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.
dict
Response Syntax
{ 'DirectoryDescriptions': [ { 'DirectoryId': 'string', 'Name': 'string', 'ShortName': 'string', 'Size': 'Small'|'Large', 'Edition': 'Enterprise'|'Standard'|'Hybrid', 'Alias': 'string', 'AccessUrl': 'string', 'Description': 'string', 'DnsIpAddrs': [ 'string', ], 'DnsIpv6Addrs': [ 'string', ], 'Stage': 'Requested'|'Creating'|'Created'|'Active'|'Inoperable'|'Impaired'|'Restoring'|'RestoreFailed'|'Deleting'|'Deleted'|'Failed'|'Updating', 'ShareStatus': 'Shared'|'PendingAcceptance'|'Rejected'|'Rejecting'|'RejectFailed'|'Sharing'|'ShareFailed'|'Deleted'|'Deleting', 'ShareMethod': 'ORGANIZATIONS'|'HANDSHAKE', 'ShareNotes': 'string', 'LaunchTime': datetime(2015, 1, 1), 'StageLastUpdatedDateTime': datetime(2015, 1, 1), 'Type': 'SimpleAD'|'ADConnector'|'MicrosoftAD'|'SharedMicrosoftAD', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'ConnectSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'CustomerUserName': 'string', 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ], 'ConnectIps': [ 'string', ], 'ConnectIpsV6': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusServersIpv6': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed', 'StageReason': 'string', 'SsoEnabled': True|False, 'DesiredNumberOfDomainControllers': 123, 'OwnerDirectoryDescription': { 'DirectoryId': 'string', 'AccountId': 'string', 'DnsIpAddrs': [ 'string', ], 'DnsIpv6Addrs': [ 'string', ], 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusServersIpv6': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed', 'NetworkType': 'Dual-stack'|'IPv4'|'IPv6' }, 'RegionsInfo': { 'PrimaryRegion': 'string', 'AdditionalRegions': [ 'string', ] }, 'OsVersion': 'SERVER_2012'|'SERVER_2019', 'HybridSettings': { 'SelfManagedDnsIpAddrs': [ 'string', ], 'SelfManagedInstanceIds': [ 'string', ] }, 'NetworkType': 'Dual-stack'|'IPv4'|'IPv6' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Contains the results of the DescribeDirectories operation.
DirectoryDescriptions (list) --
The list of available DirectoryDescription objects that were retrieved.
It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.
(dict) --
Contains information about an Directory Service directory.
DirectoryId (string) --
The directory identifier.
Name (string) --
The fully qualified name of the directory.
ShortName (string) --
The short name of the directory.
Size (string) --
The directory size.
Edition (string) --
The edition associated with this directory.
Alias (string) --
The alias for the directory. If no alias exists, the alias is the directory identifier, such as d-XXXXXXXXXX.
AccessUrl (string) --
The access URL for the directory, such as http://<alias>.awsapps.com. If no alias exists, <alias> is the directory identifier, such as d-XXXXXXXXXX.
Description (string) --
The description for the directory.
DnsIpAddrs (list) --
The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of self-managed directory to which the AD Connector is connected.
(string) --
DnsIpv6Addrs (list) --
The IPv6 addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IPv6 addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IPv6 addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected.
(string) --
Stage (string) --
The current stage of the directory.
ShareStatus (string) --
Current directory status of the shared Managed Microsoft AD directory.
ShareMethod (string) --
The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( ORGANIZATIONS) or with any Amazon Web Services account by sending a shared directory request ( HANDSHAKE).
ShareNotes (string) --
A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.
LaunchTime (datetime) --
The date and time when the directory was created.
StageLastUpdatedDateTime (datetime) --
The date and time when the stage was last updated.
Type (string) --
The directory type.
VpcSettings (dict) --
A DirectoryVpcSettingsDescription object that contains additional information about a directory. Present only for Simple AD and Managed Microsoft AD directories.
VpcId (string) --
The identifier of the VPC that the directory is in.
