DirectoryService **************** Client ====== class DirectoryService.Client A low-level client representing AWS Directory Service Directory Service is a web service that makes it easy for you to setup and run directories in the Amazon Web Services cloud, or connect your Amazon Web Services resources with an existing self- managed Microsoft Active Directory. This guide provides detailed information about Directory Service operations, data types, parameters, and errors. For information about Directory Services features, see Directory Service and the Directory Service Administration Guide. Note: Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to Directory Service and other Amazon Web Services services. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services. import boto3 client = boto3.client('ds') These are the available methods: * accept_shared_directory * add_ip_routes * add_region * add_tags_to_resource * can_paginate * cancel_schema_extension * close * connect_directory * create_alias * create_computer * create_conditional_forwarder * create_directory * create_hybrid_ad * create_log_subscription * create_microsoft_ad * create_snapshot * create_trust * delete_ad_assessment * delete_conditional_forwarder * delete_directory * delete_log_subscription * delete_snapshot * delete_trust * deregister_certificate * deregister_event_topic * describe_ad_assessment * describe_certificate * describe_client_authentication_settings * describe_conditional_forwarders * describe_directories * describe_directory_data_access * describe_domain_controllers * describe_event_topics * describe_hybrid_ad_update * describe_ldaps_settings * describe_regions * describe_settings * describe_shared_directories * describe_snapshots * describe_trusts * describe_update_directory * disable_client_authentication * disable_directory_data_access * disable_ldaps * disable_radius * disable_sso * enable_client_authentication * enable_directory_data_access * enable_ldaps * enable_radius * enable_sso * get_directory_limits * get_paginator * get_snapshot_limits * get_waiter * list_ad_assessments * list_certificates * list_ip_routes * list_log_subscriptions * list_schema_extensions * list_tags_for_resource * register_certificate * register_event_topic * reject_shared_directory * remove_ip_routes * remove_region * remove_tags_from_resource * reset_user_password * restore_from_snapshot * share_directory * start_ad_assessment * start_schema_extension * unshare_directory * update_conditional_forwarder * update_directory_setup * update_hybrid_ad * update_number_of_domain_controllers * update_radius * update_settings * update_trust * verify_trust Paginators ========== Paginators are available on a client instance via the "get_paginator" method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide. The available paginators are: * DescribeClientAuthenticationSettings * DescribeDirectories * DescribeDomainControllers * DescribeLDAPSSettings * DescribeRegions * DescribeSharedDirectories * DescribeSnapshots * DescribeTrusts * DescribeUpdateDirectory * ListADAssessments * ListCertificates * ListIpRoutes * ListLogSubscriptions * ListSchemaExtensions * ListTagsForResource Waiters ======= Waiters are available on a client instance via the "get_waiter" method. For more detailed instructions and examples on the usage or waiters, see the waiters user guide. The available waiters are: * HybridADUpdated DirectoryService / Waiter / HybridADUpdated HybridADUpdated *************** class DirectoryService.Waiter.HybridADUpdated waiter = client.get_waiter('hybrid_ad_updated') wait(**kwargs) Polls "DirectoryService.Client.describe_hybrid_ad_update()" every 120 seconds until a successful state is reached. An error is raised after 60 failed checks. See also: AWS API Documentation **Request Syntax** waiter.wait( DirectoryId='string', UpdateType='SelfManagedInstances'|'HybridAdministratorAccount', NextToken='string', WaiterConfig={ 'Delay': 123, 'MaxAttempts': 123 } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the hybrid directory for which to retrieve update information. * **UpdateType** (*string*) -- The type of update activities to retrieve. Valid values include "SelfManagedInstances" and "HybridAdministratorAccount". * **NextToken** (*string*) -- The pagination token from a previous request to DescribeHybridADUpdate. Pass null if this is the first request. * **WaiterConfig** (*dict*) -- A dictionary that provides parameters to control waiting behavior. * **Delay** *(integer) --* The amount of time in seconds to wait between attempts. Default: 120 * **MaxAttempts** *(integer) --* The maximum number of attempts to be made. Default: 60 Returns: None DirectoryService / Paginator / ListTagsForResource ListTagsForResource ******************* class DirectoryService.Paginator.ListTagsForResource paginator = client.get_paginator('list_tags_for_resource') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.list_tags_for_resource()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( ResourceId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** Identifier (ID) of the directory for which you want to retrieve tags. