DirectoryServiceData ******************** Client ====== class DirectoryServiceData.Client A low-level client representing AWS Directory Service Data Amazon Web Services Directory Service Data is an extension of Directory Service. This API reference provides detailed information about Directory Service Data operations and object types. With Directory Service Data, you can create, read, update, and delete users, groups, and memberships from your Managed Microsoft AD without additional costs and without deploying dedicated management instances. You can also perform built-in object management tasks across directories without direct network connectivity, which simplifies provisioning and access management to achieve fully automated deployments. Directory Service Data supports user and group write operations, such as "CreateUser" and "CreateGroup", within the organizational unit (OU) of your Managed Microsoft AD. Directory Service Data supports read operations, such as "ListUsers" and "ListGroups", on all users, groups, and group memberships within your Managed Microsoft AD and across trusted realms. Directory Service Data supports adding and removing group members in your OU and the Amazon Web Services Delegated Groups OU, so you can grant and deny access to specific roles and permissions. For more information, see Manage users and groups in the *Directory Service Administration Guide*. Note: Directory management operations and configuration changes made against the Directory Service API will also reflect in Directory Service Data API with eventual consistency. You can expect a short delay between management changes, such as adding a new directory trust and calling the Directory Service Data API for the newly created trusted realm. Directory Service Data connects to your Managed Microsoft AD domain controllers and performs operations on underlying directory objects. When you create your Managed Microsoft AD, you choose subnets for domain controllers that Directory Service creates on your behalf. If a domain controller is unavailable, Directory Service Data uses an available domain controller. As a result, you might notice eventual consistency while objects replicate from one domain controller to another domain controller. For more information, see What gets created in the *Directory Service Administration Guide*. Directory limits vary by Managed Microsoft AD edition: * **Standard edition** – Supports 8 transactions per second (TPS) for read operations and 4 TPS for write operations per directory. There's a concurrency limit of 10 concurrent requests. * **Enterprise edition** – Supports 16 transactions per second (TPS) for read operations and 8 TPS for write operations per directory. There's a concurrency limit of 10 concurrent requests. * **Amazon Web Services Account** - Supports a total of 100 TPS for Directory Service Data operations across all directories. Directory Service Data only supports the Managed Microsoft AD directory type and is only available in the primary Amazon Web Services Region. For more information, see Managed Microsoft AD and Primary vs additional Regions in the *Directory Service Administration Guide*. import boto3 client = boto3.client('ds-data') These are the available methods: * add_group_member * can_paginate * close * create_group * create_user * delete_group * delete_user * describe_group * describe_user * disable_user * get_paginator * get_waiter * list_group_members * list_groups * list_groups_for_member * list_users * remove_group_member * search_groups * search_users * update_group * update_user Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * ListGroupMembers * ListGroups * ListGroupsForMember * ListUsers * SearchGroups * SearchUsers DirectoryServiceData / Paginator / ListGroupMembers ListGroupMembers **************** class DirectoryServiceData.Paginator.ListGroupMembers paginator = client.get_paginator('list_group_members') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryServiceData.Client.list_group_members()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', MemberRealm='string', Realm='string', SAMAccountName='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **MemberRealm** (*string*) -- The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain. Note: This parameter is optional and case insensitive. * **Realm** (*string*) -- The domain name that's associated with the group. Note: This parameter is optional, so you can return members from a group outside of your Managed Microsoft AD domain. When no value is defined, only members of your Managed Microsoft AD groups are returned.This value is case insensitive. * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the group. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'MemberRealm': 'string', 'Members': [ { 'MemberType': 'USER'|'GROUP'|'COMPUTER', 'SAMAccountName': 'string', 'SID': 'string' }, ], 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* Identifier (ID) of the directory associated with the group. * **MemberRealm** *(string) --* The domain name that's associated with the member. * **Members** *(list) --* The member information that the request returns. * *(dict) --* A member object that contains identifying information for a specified member. * **MemberType** *(string) --* The AD type of the member object. * **SAMAccountName** *(string) --* The name of the group member. * **SID** *(string) --* The unique security identifier (SID) of the group member. * **Realm** *(string) --* The domain name that's associated with the group. DirectoryServiceData / Paginator / ListUsers ListUsers ********* class DirectoryServiceData.Paginator.ListUsers paginator = client.get_paginator('list_users') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryServiceData.Client.list_users()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', Realm='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **Realm** (*string*) -- The domain name that's associated with the user. Note: This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.This value is case insensitive. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Realm': 'string', 'Users': [ { 'Enabled': True|False, 'GivenName': 'string', 'SAMAccountName': 'string', 'SID': 'string', 'Surname': 'string' }, ] } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the user. * **Realm** *(string) --* The domain that's associated with the user. * **Users** *(list) --* The user information that the request returns. * *(dict) --* A structure containing a subset of the fields of a user object from a directory. * **Enabled** *(boolean) --* Indicates whether the user account is active. * **GivenName** *(string) --* The first name of the user. * **SAMAccountName** *(string) --* The name of the user. * **SID** *(string) --* The unique security identifier (SID) of the user. * **Surname** *(string) --* The last name of the user. DirectoryServiceData / Paginator / SearchGroups SearchGroups ************ class DirectoryServiceData.Paginator.SearchGroups paginator = client.get_paginator('search_groups') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryServiceData.Client.search_groups()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', Realm='string', SearchAttributes=[ 'string', ], SearchString='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **Realm** (*string*) -- The domain name that's associated with the group. Note: This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.This value is case insensitive. * **SearchAttributes** (*list*) -- **[REQUIRED]** One or more data attributes that are used to search for a group. For a list of supported attributes, see Directory Service Data Attributes. * *(string) --* * **SearchString** (*string*) -- **[REQUIRED]** The attribute value that you want to search for. Note: Wildcard "(*)" searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Groups': [ { 'DistinguishedName': 'string', 'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal', 'GroupType': 'Distribution'|'Security', 'OtherAttributes': { 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, 'SAMAccountName': 'string', 'SID': 'string' }, ], 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the group. * **Groups** *(list) --* The group information that the request returns. * *(dict) --* A group object that contains identifying information and attributes for a specified group. * **DistinguishedName** *(string) --* The distinguished name of the object. * **GroupScope** *(string) --* The scope of the AD group. For details, see Active Directory security groups * **GroupType** *(string) --* The AD group type. For details, see Active Directory security group type. * **OtherAttributes** *(dict) --* An expression of one or more attributes, data types, and the values of a group. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "BOOL", "N", "S", "SS". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com: 1234/sample_service_name_1", "sample_service_c lass/host.sample.com:1234/sample_service_name_ 2"]" * *(string) --* * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. * **Realm** *(string) --* The domain that's associated with the group. DirectoryServiceData / Paginator / ListGroupsForMember ListGroupsForMember ******************* class DirectoryServiceData.Paginator.ListGroupsForMember paginator = client.get_paginator('list_groups_for_member') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryServiceData.Client.list_groups_for_member()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', MemberRealm='string', Realm='string', SAMAccountName='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the member. * **MemberRealm** (*string*) -- The domain name that's associated with the group member. Note: This parameter is optional, so you can limit your results to the group members in a specific domain.This parameter is case insensitive and defaults to "Realm" * **Realm** (*string*) -- The domain name that's associated with the group. Note: This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.This value is case insensitive and defaults to your Managed Microsoft AD domain. * **SAMAccountName** (*string*) -- **[REQUIRED]** The "SAMAccountName" of the user, group, or computer that's a member of the group. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Groups': [ { 'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal', 'GroupType': 'Distribution'|'Security', 'SAMAccountName': 'string', 'SID': 'string' }, ], 'MemberRealm': 'string', 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the member. * **Groups** *(list) --* The group information that the request returns. * *(dict) --* A structure containing a subset of fields of a group object from a directory. * **GroupScope** *(string) --* The scope of the AD group. For details, see Active Directory security groups. * **GroupType** *(string) --* The AD group type. For details, see Active Directory security group type. * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. * **MemberRealm** *(string) --* The domain that's associated with the member. * **Realm** *(string) --* The domain that's associated with the group. DirectoryServiceData / Paginator / ListGroups ListGroups ********** class DirectoryServiceData.Paginator.ListGroups paginator = client.get_paginator('list_groups') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryServiceData.Client.list_groups()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', Realm='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **Realm** (*string*) -- The domain name associated with the directory. Note: This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.This value is case insensitive. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Groups': [ { 'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal', 'GroupType': 'Distribution'|'Security', 'SAMAccountName': 'string', 'SID': 'string' }, ], 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the group. * **Groups** *(list) --* The group information that the request returns. * *(dict) --* A structure containing a subset of fields of a group object from a directory. * **GroupScope** *(string) --* The scope of the AD group. For details, see Active Directory security groups. * **GroupType** *(string) --* The AD group type. For details, see Active Directory security group type. * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. * **Realm** *(string) --* The domain name associated with the group. DirectoryServiceData / Paginator / SearchUsers SearchUsers *********** class DirectoryServiceData.Paginator.SearchUsers paginator = client.get_paginator('search_users') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryServiceData.Client.search_users()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', Realm='string', SearchAttributes=[ 'string', ], SearchString='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **Realm** (*string*) -- The domain name that's associated with the user. Note: This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.This value is case insensitive. * **SearchAttributes** (*list*) -- **[REQUIRED]** One or more data attributes that are used to search for a user. For a list of supported attributes, see Directory Service Data Attributes. * *(string) --* * **SearchString** (*string*) -- **[REQUIRED]** The attribute value that you want to search for. Note: Wildcard "(*)" searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Realm': 'string', 'Users': [ { 'DistinguishedName': 'string', 'EmailAddress': 'string', 'Enabled': True|False, 'GivenName': 'string', 'OtherAttributes': { 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, 'SAMAccountName': 'string', 'SID': 'string', 'Surname': 'string', 'UserPrincipalName': 'string' }, ] } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory where the address block is added. * **Realm** *(string) --* The domain that's associated with the user. * **Users** *(list) --* The user information that the request returns. * *(dict) --* A user object that contains identifying information and attributes for a specified user. * **DistinguishedName** *(string) --* The distinguished name of the object. * **EmailAddress** *(string) --* The email address of the user. * **Enabled** *(boolean) --* Indicates whether the user account is active. * **GivenName** *(string) --* The first name of the user. * **OtherAttributes** *(dict) --* An expression that includes one or more attributes, data types, and values of a user. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "BOOL", "N", "S", "SS". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com: 1234/sample_service_name_1", "sample_service_c lass/host.sample.com:1234/sample_service_name_ 2"]" * *(string) --* * **SAMAccountName** *(string) --* The name of the user. * **SID** *(string) --* The unique security identifier (SID) of the user. * **Surname** *(string) --* The last name of the user. * **UserPrincipalName** *(string) --* The UPN that is an internet-style login name for a user and based on the internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. DirectoryServiceData / Client / get_paginator get_paginator ************* DirectoryServiceData.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. DirectoryServiceData / Client / search_users search_users ************ DirectoryServiceData.Client.search_users(**kwargs) Searches the specified directory for a user. You can find users that match the "SearchString" parameter with the value of their attributes included in the "SearchString" parameter. This operation supports pagination with the use of the "NextToken" request and response parameters. If more results are available, the "SearchUsers.NextToken" member contains a token that you pass in the next call to "SearchUsers". This retrieves the next set of items. You can also specify a maximum number of return results with the "MaxResults" parameter. See also: AWS API Documentation **Request Syntax** response = client.search_users( DirectoryId='string', MaxResults=123, NextToken='string', Realm='string', SearchAttributes=[ 'string', ], SearchString='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. * **NextToken** (*string*) -- An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** (*string*) -- The domain name that's associated with the user. Note: This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.This value is case insensitive. * **SearchAttributes** (*list*) -- **[REQUIRED]** One or more data attributes that are used to search for a user. For a list of supported attributes, see Directory Service Data Attributes. * *(string) --* * **SearchString** (*string*) -- **[REQUIRED]** The attribute value that you want to search for. Note: Wildcard "(*)" searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'NextToken': 'string', 'Realm': 'string', 'Users': [ { 'DistinguishedName': 'string', 'EmailAddress': 'string', 'Enabled': True|False, 'GivenName': 'string', 'OtherAttributes': { 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, 'SAMAccountName': 'string', 'SID': 'string', 'Surname': 'string', 'UserPrincipalName': 'string' }, ] } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory where the address block is added. * **NextToken** *(string) --* An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** *(string) --* The domain that's associated with the user. * **Users** *(list) --* The user information that the request returns. * *(dict) --* A user object that contains identifying information and attributes for a specified user. * **DistinguishedName** *(string) --* The distinguished name of the object. * **EmailAddress** *(string) --* The email address of the user. * **Enabled** *(boolean) --* Indicates whether the user account is active. * **GivenName** *(string) --* The first name of the user. * **OtherAttributes** *(dict) --* An expression that includes one or more attributes, data types, and values of a user. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "BOOL", "N", "S", "SS". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:123 4/sample_service_name_1", "sample_service_class/h ost.sample.com:1234/sample_service_name_2"]" * *(string) --* * **SAMAccountName** *(string) --* The name of the user. * **SID** *(string) --* The unique security identifier (SID) of the user. * **Surname** *(string) --* The last name of the user. * **UserPrincipalName** *(string) --* The UPN that is an internet-style login name for a user and based on the internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. **Exceptions** * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / can_paginate can_paginate ************ DirectoryServiceData.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. DirectoryServiceData / Client / remove_group_member remove_group_member ******************* DirectoryServiceData.Client.remove_group_member(**kwargs) Removes a member from a group. See also: AWS API Documentation **Request Syntax** response = client.remove_group_member( ClientToken='string', DirectoryId='string', GroupName='string', MemberName='string', MemberRealm='string' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the member. * **GroupName** (*string*) -- **[REQUIRED]** The name of the group. * **MemberName** (*string*) -- **[REQUIRED]** The "SAMAccountName" of the user, group, or computer to remove from the group. * **MemberRealm** (*string*) -- The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain. Note: This parameter is optional and case insensitive. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / update_user update_user *********** DirectoryServiceData.Client.update_user(**kwargs) Updates user information. See also: AWS API Documentation **Request Syntax** response = client.update_user( ClientToken='string', DirectoryId='string', EmailAddress='string', GivenName='string', OtherAttributes={ 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, SAMAccountName='string', Surname='string', UpdateType='ADD'|'REPLACE'|'REMOVE' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **EmailAddress** (*string*) -- The email address of the user. * **GivenName** (*string*) -- The first name of the user. * **OtherAttributes** (*dict*) -- An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes. Note: Attribute names are case insensitive. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "BOOL", "N", "S", "SS". * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:1234/samp le_service_name_1", "sample_service_class/host.sample.c om:1234/sample_service_name_2"]" * *(string) --* * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the user. * **Surname** (*string*) -- The last name of the user. * **UpdateType** (*string*) -- The type of update to be performed. If no value exists for the attribute, use "ADD". Otherwise, use "REPLACE" to change an attribute value or "REMOVE" to clear the attribute value. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / search_groups search_groups ************* DirectoryServiceData.Client.search_groups(**kwargs) Searches the specified directory for a group. You can find groups that match the "SearchString" parameter with the value of their attributes included in the "SearchString" parameter. This operation supports pagination with the use of the "NextToken" request and response parameters. If more results are available, the "SearchGroups.NextToken" member contains a token that you pass in the next call to "SearchGroups". This retrieves the next set of items. You can also specify a maximum number of return results with the "MaxResults" parameter. See also: AWS API Documentation **Request Syntax** response = client.search_groups( DirectoryId='string', MaxResults=123, NextToken='string', Realm='string', SearchAttributes=[ 'string', ], SearchString='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. * **NextToken** (*string*) -- An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** (*string*) -- The domain name that's associated with the group. Note: This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.This value is case insensitive. * **SearchAttributes** (*list*) -- **[REQUIRED]** One or more data attributes that are used to search for a group. For a list of supported attributes, see Directory Service Data Attributes. * *(string) --* * **SearchString** (*string*) -- **[REQUIRED]** The attribute value that you want to search for. Note: Wildcard "(*)" searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Groups': [ { 'DistinguishedName': 'string', 'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal', 'GroupType': 'Distribution'|'Security', 'OtherAttributes': { 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, 'SAMAccountName': 'string', 'SID': 'string' }, ], 'NextToken': 'string', 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the group. * **Groups** *(list) --* The group information that the request returns. * *(dict) --* A group object that contains identifying information and attributes for a specified group. * **DistinguishedName** *(string) --* The distinguished name of the object. * **GroupScope** *(string) --* The scope of the AD group. For details, see Active Directory security groups * **GroupType** *(string) --* The AD group type. For details, see Active Directory security group type. * **OtherAttributes** *(dict) --* An expression of one or more attributes, data types, and the values of a group. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "BOOL", "N", "S", "SS". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:123 4/sample_service_name_1", "sample_service_class/h ost.sample.com:1234/sample_service_name_2"]" * *(string) --* * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. * **NextToken** *(string) --* An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** *(string) --* The domain that's associated with the group. **Exceptions** * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / delete_group delete_group ************ DirectoryServiceData.Client.delete_group(**kwargs) Deletes a group. See also: AWS API Documentation **Request Syntax** response = client.delete_group( ClientToken='string', DirectoryId='string', SAMAccountName='string' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the group. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / create_user create_user *********** DirectoryServiceData.Client.create_user(**kwargs) Creates a new user. See also: AWS API Documentation **Request Syntax** response = client.create_user( ClientToken='string', DirectoryId='string', EmailAddress='string', GivenName='string', OtherAttributes={ 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, SAMAccountName='string', Surname='string' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that’s associated with the user. * **EmailAddress** (*string*) -- The email address of the user. * **GivenName** (*string*) -- The first name of the user. * **OtherAttributes** (*dict*) -- An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes. Note: Attribute names are case insensitive. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "BOOL", "N", "S", "SS". * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:1234/samp le_service_name_1", "sample_service_class/host.sample.c om:1234/sample_service_name_2"]" * *(string) --* * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the user. * **Surname** (*string*) -- The last name of the user. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'SAMAccountName': 'string', 'SID': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory where the address block is added. * **SAMAccountName** *(string) --* The name of the user. * **SID** *(string) --* The unique security identifier (SID) of the user. **Exceptions** * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / describe_group describe_group ************** DirectoryServiceData.Client.describe_group(**kwargs) Returns information about a specific group. See also: AWS API Documentation **Request Syntax** response = client.describe_group( DirectoryId='string', OtherAttributes=[ 'string', ], Realm='string', SAMAccountName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The Identifier (ID) of the directory associated with the group. * **OtherAttributes** (*list*) -- One or more attributes to be returned for the group. For a list of supported attributes, see Directory Service Data Attributes. * *(string) --* * **Realm** (*string*) -- The domain name that's associated with the group. Note: This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.This value is case insensitive. * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the group. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'DistinguishedName': 'string', 'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal', 'GroupType': 'Distribution'|'Security', 'OtherAttributes': { 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, 'Realm': 'string', 'SAMAccountName': 'string', 'SID': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the group. * **DistinguishedName** *(string) --* The distinguished name of the object. * **GroupScope** *(string) --* The scope of the AD group. For details, see Active Directory security groups. * **GroupType** *(string) --* The AD group type. For details, see Active Directory security group type. * **OtherAttributes** *(dict) --* The attribute values that are returned for the attribute names that are included in the request. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "BOOL", "N", "S", "SS". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:1234/sa mple_service_name_1", "sample_service_class/host.samp le.com:1234/sample_service_name_2"]" * *(string) --* * **Realm** *(string) --* The domain name that's associated with the group. * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / list_groups_for_member list_groups_for_member ********************** DirectoryServiceData.Client.list_groups_for_member(**kwargs) Returns group information for the specified member. This operation supports pagination with the use of the "NextToken" request and response parameters. If more results are available, the "ListGroupsForMember.NextToken" member contains a token that you pass in the next call to "ListGroupsForMember". This retrieves the next set of items. You can also specify a maximum number of return results with the "MaxResults" parameter. See also: AWS API Documentation **Request Syntax** response = client.list_groups_for_member( DirectoryId='string', MaxResults=123, MemberRealm='string', NextToken='string', Realm='string', SAMAccountName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the member. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. * **MemberRealm** (*string*) -- The domain name that's associated with the group member. Note: This parameter is optional, so you can limit your results to the group members in a specific domain.This parameter is case insensitive and defaults to "Realm" * **NextToken** (*string*) -- An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** (*string*) -- The domain name that's associated with the group. Note: This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.This value is case insensitive and defaults to your Managed Microsoft AD domain. * **SAMAccountName** (*string*) -- **[REQUIRED]** The "SAMAccountName" of the user, group, or computer that's a member of the group. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Groups': [ { 'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal', 'GroupType': 'Distribution'|'Security', 'SAMAccountName': 'string', 'SID': 'string' }, ], 'MemberRealm': 'string', 'NextToken': 'string', 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the member. * **Groups** *(list) --* The group information that the request returns. * *(dict) --* A structure containing a subset of fields of a group object from a directory. * **GroupScope** *(string) --* The scope of the AD group. For details, see Active Directory security groups. * **GroupType** *(string) --* The AD group type. For details, see Active Directory security group type. * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. * **MemberRealm** *(string) --* The domain that's associated with the member. * **NextToken** *(string) --* An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** *(string) --* The domain that's associated with the group. **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / disable_user disable_user ************ DirectoryServiceData.Client.disable_user(**kwargs) Deactivates an active user account. For information about how to enable an inactive user account, see ResetUserPassword in the *Directory Service API Reference*. See also: AWS API Documentation **Request Syntax** response = client.disable_user( ClientToken='string', DirectoryId='string', SAMAccountName='string' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the user. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / get_waiter get_waiter ********** DirectoryServiceData.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" DirectoryServiceData / Client / list_users list_users ********** DirectoryServiceData.Client.list_users(**kwargs) Returns user information for the specified directory. This operation supports pagination with the use of the "NextToken" request and response parameters. If more results are available, the "ListUsers.NextToken" member contains a token that you pass in the next call to "ListUsers". This retrieves the next set of items. You can also specify a maximum number of return results with the "MaxResults" parameter. See also: AWS API Documentation **Request Syntax** response = client.list_users( DirectoryId='string', MaxResults=123, NextToken='string', Realm='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. * **NextToken** (*string*) -- An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** (*string*) -- The domain name that's associated with the user. Note: This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.This value is case insensitive. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'NextToken': 'string', 'Realm': 'string', 'Users': [ { 'Enabled': True|False, 'GivenName': 'string', 'SAMAccountName': 'string', 'SID': 'string', 'Surname': 'string' }, ] } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the user. * **NextToken** *(string) --* An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** *(string) --* The domain that's associated with the user. * **Users** *(list) --* The user information that the request returns. * *(dict) --* A structure containing a subset of the fields of a user object from a directory. * **Enabled** *(boolean) --* Indicates whether the user account is active. * **GivenName** *(string) --* The first name of the user. * **SAMAccountName** *(string) --* The name of the user. * **SID** *(string) --* The unique security identifier (SID) of the user. * **Surname** *(string) --* The last name of the user. **Exceptions** * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / delete_user delete_user *********** DirectoryServiceData.Client.delete_user(**kwargs) Deletes a user. See also: AWS API Documentation **Request Syntax** response = client.delete_user( ClientToken='string', DirectoryId='string', SAMAccountName='string' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the user. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / describe_user describe_user ************* DirectoryServiceData.Client.describe_user(**kwargs) Returns information about a specific user. See also: AWS API Documentation **Request Syntax** response = client.describe_user( DirectoryId='string', OtherAttributes=[ 'string', ], Realm='string', SAMAccountName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the user. * **OtherAttributes** (*list*) -- One or more attribute names to be returned for the user. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes. * *(string) --* * **Realm** (*string*) -- The domain name that's associated with the user. Note: This parameter is optional, so you can return users outside your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.This value is case insensitive. * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the user. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'DistinguishedName': 'string', 'EmailAddress': 'string', 'Enabled': True|False, 'GivenName': 'string', 'OtherAttributes': { 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, 'Realm': 'string', 'SAMAccountName': 'string', 'SID': 'string', 'Surname': 'string', 'UserPrincipalName': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the user. * **DistinguishedName** *(string) --* The distinguished name of the object. * **EmailAddress** *(string) --* The email address of the user. * **Enabled** *(boolean) --* Indicates whether the user account is active. * **GivenName** *(string) --* The first name of the user. * **OtherAttributes** *(dict) --* The attribute values that are returned for the attribute names that are included in the request. Note: Attribute names are case insensitive. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys will be set: "BOOL", "N", "S", "SS". If a client receives an unknown member it will set "SDK_UNKNOWN_MEMBER" as the top level key, which maps to the name or tag of the unknown member. The structure of "SDK_UNKNOWN_MEMBER" is as follows: 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:1234/sa mple_service_name_1", "sample_service_class/host.samp le.com:1234/sample_service_name_2"]" * *(string) --* * **Realm** *(string) --* The domain name that's associated with the user. * **SAMAccountName** *(string) --* The name of the user. * **SID** *(string) --* The unique security identifier (SID) of the user. * **Surname** *(string) --* The last name of the user. * **UserPrincipalName** *(string) --* The UPN that is an Internet-style login name for a user and is based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember. **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / list_group_members list_group_members ****************** DirectoryServiceData.Client.list_group_members(**kwargs) Returns member information for the specified group. This operation supports pagination with the use of the "NextToken" request and response parameters. If more results are available, the "ListGroupMembers.NextToken" member contains a token that you pass in the next call to "ListGroupMembers". This retrieves the next set of items. You can also specify a maximum number of return results with the "MaxResults" parameter. See also: AWS API Documentation **Request Syntax** response = client.list_group_members( DirectoryId='string', MaxResults=123, MemberRealm='string', NextToken='string', Realm='string', SAMAccountName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. * **MemberRealm** (*string*) -- The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain. Note: This parameter is optional and case insensitive. * **NextToken** (*string*) -- An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** (*string*) -- The domain name that's associated with the group. Note: This parameter is optional, so you can return members from a group outside of your Managed Microsoft AD domain. When no value is defined, only members of your Managed Microsoft AD groups are returned.This value is case insensitive. * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the group. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'MemberRealm': 'string', 'Members': [ { 'MemberType': 'USER'|'GROUP'|'COMPUTER', 'SAMAccountName': 'string', 'SID': 'string' }, ], 'NextToken': 'string', 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* Identifier (ID) of the directory associated with the group. * **MemberRealm** *(string) --* The domain name that's associated with the member. * **Members** *(list) --* The member information that the request returns. * *(dict) --* A member object that contains identifying information for a specified member. * **MemberType** *(string) --* The AD type of the member object. * **SAMAccountName** *(string) --* The name of the group member. * **SID** *(string) --* The unique security identifier (SID) of the group member. * **NextToken** *(string) --* An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** *(string) --* The domain name that's associated with the group. **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / create_group create_group ************ DirectoryServiceData.Client.create_group(**kwargs) Creates a new group. See also: AWS API Documentation **Request Syntax** response = client.create_group( ClientToken='string', DirectoryId='string', GroupScope='DomainLocal'|'Global'|'Universal'|'BuiltinLocal', GroupType='Distribution'|'Security', OtherAttributes={ 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, SAMAccountName='string' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **GroupScope** (*string*) -- The scope of the AD group. For details, see Active Directory security group scope. * **GroupType** (*string*) -- The AD group type. For details, see Active Directory security group type. * **OtherAttributes** (*dict*) -- An expression that defines one or more attributes with the data type and value of each attribute. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "BOOL", "N", "S", "SS". * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:1234/samp le_service_name_1", "sample_service_class/host.sample.c om:1234/sample_service_name_2"]" * *(string) --* * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the group. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'SAMAccountName': 'string', 'SID': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the group. * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. **Exceptions** * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / add_group_member add_group_member **************** DirectoryServiceData.Client.add_group_member(**kwargs) Adds an existing user, group, or computer as a group member. See also: AWS API Documentation **Request Syntax** response = client.add_group_member( ClientToken='string', DirectoryId='string', GroupName='string', MemberName='string', MemberRealm='string' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **GroupName** (*string*) -- **[REQUIRED]** The name of the group. * **MemberName** (*string*) -- **[REQUIRED]** The "SAMAccountName" of the user, group, or computer to add as a group member. * **MemberRealm** (*string*) -- The domain name that's associated with the group member. This parameter is required only when adding a member outside of your Managed Microsoft AD domain to a group inside of your Managed Microsoft AD domain. This parameter defaults to the Managed Microsoft AD domain. Note: This parameter is case insensitive. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / close close ***** DirectoryServiceData.Client.close() Closes underlying endpoint connections. DirectoryServiceData / Client / list_groups list_groups *********** DirectoryServiceData.Client.list_groups(**kwargs) Returns group information for the specified directory. This operation supports pagination with the use of the "NextToken" request and response parameters. If more results are available, the "ListGroups.NextToken" member contains a token that you pass in the next call to "ListGroups". This retrieves the next set of items. You can also specify a maximum number of return results with the "MaxResults" parameter. See also: AWS API Documentation **Request Syntax** response = client.list_groups( DirectoryId='string', MaxResults=123, NextToken='string', Realm='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **MaxResults** (*integer*) -- The maximum number of results to be returned per request. * **NextToken** (*string*) -- An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** (*string*) -- The domain name associated with the directory. Note: This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.This value is case insensitive. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Groups': [ { 'GroupScope': 'DomainLocal'|'Global'|'Universal'|'BuiltinLocal', 'GroupType': 'Distribution'|'Security', 'SAMAccountName': 'string', 'SID': 'string' }, ], 'NextToken': 'string', 'Realm': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier (ID) of the directory that's associated with the group. * **Groups** *(list) --* The group information that the request returns. * *(dict) --* A structure containing a subset of fields of a group object from a directory. * **GroupScope** *(string) --* The scope of the AD group. For details, see Active Directory security groups. * **GroupType** *(string) --* The AD group type. For details, see Active Directory security group type. * **SAMAccountName** *(string) --* The name of the group. * **SID** *(string) --* The unique security identifier (SID) of the group. * **NextToken** *(string) --* An encoded paging token for paginated calls that can be passed back to retrieve the next page. * **Realm** *(string) --* The domain name associated with the group. **Exceptions** * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ThrottlingException" DirectoryServiceData / Client / update_group update_group ************ DirectoryServiceData.Client.update_group(**kwargs) Updates group information. See also: AWS API Documentation **Request Syntax** response = client.update_group( ClientToken='string', DirectoryId='string', GroupScope='DomainLocal'|'Global'|'Universal'|'BuiltinLocal', GroupType='Distribution'|'Security', OtherAttributes={ 'string': { 'BOOL': True|False, 'N': 123, 'S': 'string', 'SS': [ 'string', ] } }, SAMAccountName='string', UpdateType='ADD'|'REPLACE'|'REMOVE' ) Parameters: * **ClientToken** (*string*) -- A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call. A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours. If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an "ConflictException". Note: This parameter is optional when using the CLI or SDK. This field is autopopulated if not provided. * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier (ID) of the directory that's associated with the group. * **GroupScope** (*string*) -- The scope of the AD group. For details, see Active Directory security groups. * **GroupType** (*string*) -- The AD group type. For details, see Active Directory security group type. * **OtherAttributes** (*dict*) -- An expression that defines one or more attributes with the data type and the value of each attribute. * *(string) --* * *(dict) --* The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes. Note: This is a Tagged Union structure. Only one of the following top level keys can be set: "BOOL", "N", "S", "SS". * **BOOL** *(boolean) --* Indicates that the attribute type value is a boolean. For example: ""BOOL": true" * **N** *(integer) --* Indicates that the attribute type value is a number. For example: ""N": "16"" * **S** *(string) --* Indicates that the attribute type value is a string. For example: ""S": "S Group"" * **SS** *(list) --* Indicates that the attribute type value is a string set. For example: ""SS": ["sample_service_class/host.sample.com:1234/samp le_service_name_1", "sample_service_class/host.sample.c om:1234/sample_service_name_2"]" * *(string) --* * **SAMAccountName** (*string*) -- **[REQUIRED]** The name of the group. * **UpdateType** (*string*) -- The type of update to be performed. If no value exists for the attribute, use "ADD". Otherwise, use "REPLACE" to change an attribute value or "REMOVE" to clear the attribute value. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryServiceData.Client.exceptions.ResourceNotFoundExceptio n" * "DirectoryServiceData.Client.exceptions.AccessDeniedException" * "DirectoryServiceData.Client.exceptions.InternalServerException" * "DirectoryServiceData.Client.exceptions.ValidationException" * "DirectoryServiceData.Client.exceptions.DirectoryUnavailableExce ption" * "DirectoryServiceData.Client.exceptions.ConflictException" * "DirectoryServiceData.Client.exceptions.ThrottlingException"