SubnetIds (list) --
The identifiers of the subnets for the directory servers.
(string) --
SecurityGroupId (string) --
The domain controller security group identifier for the directory.
AvailabilityZones (list) --
The list of Availability Zones that the directory is in.
(string) --
ConnectSettings (dict) --
DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. Present only for AD Connector directories.
VpcId (string) --
The identifier of the VPC that the AD Connector is in.
SubnetIds (list) --
A list of subnet identifiers in the VPC that the AD Connector is in.
(string) --
CustomerUserName (string) --
The user name of the service account in your self-managed directory.
SecurityGroupId (string) --
The security group identifier for the AD Connector directory.
AvailabilityZones (list) --
The Availability Zones that the directory is in.
(string) --
ConnectIps (list) --
The IP addresses of the AD Connector servers.
(string) --
ConnectIpsV6 (list) --
The IPv6 addresses of the AD Connector servers.
(string) --
RadiusSettings (dict) --
Information about the RadiusSettings object configured for this directory.
RadiusServers (list) --
The fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.
(string) --
RadiusServersIpv6 (list) --
The IPv6 addresses of the RADIUS server endpoints or RADIUS server load balancer.
(string) --
RadiusPort (integer) --
The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.
RadiusTimeout (integer) --
The amount of time, in seconds, to wait for the RADIUS server to respond.
RadiusRetries (integer) --
The maximum number of times that communication with the RADIUS server is retried after the initial attempt.
SharedSecret (string) --
Required for enabling RADIUS on the directory.
AuthenticationProtocol (string) --
The protocol specified for your RADIUS endpoints.
DisplayLabel (string) --
Not currently used.
UseSameUsername (boolean) --
Not currently used.
RadiusStatus (string) --
The status of the RADIUS MFA server connection.
StageReason (string) --
Additional information about the directory stage.
SsoEnabled (boolean) --
Indicates whether single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.
DesiredNumberOfDomainControllers (integer) --
The desired number of domain controllers in the directory if the directory is Microsoft AD.
OwnerDirectoryDescription (dict) --
Describes the Managed Microsoft AD directory in the directory owner account.
DirectoryId (string) --
Identifier of the Managed Microsoft AD directory in the directory owner account.
AccountId (string) --
Identifier of the directory owner account.
DnsIpAddrs (list) --
IP address of the directory’s domain controllers.
(string) --
DnsIpv6Addrs (list) --
IPv6 addresses of the directory’s domain controllers.
(string) --
VpcSettings (dict) --
Information about the VPC settings for the directory.
VpcId (string) --
The identifier of the VPC that the directory is in.
SubnetIds (list) --
The identifiers of the subnets for the directory servers.
(string) --
SecurityGroupId (string) --
The domain controller security group identifier for the directory.
AvailabilityZones (list) --
The list of Availability Zones that the directory is in.
(string) --
RadiusSettings (dict) --
Information about the RadiusSettings object server configuration.
RadiusServers (list) --
The fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.
(string) --
RadiusServersIpv6 (list) --
The IPv6 addresses of the RADIUS server endpoints or RADIUS server load balancer.
(string) --
RadiusPort (integer) --
The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.
RadiusTimeout (integer) --
The amount of time, in seconds, to wait for the RADIUS server to respond.
RadiusRetries (integer) --
The maximum number of times that communication with the RADIUS server is retried after the initial attempt.
SharedSecret (string) --
Required for enabling RADIUS on the directory.
AuthenticationProtocol (string) --
The protocol specified for your RADIUS endpoints.
DisplayLabel (string) --
Not currently used.
UseSameUsername (boolean) --
Not currently used.
RadiusStatus (string) --
The status of the RADIUS server.
NetworkType (string) --
Network type of the directory in the directory owner account.
RegionsInfo (dict) --
Lists the Regions where the directory has replicated.
PrimaryRegion (string) --
The Region where the Managed Microsoft AD directory was originally created.