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ], } **Response Structure** * *(dict) --* * **Tags** *(list) --* List of tags returned by the ListTagsForResource operation. * *(dict) --* Metadata assigned to a directory consisting of a key- value pair. * **Key** *(string) --* Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **Value** *(string) --* The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). DirectoryService / Paginator / DescribeSharedDirectories DescribeSharedDirectories ************************* class DirectoryService.Paginator.DescribeSharedDirectories paginator = client.get_paginator('describe_shared_directories') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_shared_directories()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( OwnerDirectoryId='string', SharedDirectoryIds=[ 'string', ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **OwnerDirectoryId** (*string*) -- **[REQUIRED]** Returns the identifier of the directory in the directory owner account. * **SharedDirectoryIds** (*list*) -- A list of identifiers of all shared directories in your account. * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'SharedDirectories': [ { 'OwnerAccountId': 'string', 'OwnerDirectoryId': 'string', 'ShareMethod': 'ORGANIZATIONS'|'HANDSHAKE', 'SharedAccountId': 'string', 'SharedDirectoryId': 'string', 'ShareStatus': 'Shared'|'PendingAcceptance'|'Rejected'|'Rejecting'|'RejectFailed'|'Sharing'|'ShareFailed'|'Deleted'|'Deleting', 'ShareNotes': 'string', 'CreatedDateTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **SharedDirectories** *(list) --* A list of all shared directories in your account. * *(dict) --* Details about the shared directory in the directory owner account for which the share request in the directory consumer account has been accepted. * **OwnerAccountId** *(string) --* Identifier of the directory owner account, which contains the directory that has been shared to the consumer account. * **OwnerDirectoryId** *(string) --* Identifier of the directory in the directory owner account. * **ShareMethod** *(string) --* The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( "ORGANIZATIONS") or with any Amazon Web Services account by sending a shared directory request ( "HANDSHAKE"). * **SharedAccountId** *(string) --* Identifier of the directory consumer account that has access to the shared directory ( "OwnerDirectoryId") in the directory owner account. * **SharedDirectoryId** *(string) --* Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account. * **ShareStatus** *(string) --* Current directory status of the shared Managed Microsoft AD directory. * **ShareNotes** *(string) --* A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation. * **CreatedDateTime** *(datetime) --* The date and time that the shared directory was created. * **LastUpdatedDateTime** *(datetime) --* The date and time that the shared directory was last updated. DirectoryService / Paginator / DescribeDomainControllers DescribeDomainControllers ************************* class DirectoryService.Paginator.DescribeDomainControllers paginator = client.get_paginator('describe_domain_controllers') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_domain_controllers()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', DomainControllerIds=[ 'string', ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier of the directory for which to retrieve the domain controller information. * **DomainControllerIds** (*list*) -- A list of identifiers for the domain controllers whose information will be provided. * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DomainControllers': [ { 'DirectoryId': 'string', 'DomainControllerId': 'string', 'DnsIpAddr': 'string', 'VpcId': 'string', 'SubnetId': 'string', 'AvailabilityZone': 'string', 'Status': 'Creating'|'Active'|'Impaired'|'Restoring'|'Deleting'|'Deleted'|'Failed'|'Updating', 'StatusReason': 'string', 'LaunchTime': datetime(2015, 1, 1), 'StatusLastUpdatedDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **DomainControllers** *(list) --* List of the DomainController objects that were retrieved. * *(dict) --* Contains information about the domain controllers for a specified directory. * **DirectoryId** *(string) --* Identifier of the directory where the domain controller resides. * **DomainControllerId** *(string) --* Identifies a specific domain controller in the directory. * **DnsIpAddr** *(string) --* The IP address of the domain controller. * **VpcId** *(string) --* The identifier of the VPC that contains the domain controller. * **SubnetId** *(string) --* Identifier of the subnet in the VPC that contains the domain controller. * **AvailabilityZone** *(string) --* The Availability Zone where the domain controller is located. * **Status** *(string) --* The status of the domain controller. * **StatusReason** *(string) --* A description of the domain controller state. * **LaunchTime** *(datetime) --* Specifies when the domain controller was created. * **StatusLastUpdatedDateTime** *(datetime) --* The date and time that the status was last updated. DirectoryService / Paginator / ListADAssessments ListADAssessments ***************** class DirectoryService.Paginator.ListADAssessments paginator = client.get_paginator('list_ad_assessments') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.list_ad_assessments()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- The identifier of the directory for which to list assessments. If not specified, all assessments in your account are returned. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Assessments': [ { 'AssessmentId': 'string', 'DirectoryId': 'string', 'DnsName': 'string', 'StartTime': datetime(2015, 1, 1), 'LastUpdateDateTime': datetime(2015, 1, 1), 'Status': 'string', 'CustomerDnsIps': [ 'string', ], 'ReportType': 'string' }, ], } **Response Structure** * *(dict) --* * **Assessments** *(list) --* A list of assessment summaries containing basic information about each directory assessment. * *(dict) --* Contains summary information about a directory assessment, providing a high-level overview without detailed validation results. * **AssessmentId** *(string) --* The unique identifier of the directory assessment. * **DirectoryId** *(string) --* The identifier of the directory associated with this assessment. * **DnsName** *(string) --* The fully qualified domain name (FQDN) of the Active Directory domain being assessed. * **StartTime** *(datetime) --* The date and time when the assessment was initiated. * **LastUpdateDateTime** *(datetime) --* The date and time when the assessment status was last updated. * **Status** *(string) --* The current status of the assessment. Valid values include "SUCCESS", "FAILED", "PENDING", and "IN_PROGRESS". * **CustomerDnsIps** *(list) --* The IP addresses of the DNS servers or domain controllers in your self-managed AD environment. * *(string) --* * **ReportType** *(string) --* The type of assessment report generated. Valid values include "CUSTOMER" and "SYSTEM". DirectoryService / Paginator / DescribeSnapshots DescribeSnapshots ***************** class DirectoryService.Paginator.DescribeSnapshots paginator = client.get_paginator('describe_snapshots') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_snapshots()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', SnapshotIds=[ 'string', ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- The identifier of the directory for which to retrieve snapshot information. * **SnapshotIds** (*list*) -- A list of identifiers of the snapshots to obtain the information for. If this member is null or empty, all snapshots are returned using the *Limit* and *NextToken* members. * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Snapshots': [ { 'DirectoryId': 'string', 'SnapshotId': 'string', 'Type': 'Auto'|'Manual', 'Name': 'string', 'Status': 'Creating'|'Completed'|'Failed', 'StartTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* Contains the results of the DescribeSnapshots operation. * **Snapshots** *(list) --* The list of Snapshot objects that were retrieved. It is possible that this list contains less than the number of items specified in the *Limit* member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. * *(dict) --* Describes a directory snapshot. * **DirectoryId** *(string) --* The directory identifier. * **SnapshotId** *(string) --* The snapshot identifier. * **Type** *(string) --* The snapshot type. * **Name** *(string) --* The descriptive name of the snapshot. * **Status** *(string) --* The snapshot status. * **StartTime** *(datetime) --* The date and time that the snapshot was taken. DirectoryService / Paginator / DescribeLDAPSSettings DescribeLDAPSSettings ********************* class DirectoryService.Paginator.DescribeLDAPSSettings paginator = client.get_paginator('describe_ldaps_settings') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_ldaps_settings()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', Type='Client', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **Type** (*string*) -- The type of LDAP security to enable. Currently only the value "Client" is supported. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'LDAPSSettingsInfo': [ { 'LDAPSStatus': 'Enabling'|'Enabled'|'EnableFailed'|'Disabled', 'LDAPSStatusReason': 'string', 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **LDAPSSettingsInfo** *(list) --* Information about LDAP security for the specified directory, including status of enablement, state last updated date time, and the reason for the state. * *(dict) --* Contains general information about the LDAPS settings. * **LDAPSStatus** *(string) --* The state of the LDAPS settings. * **LDAPSStatusReason** *(string) --* Describes a state change for LDAPS. * **LastUpdatedDateTime** *(datetime) --* The date and time when the LDAPS settings were last updated. DirectoryService / Paginator / ListLogSubscriptions ListLogSubscriptions ******************** class DirectoryService.Paginator.ListLogSubscriptions paginator = client.get_paginator('list_log_subscriptions') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.list_log_subscriptions()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- If a *DirectoryID* is provided, lists only the log subscription associated with that directory. If no *DirectoryId* is provided, lists all log subscriptions associated with your Amazon Web Services account. If there are no log subscriptions for the Amazon Web Services account or the directory, an empty list will be returned. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'LogSubscriptions': [ { 'DirectoryId': 'string', 'LogGroupName': 'string', 'SubscriptionCreatedDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **LogSubscriptions** *(list) --* A list of active LogSubscription objects for calling the Amazon Web Services account. * *(dict) --* Represents a log subscription, which tracks real-time data from a chosen log group to a specified destination. * **DirectoryId** *(string) --* Identifier (ID) of the directory that you want to associate with the log subscription. * **LogGroupName** *(string) --* The name of the log group. * **SubscriptionCreatedDateTime** *(datetime) --* The date and time that the log subscription was created. DirectoryService / Paginator / ListCertificates ListCertificates **************** class DirectoryService.Paginator.ListCertificates paginator = client.get_paginator('list_certificates') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.list_certificates()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'CertificatesInfo': [ { 'CertificateId': 'string', 'CommonName': 'string', 'State': 'Registering'|'Registered'|'RegisterFailed'|'Deregistering'|'Deregistered'|'DeregisterFailed', 'ExpiryDateTime': datetime(2015, 1, 1), 'Type': 'ClientCertAuth'|'ClientLDAPS' }, ] } **Response Structure** * *(dict) --* * **CertificatesInfo** *(list) --* A list of certificates with basic details including certificate ID, certificate common name, certificate state. * *(dict) --* Contains general information about a