AdditionalRegions (list) --
Lists the Regions where the directory has been replicated, excluding the primary Region.
(string) --
OsVersion (string) --
The operating system (OS) version of the directory.
HybridSettings (dict) --
Contains information about the hybrid directory configuration for the directory, including Amazon Web Services System Manager managed node identifiers and DNS IPs.
SelfManagedDnsIpAddrs (list) --
The IP addresses of the DNS servers in your self-managed AD environment.
(string) --
SelfManagedInstanceIds (list) --
The identifiers of the self-managed instances with SSM used for hybrid directory operations.
(string) --
NetworkType (string) --
The network type of the directory.
NextToken (string) --
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeDirectories to retrieve the next set of items.
{'DomainControllers': {'DnsIpv6Addr': 'string'}}
Provides information about any domain controllers in your directory.
See also: AWS API Documentation
Request Syntax
client.describe_domain_controllers( DirectoryId='string', DomainControllerIds=[ 'string', ], NextToken='string', Limit=123 )
string
[REQUIRED]
Identifier of the directory for which to retrieve the domain controller information.
list
A list of identifiers for the domain controllers whose information will be provided.
(string) --
string
The DescribeDomainControllers.NextToken value from a previous call to DescribeDomainControllers. Pass null if this is the first call.
integer
The maximum number of items to return.
dict
Response Syntax
{ 'DomainControllers': [ { 'DirectoryId': 'string', 'DomainControllerId': 'string', 'DnsIpAddr': 'string', 'DnsIpv6Addr': 'string', 'VpcId': 'string', 'SubnetId': 'string', 'AvailabilityZone': 'string', 'Status': 'Creating'|'Active'|'Impaired'|'Restoring'|'Deleting'|'Deleted'|'Failed'|'Updating', 'StatusReason': 'string', 'LaunchTime': datetime(2015, 1, 1), 'StatusLastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
DomainControllers (list) --
List of the DomainController objects that were retrieved.
(dict) --
Contains information about the domain controllers for a specified directory.
DirectoryId (string) --
Identifier of the directory where the domain controller resides.
DomainControllerId (string) --
Identifies a specific domain controller in the directory.
DnsIpAddr (string) --
The IP address of the domain controller.
DnsIpv6Addr (string) --
The IPv6 address of the domain controller.
VpcId (string) --
The identifier of the VPC that contains the domain controller.
SubnetId (string) --
Identifier of the subnet in the VPC that contains the domain controller.
AvailabilityZone (string) --
The Availability Zone where the domain controller is located.
Status (string) --
The status of the domain controller.
StatusReason (string) --
A description of the domain controller state.
LaunchTime (datetime) --
Specifies when the domain controller was created.
StatusLastUpdatedDateTime (datetime) --
The date and time that the status was last updated.
NextToken (string) --
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeDomainControllers retrieve the next set of items.
{'UpdateType': {'SIZE', 'NETWORK'}}
Describes the updates of a directory for a particular update type.
See also: AWS API Documentation
Request Syntax
client.describe_update_directory( DirectoryId='string', UpdateType='OS'|'NETWORK'|'SIZE', RegionName='string', NextToken='string' )
string
[REQUIRED]
The unique identifier of the directory.
string
[REQUIRED]
The type of updates you want to describe for the directory.
string
The name of the Region.
string
The DescribeUpdateDirectoryResult. NextToken value from a previous call to DescribeUpdateDirectory. Pass null if this is the first call.
dict
Response Syntax
{ 'UpdateActivities': [ { 'Region': 'string', 'Status': 'Updated'|'Updating'|'UpdateFailed', 'StatusReason': 'string', 'InitiatedBy': 'string', 'NewValue': { 'OSUpdateSettings': { 'OSVersion': 'SERVER_2012'|'SERVER_2019' } }, 'PreviousValue': { 'OSUpdateSettings': { 'OSVersion': 'SERVER_2012'|'SERVER_2019' } }, 'StartTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' }
Response Structure
(dict) --
UpdateActivities (list) --
The list of update activities on a directory for the requested update type.
(dict) --
An entry of update information related to a requested update type.
Region (string) --
The name of the Region.
Status (string) --
The status of the update performed on the directory.
StatusReason (string) --
The reason for the current status of the update type activity.
InitiatedBy (string) --
This specifies if the update was initiated by the customer or by the service team.
NewValue (dict) --
The new value of the target setting.
OSUpdateSettings (dict) --
The OS update related settings.
OSVersion (string) --
OS version that the directory needs to be updated to.
PreviousValue (dict) --
The old value of the target setting.
OSUpdateSettings (dict) --
The OS update related settings.
OSVersion (string) --
OS version that the directory needs to be updated to.
StartTime (datetime) --
The start time of the UpdateDirectorySetup for the particular type.
LastUpdatedDateTime (datetime) --
The last updated date and time of a particular directory setting.
NextToken (string) --
If not null, more results are available. Pass this value for the NextToken parameter.
{'RadiusSettings': {'RadiusServersIpv6': ['string']}}
Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.
See also: AWS API Documentation
Request Syntax
client.enable_radius( DirectoryId='string', RadiusSettings={ 'RadiusServers': [ 'string', ], 'RadiusServersIpv6': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False } )
string
[REQUIRED]
The identifier of the directory for which to enable MFA.
dict
[REQUIRED]
A RadiusSettings object that contains information about the RADIUS server.
RadiusServers (list) --
The fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.
(string) --
RadiusServersIpv6 (list) --
The IPv6 addresses of the RADIUS server endpoints or RADIUS server load balancer.
(string) --
RadiusPort (integer) --
The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.
RadiusTimeout (integer) --
The amount of time, in seconds, to wait for the RADIUS server to respond.
RadiusRetries (integer) --
The maximum number of times that communication with the RADIUS server is retried after the initial attempt.
SharedSecret (string) --
Required for enabling RADIUS on the directory.
AuthenticationProtocol (string) --
The protocol specified for your RADIUS endpoints.
DisplayLabel (string) --
Not currently used.
UseSameUsername (boolean) --
Not currently used.
dict
Response Syntax
{}
Response Structure
(dict) --
Contains the results of the EnableRadius operation.
{'IpRoutesInfo': {'CidrIpv6': 'string'}}
Lists the address blocks that you have added to a directory.
See also: AWS API Documentation
Request Syntax
client.list_ip_routes( DirectoryId='string', NextToken='string', Limit=123 )
string
[REQUIRED]
Identifier (ID) of the directory for which you want to retrieve the IP addresses.
string
The ListIpRoutes.NextToken value from a previous call to ListIpRoutes. Pass null if this is the first call.
integer
Maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.
dict
Response Syntax
{ 'IpRoutesInfo': [ { 'DirectoryId': 'string', 'CidrIp': 'string', 'CidrIpv6': 'string', 'IpRouteStatusMsg': 'Adding'|'Added'|'Removing'|'Removed'|'AddFailed'|'RemoveFailed', 'AddedDateTime': datetime(2015, 1, 1), 'IpRouteStatusReason': 'string', 'Description': 'string' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
IpRoutesInfo (list) --
A list of IpRoutes.
(dict) --
Information about one or more IP address blocks.
DirectoryId (string) --
Identifier (ID) of the directory associated with the IP addresses.
CidrIp (string) --
IP address block in the IpRoute.
CidrIpv6 (string) --
IPv6 address block in the IpRoute.
IpRouteStatusMsg (string) --
The status of the IP address block.
AddedDateTime (datetime) --
The date and time the address block was added to the directory.
IpRouteStatusReason (string) --
The reason for the IpRouteStatusMsg.
Description (string) --
Description of the IpRouteInfo.
NextToken (string) --
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to ListIpRoutes to retrieve the next set of items.
{'CidrIpv6s': ['string']}
Removes IP address blocks from a directory.