certificate. * **CertificateId** *(string) --* The identifier of the certificate. * **CommonName** *(string) --* The common name for the certificate. * **State** *(string) --* The state of the certificate. * **ExpiryDateTime** *(datetime) --* The date and time when the certificate will expire. * **Type** *(string) --* The function that the registered certificate performs. Valid values include "ClientLDAPS" or "ClientCertAuth". The default value is "ClientLDAPS". DirectoryService / Paginator / DescribeTrusts DescribeTrusts ************** class DirectoryService.Paginator.DescribeTrusts paginator = client.get_paginator('describe_trusts') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_trusts()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', TrustIds=[ 'string', ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- The Directory ID of the Amazon Web Services directory that is a part of the requested trust relationship. * **TrustIds** (*list*) -- A list of identifiers of the trust relationships for which to obtain the information. If this member is null, all trust relationships that belong to the current account are returned. An empty list results in an "InvalidParameterException" being thrown. * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'Trusts': [ { 'DirectoryId': 'string', 'TrustId': 'string', 'RemoteDomainName': 'string', 'TrustType': 'Forest'|'External', 'TrustDirection': 'One-Way: Outgoing'|'One-Way: Incoming'|'Two-Way', 'TrustState': 'Creating'|'Created'|'Verifying'|'VerifyFailed'|'Verified'|'Updating'|'UpdateFailed'|'Updated'|'Deleting'|'Deleted'|'Failed', 'CreatedDateTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1), 'StateLastUpdatedDateTime': datetime(2015, 1, 1), 'TrustStateReason': 'string', 'SelectiveAuth': 'Enabled'|'Disabled' }, ], } **Response Structure** * *(dict) --* The result of a DescribeTrust request. * **Trusts** *(list) --* The list of Trust objects that were retrieved. It is possible that this list contains less than the number of items specified in the *Limit* member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. * *(dict) --* Describes a trust relationship between an Managed Microsoft AD directory and an external domain. * **DirectoryId** *(string) --* The Directory ID of the Amazon Web Services directory involved in the trust relationship. * **TrustId** *(string) --* The unique ID of the trust relationship. * **RemoteDomainName** *(string) --* The Fully Qualified Domain Name (FQDN) of the external domain involved in the trust relationship. * **TrustType** *(string) --* The trust relationship type. "Forest" is the default. * **TrustDirection** *(string) --* The trust relationship direction. * **TrustState** *(string) --* The trust relationship state. * **CreatedDateTime** *(datetime) --* The date and time that the trust relationship was created. * **LastUpdatedDateTime** *(datetime) --* The date and time that the trust relationship was last updated. * **StateLastUpdatedDateTime** *(datetime) --* The date and time that the TrustState was last updated. * **TrustStateReason** *(string) --* The reason for the TrustState. * **SelectiveAuth** *(string) --* Current state of selective authentication for the trust. DirectoryService / Paginator / DescribeDirectories DescribeDirectories ******************* class DirectoryService.Paginator.DescribeDirectories paginator = client.get_paginator('describe_directories') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_directories()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryIds=[ 'string', ], PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryIds** (*list*) -- A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned. An empty list results in an "InvalidParameterException" being thrown. * *(string) --* * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'DirectoryDescriptions': [ { 'DirectoryId': 'string', 'Name': 'string', 'ShortName': 'string', 'Size': 'Small'|'Large', 'Edition': 'Enterprise'|'Standard', 'Alias': 'string', 'AccessUrl': 'string', 'Description': 'string', 'DnsIpAddrs': [ 'string', ], 'Stage': 'Requested'|'Creating'|'Created'|'Active'|'Inoperable'|'Impaired'|'Restoring'|'RestoreFailed'|'Deleting'|'Deleted'|'Failed'|'Updating', 'ShareStatus': 'Shared'|'PendingAcceptance'|'Rejected'|'Rejecting'|'RejectFailed'|'Sharing'|'ShareFailed'|'Deleted'|'Deleting', 'ShareMethod': 'ORGANIZATIONS'|'HANDSHAKE', 'ShareNotes': 'string', 'LaunchTime': datetime(2015, 1, 1), 'StageLastUpdatedDateTime': datetime(2015, 1, 1), 'Type': 'SimpleAD'|'ADConnector'|'MicrosoftAD'|'SharedMicrosoftAD', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'ConnectSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'CustomerUserName': 'string', 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ], 'ConnectIps': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed', 'StageReason': 'string', 'SsoEnabled': True|False, 'DesiredNumberOfDomainControllers': 123, 'OwnerDirectoryDescription': { 'DirectoryId': 'string', 'AccountId': 'string', 'DnsIpAddrs': [ 'string', ], 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed' }, 'RegionsInfo': { 'PrimaryRegion': 'string', 'AdditionalRegions': [ 'string', ] }, 'OsVersion': 'SERVER_2012'|'SERVER_2019', 'HybridSettings': { 'SelfManagedDnsIpAddrs': [ 'string', ], 'SelfManagedInstanceIds': [ 'string', ] } }, ], } **Response Structure** * *(dict) --* Contains the results of the DescribeDirectories operation. * **DirectoryDescriptions** *(list) --* The list of available DirectoryDescription objects that were retrieved. It is possible that this list contains less than the number of items specified in the "Limit" member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. * *(dict) --* Contains information about an Directory Service directory. * **DirectoryId** *(string) --* The directory identifier. * **Name** *(string) --* The fully qualified name of the directory. * **ShortName** *(string) --* The short name of the directory. * **Size** *(string) --* The directory size. * **Edition** *(string) --* The edition associated with this directory. * **Alias** *(string) --* The alias for the directory. If no alias has been created for the directory, the alias is the directory identifier, such as "d-XXXXXXXXXX". * **AccessUrl** *(string) --* The access URL for the directory, such as "http://.awsapps.com". If no alias has been created for the directory, "" is the directory identifier, such as "d-XXXXXXXXXX". * **Description** *(string) --* The description for the directory. * **DnsIpAddrs** *(list) --* The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected. * *(string) --* * **Stage** *(string) --* The current stage of the directory. * **ShareStatus** *(string) --* Current directory status of the shared Managed Microsoft AD directory. * **ShareMethod** *(string) --* The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( "ORGANIZATIONS") or with any Amazon Web Services account by sending a shared directory request ( "HANDSHAKE"). * **ShareNotes** *(string) --* A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation. * **LaunchTime** *(datetime) --* Specifies when the directory was created. * **StageLastUpdatedDateTime** *(datetime) --* The date and time that the stage was last updated. * **Type** *(string) --* The directory type. * **VpcSettings** *(dict) --* A DirectoryVpcSettingsDescription object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed Microsoft AD directory. * **VpcId** *(string) --* The identifier of the VPC that the directory is in. * **SubnetIds** *(list) --* The identifiers of the subnets for the directory servers. * *(string) --* * **SecurityGroupId** *(string) --* The domain controller security group identifier for the directory. * **AvailabilityZones** *(list) --* The list of Availability Zones that the directory is in. * *(string) --* * **ConnectSettings** *(dict) --* A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. This member is only present if the directory is an AD Connector directory. * **VpcId** *(string) --* The identifier of the VPC that the AD Connector is in. * **SubnetIds** *(list) --* A list of subnet identifiers in the VPC that the AD Connector is in. * *(string) --* * **CustomerUserName** *(string) --* The user name of the service account in your self- managed directory. * **SecurityGroupId** *(string) --* The security group identifier for the AD Connector directory. * **AvailabilityZones** *(list) --* A list of the Availability Zones that the directory is in. * *(string) --* * **ConnectIps** *(list) --* The IP addresses of the AD Connector servers. * *(string) --* * **RadiusSettings** *(dict) --* A RadiusSettings object that contains information about the RADIUS server configured for this directory. * **RadiusServers** *(list) --* An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer. * *(string) --* * **RadiusPort** *(integer) --* The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers. * **RadiusTimeout** *(integer) --* The amount of time, in seconds, to wait for the RADIUS server to respond. * **RadiusRetries** *(integer) --* The maximum number of times that communication with the RADIUS server is retried after the initial attempt. * **SharedSecret** *(string) --* Required for enabling RADIUS on the directory. * **AuthenticationProtocol** *(string) --* The protocol specified for your RADIUS endpoints. * **DisplayLabel** *(string) --* Not currently used. * **UseSameUsername** *(boolean) --* Not currently used. * **RadiusStatus** *(string) --* The status of the RADIUS MFA server connection. * **StageReason** *(string) --* Additional information about the directory stage. * **SsoEnabled** *(boolean) --* Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso. * **DesiredNumberOfDomainControllers** *(integer) --* The desired number of domain controllers in the directory if the directory is Microsoft AD. * **OwnerDirectoryDescription** *(dict) --* Describes the Managed Microsoft AD directory in the directory owner account. * **DirectoryId** *(string) --* Identifier of the Managed Microsoft AD directory in the directory owner account. * **AccountId** *(string) --* Identifier of the directory owner account. * **DnsIpAddrs** *(list) --* IP address of the directory’s domain controllers. * *(string) --* * **VpcSettings** *(dict) --* Information about the VPC settings for the directory. * **VpcId** *(string) --* The identifier of the VPC that the directory is in. * **SubnetIds** *(list) --* The identifiers of the subnets for the directory servers. * *(string) --* * **SecurityGroupId** *(string) --* The domain controller security group identifier for the directory. * **AvailabilityZones** *(list) --* The list of Availability Zones that the directory is in. * *(string) --* * **RadiusSettings** *(dict) --* A RadiusSettings object that contains information about the RADIUS server. * **RadiusServers** *(list) --* An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer. * *(string) --* * **RadiusPort** *(integer) --* The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers. * **RadiusTimeout** *(integer) --* The amount of time, in seconds, to wait for the RADIUS server to respond. * **RadiusRetries** *(integer) --* The maximum number of times that communication with the RADIUS server is retried after the initial attempt. * **SharedSecret** *(string) --* Required for enabling RADIUS on the directory. * **AuthenticationProtocol** *(string) --* The protocol specified for your RADIUS endpoints. * **DisplayLabel** *(string) --* Not