See also: AWS API Documentation
Request Syntax
client.remove_ip_routes( DirectoryId='string', CidrIps=[ 'string', ], CidrIpv6s=[ 'string', ] )
string
[REQUIRED]
Identifier (ID) of the directory from which you want to remove the IP addresses.
list
IP address blocks that you want to remove.
(string) --
list
IPv6 address blocks that you want to remove.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
{'DnsIpv6Addrs': ['string']}
Updates a conditional forwarder that has been set up for your Amazon Web Services directory.
See also: AWS API Documentation
Request Syntax
client.update_conditional_forwarder( DirectoryId='string', RemoteDomainName='string', DnsIpAddrs=[ 'string', ], DnsIpv6Addrs=[ 'string', ] )
string
[REQUIRED]
The directory ID of the Amazon Web Services directory for which to update the conditional forwarder.
string
[REQUIRED]
The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.
list
The updated IP addresses of the remote DNS server associated with the conditional forwarder.
(string) --
list
The updated IPv6 addresses of the remote DNS server associated with the conditional forwarder.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
The result of an UpdateConditionalForwarder request.
{'DirectorySizeUpdateSettings': {'DirectorySize': 'Small | Large'}, 'NetworkUpdateSettings': {'CustomerDnsIpsV6': ['string'], 'NetworkType': 'Dual-stack | IPv4 | IPv6'}, 'UpdateType': {'SIZE', 'NETWORK'}}
Updates directory configuration for the specified update type.
See also: AWS API Documentation
Request Syntax
client.update_directory_setup( DirectoryId='string', UpdateType='OS'|'NETWORK'|'SIZE', OSUpdateSettings={ 'OSVersion': 'SERVER_2012'|'SERVER_2019' }, DirectorySizeUpdateSettings={ 'DirectorySize': 'Small'|'Large' }, NetworkUpdateSettings={ 'NetworkType': 'Dual-stack'|'IPv4'|'IPv6', 'CustomerDnsIpsV6': [ 'string', ] }, CreateSnapshotBeforeUpdate=True|False )
string
[REQUIRED]
The identifier of the directory to update.
string
[REQUIRED]
The type of update to perform on the directory.
dict
Operating system configuration to apply during the directory update operation.
OSVersion (string) --
OS version that the directory needs to be updated to.
dict
Directory size configuration to apply during the update operation.
DirectorySize (string) --
The target directory size for the update operation.
dict
Network configuration to apply during the directory update operation.
NetworkType (string) --
The target network type for the directory update.
CustomerDnsIpsV6 (list) --
IPv6 addresses of DNS servers or domain controllers in the self-managed directory. Required only when updating an AD Connector directory.
(string) --
boolean
Specifies whether to create a directory snapshot before performing the update.
dict
Response Syntax
{}
Response Structure
(dict) --
{'RadiusSettings': {'RadiusServersIpv6': ['string']}}
Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory.
See also: AWS API Documentation
Request Syntax
client.update_radius( DirectoryId='string', RadiusSettings={ 'RadiusServers': [ 'string', ], 'RadiusServersIpv6': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False } )
string
[REQUIRED]
The identifier of the directory for which to update the RADIUS server information.
dict
[REQUIRED]
A RadiusSettings object that contains information about the RADIUS server.
RadiusServers (list) --
The fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.
(string) --
RadiusServersIpv6 (list) --
The IPv6 addresses of the RADIUS server endpoints or RADIUS server load balancer.
(string) --
RadiusPort (integer) --
The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.
RadiusTimeout (integer) --
The amount of time, in seconds, to wait for the RADIUS server to respond.
RadiusRetries (integer) --
The maximum number of times that communication with the RADIUS server is retried after the initial attempt.
SharedSecret (string) --
Required for enabling RADIUS on the directory.
AuthenticationProtocol (string) --
The protocol specified for your RADIUS endpoints.
DisplayLabel (string) --
Not currently used.
UseSameUsername (boolean) --
Not currently used.
dict
Response Syntax
{}
Response Structure
(dict) --
Contains the results of the UpdateRadius operation.