currently used. * **UseSameUsername** *(boolean) --* Not currently used. * **RadiusStatus** *(string) --* Information about the status of the RADIUS server. * **RegionsInfo** *(dict) --* Lists the Regions where the directory has replicated. * **PrimaryRegion** *(string) --* The Region where the Managed Microsoft AD directory was originally created. * **AdditionalRegions** *(list) --* Lists the Regions where the directory has been replicated, excluding the primary Region. * *(string) --* * **OsVersion** *(string) --* The operating system (OS) version of the directory. * **HybridSettings** *(dict) --* Contains information about the hybrid directory configuration for the directory, including Amazon Web Services System Manager managed node identifiers and DNS IPs. * **SelfManagedDnsIpAddrs** *(list) --* The IP addresses of the DNS servers in your self- managed AD environment. * *(string) --* * **SelfManagedInstanceIds** *(list) --* The identifiers of the self-managed instances with SSM used for hybrid directory operations. * *(string) --* DirectoryService / Paginator / ListIpRoutes ListIpRoutes ************ class DirectoryService.Paginator.ListIpRoutes paginator = client.get_paginator('list_ip_routes') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.list_ip_routes()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier (ID) of the directory for which you want to retrieve the IP addresses. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'IpRoutesInfo': [ { 'DirectoryId': 'string', 'CidrIp': 'string', 'IpRouteStatusMsg': 'Adding'|'Added'|'Removing'|'Removed'|'AddFailed'|'RemoveFailed', 'AddedDateTime': datetime(2015, 1, 1), 'IpRouteStatusReason': 'string', 'Description': 'string' }, ], } **Response Structure** * *(dict) --* * **IpRoutesInfo** *(list) --* A list of IpRoutes. * *(dict) --* Information about one or more IP address blocks. * **DirectoryId** *(string) --* Identifier (ID) of the directory associated with the IP addresses. * **CidrIp** *(string) --* IP address block in the IpRoute. * **IpRouteStatusMsg** *(string) --* The status of the IP address block. * **AddedDateTime** *(datetime) --* The date and time the address block was added to the directory. * **IpRouteStatusReason** *(string) --* The reason for the IpRouteStatusMsg. * **Description** *(string) --* Description of the IpRouteInfo. DirectoryService / Paginator / DescribeClientAuthenticationSettings DescribeClientAuthenticationSettings ************************************ class DirectoryService.Paginator.DescribeClientAuthenticationSettings paginator = client.get_paginator('describe_client_authentication_settings') paginate(**kwargs) Creates an iterator that will paginate through responses from " DirectoryService.Client.describe_client_authentication_settings ()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', Type='SmartCard'|'SmartCardOrPassword', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to retrieve information. * **Type** (*string*) -- The type of client authentication for which to retrieve information. If no type is specified, a list of all client authentication types that are supported for the specified directory is retrieved. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'ClientAuthenticationSettingsInfo': [ { 'Type': 'SmartCard'|'SmartCardOrPassword', 'Status': 'Enabled'|'Disabled', 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **ClientAuthenticationSettingsInfo** *(list) --* Information about the type of client authentication for the specified directory. The following information is retrieved: The date and time when the status of the client authentication type was last updated, whether the client authentication type is enabled or disabled, and the type of client authentication. * *(dict) --* Contains information about a client authentication method for a directory. * **Type** *(string) --* The type of client authentication for the specified directory. If no type is specified, a list of all client authentication types that are supported for the directory is retrieved. * **Status** *(string) --* Whether the client authentication type is enabled or disabled for the specified directory. * **LastUpdatedDateTime** *(datetime) --* The date and time when the status of the client authentication type was last updated. DirectoryService / Paginator / DescribeUpdateDirectory DescribeUpdateDirectory *********************** class DirectoryService.Paginator.DescribeUpdateDirectory paginator = client.get_paginator('describe_update_directory') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_update_directory()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', UpdateType='OS', RegionName='string', PaginationConfig={ 'MaxItems': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The unique identifier of the directory. * **UpdateType** (*string*) -- **[REQUIRED]** The type of updates you want to describe for the directory. * **RegionName** (*string*) -- The name of the Region. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'UpdateActivities': [ { 'Region': 'string', 'Status': 'Updated'|'Updating'|'UpdateFailed', 'StatusReason': 'string', 'InitiatedBy': 'string', 'NewValue': { 'OSUpdateSettings': { 'OSVersion': 'SERVER_2012'|'SERVER_2019' } }, 'PreviousValue': { 'OSUpdateSettings': { 'OSVersion': 'SERVER_2012'|'SERVER_2019' } }, 'StartTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **UpdateActivities** *(list) --* The list of update activities on a directory for the requested update type. * *(dict) --* An entry of update information related to a requested update type. * **Region** *(string) --* The name of the Region. * **Status** *(string) --* The status of the update performed on the directory. * **StatusReason** *(string) --* The reason for the current status of the update type activity. * **InitiatedBy** *(string) --* This specifies if the update was initiated by the customer or by the service team. * **NewValue** *(dict) --* The new value of the target setting. * **OSUpdateSettings** *(dict) --* The OS update related settings. * **OSVersion** *(string) --* OS version that the directory needs to be updated to. * **PreviousValue** *(dict) --* The old value of the target setting. * **OSUpdateSettings** *(dict) --* The OS update related settings. * **OSVersion** *(string) --* OS version that the directory needs to be updated to. * **StartTime** *(datetime) --* The start time of the "UpdateDirectorySetup" for the particular type. * **LastUpdatedDateTime** *(datetime) --* The last updated date and time of a particular directory setting. DirectoryService / Paginator / ListSchemaExtensions ListSchemaExtensions ******************** class DirectoryService.Paginator.ListSchemaExtensions paginator = client.get_paginator('list_schema_extensions') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.list_schema_extensions()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', PaginationConfig={ 'MaxItems': 123, 'PageSize': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory from which to retrieve the schema extension information. * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **PageSize** *(integer) --* The size of each page. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'SchemaExtensionsInfo': [ { 'DirectoryId': 'string', 'SchemaExtensionId': 'string', 'Description': 'string', 'SchemaExtensionStatus': 'Initializing'|'CreatingSnapshot'|'UpdatingSchema'|'Replicating'|'CancelInProgress'|'RollbackInProgress'|'Cancelled'|'Failed'|'Completed', 'SchemaExtensionStatusReason': 'string', 'StartDateTime': datetime(2015, 1, 1), 'EndDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **SchemaExtensionsInfo** *(list) --* Information about the schema extensions applied to the directory. * *(dict) --* Information about a schema extension. * **DirectoryId** *(string) --* The identifier of the directory to which the schema extension is applied. * **SchemaExtensionId** *(string) --* The identifier of the schema extension. * **Description** *(string) --* A description of the schema extension. * **SchemaExtensionStatus** *(string) --* The current status of the schema extension. * **SchemaExtensionStatusReason** *(string) --* The reason for the "SchemaExtensionStatus". * **StartDateTime** *(datetime) --* The date and time that the schema extension started being applied to the directory. * **EndDateTime** *(datetime) --* The date and time that the schema extension was completed. DirectoryService / Paginator / DescribeRegions DescribeRegions *************** class DirectoryService.Paginator.DescribeRegions paginator = client.get_paginator('describe_regions') paginate(**kwargs) Creates an iterator that will paginate through responses from "DirectoryService.Client.describe_regions()". See also: AWS API Documentation **Request Syntax** response_iterator = paginator.paginate( DirectoryId='string', RegionName='string', PaginationConfig={ 'MaxItems': 123, 'StartingToken': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **RegionName** (*string*) -- The name of the Region. For example, "us-east-1". * **PaginationConfig** (*dict*) -- A dictionary that provides parameters to control pagination. * **MaxItems** *(integer) --* The total number of items to return. If the total number of items available is more than the value specified in max-items then a "NextToken" will be provided in the output that you can use to resume pagination. * **StartingToken** *(string) --* A token to specify where to start paginating. This is the "NextToken" from a previous response. Return type: dict Returns: **Response Syntax** { 'RegionsDescription': [ { 'DirectoryId': 'string', 'RegionName': 'string', 'RegionType': 'Primary'|'Additional', 'Status': 'Requested'|'Creating'|'Created'|'Active'|'Inoperable'|'Impaired'|'Restoring'|'RestoreFailed'|'Deleting'|'Deleted'|'Failed'|'Updating', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, 'DesiredNumberOfDomainControllers': 123, 'LaunchTime': datetime(2015, 1, 1), 'StatusLastUpdatedDateTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], } **Response Structure** * *(dict) --* * **RegionsDescription** *(list) --* List of Region information related to the directory for each replicated Region. * *(dict) --* The replicated Region information for a directory. * **DirectoryId** *(string) --* The identifier of the directory. * **RegionName** *(string) --* The name of the Region. For example, "us-east-1". * **RegionType** *(string) --* Specifies whether the Region is the primary Region or an additional Region. * **Status** *(string) --* The status of the replication process for the specified Region. * **VpcSettings** *(dict) --* Contains VPC information for the CreateDirectory, CreateMicrosoftAD, or CreateHybridAD operation. * **VpcId** *(string) --* The identifier of the VPC in which to create the directory. * **SubnetIds** *(list) --* The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets. * *(string) --* * **DesiredNumberOfDomainControllers** *(integer) --* The desired number of domain controllers in the specified Region for the specified directory. * **LaunchTime** *(datetime) --* Specifies when the Region replication began. * **StatusLastUpdatedDateTime** *(datetime) --* The date and time that the Region status was last updated. * **LastUpdatedDateTime** *(datetime) --* The date and time that the Region description was last updated. DirectoryService / Client / describe_trusts describe_trusts *************** DirectoryService.Client.describe_trusts(**kwargs) Obtains information about the trust relationships for this account. If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account. See also: AWS API Documentation **Request Syntax** response = client.describe_trusts( DirectoryId='string', TrustIds=[ 'string', ], NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- The Directory ID of the Amazon Web Services directory that is a part of the requested trust relationship. * **TrustIds** (*list*) -- A list of identifiers of the trust relationships for which to obtain the information. If this member is null, all trust relationships that belong to the current account are returned. An empty list results in an "InvalidParameterException" being thrown. * *(string) --* * **NextToken** (*string*) -- The *DescribeTrustsResult.NextToken* value from a previous call to DescribeTrusts. Pass null if this is the first call. * **Limit** (*integer*) -- The maximum number of objects to return. Return type: dict Returns: **Response Syntax** { 'Trusts': [ { 'DirectoryId': 'string', 'TrustId': 'string', 'RemoteDomainName': 'string', 'TrustType': 'Forest'|'External', 'TrustDirection': 'One-Way: Outgoing'|'One-Way: Incoming'|'Two-Way', 'TrustState': 'Creating'|'Created'|'Verifying'|'VerifyFailed'|'Verified'|'Updating'|'UpdateFailed'|'Updated'|'Deleting'|'Deleted'|'Failed', 'CreatedDateTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1), 'StateLastUpdatedDateTime': datetime(2015, 1, 1), 'TrustStateReason': 'string', 'SelectiveAuth': 'Enabled'|'Disabled' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* The result of a DescribeTrust request. * **Trusts** *(list) --* The list of Trust objects that were retrieved. It is possible that this list contains less than the number of items specified in the *Limit* member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. * *(dict) --* Describes a trust relationship between an Managed Microsoft AD directory and an external domain. * **DirectoryId** *(string) --* The Directory ID of the Amazon Web Services directory involved in the trust relationship. * **TrustId** *(string) --* The unique ID of the trust relationship. * **RemoteDomainName** *(string) --* The Fully Qualified Domain Name (FQDN) of the external domain involved in the trust relationship. * **TrustType** *(string) --* The trust relationship type. "Forest" is the default. * **TrustDirection** *(string) --* The trust relationship direction. * **TrustState** *(string) --* The trust relationship state. * **CreatedDateTime** *(datetime) --* The date and time that the trust relationship was created. * **LastUpdatedDateTime** *(datetime) --* The date and time that the trust relationship was last updated. * **StateLastUpdatedDateTime** *(datetime) --* The date and time that the TrustState was last updated. * **TrustStateReason** *(string) --* The reason for the TrustState. * **SelectiveAuth** *(string) --* Current state of selective authentication for the trust. * **NextToken** *(string) --* If not null, more results are available. Pass this value for the *NextToken* parameter in a subsequent call to DescribeTrusts to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" DirectoryService / Client / create_snapshot create_snapshot *************** DirectoryService.Client.create_snapshot(**kwargs) Creates a snapshot of a Simple AD or Microsoft AD directory in the Amazon Web Services cloud. Note: You cannot take snapshots of AD Connector directories. See also: AWS API Documentation **Request Syntax** response = client.create_snapshot( DirectoryId='string', Name='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory of which to take a snapshot. * **Name** (*string*) -- The descriptive name to apply to the snapshot. Return type: dict Returns: **Response Syntax** { 'SnapshotId': 'string' } **Response Structure** * *(dict) --* Contains the results of the CreateSnapshot operation. * **SnapshotId** *(string) --* The identifier of the snapshot that was created. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.SnapshotLimitExceededExcepti on" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / get_paginator get_paginator ************* DirectoryService.Client.get_paginator(operation_name) Create a paginator for an operation. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Raises: **OperationNotPageableError** -- Raised if the operation is not pageable. You can use the "client.can_paginate" method to check if an operation is pageable. Return type: "botocore.paginate.Paginator" Returns: A paginator object. DirectoryService / Client / describe_directory_data_access describe_directory_data_access ****************************** DirectoryService.Client.describe_directory_data_access(**kwargs) Obtains status of directory data access enablement through the Directory Service Data API for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.describe_directory_data_access( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** The directory identifier. Return type: dict Returns: **Response Syntax** { 'DataAccessStatus': 'Disabled'|'Disabling'|'Enabled'|'Enabling'|'Failed' } **Response Structure** * *(dict) --* * **DataAccessStatus** *(string) --* The current status of data access through the Directory Service Data API. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_snapshots describe_snapshots ****************** DirectoryService.Client.describe_snapshots(**kwargs) Obtains information about the directory snapshots that belong to this account. This operation supports pagination with the use of the *NextToken* request and response parameters. If more results are available, the *DescribeSnapshots.NextToken* member contains a token that you pass in the next call to DescribeSnapshots to retrieve the next set of items. You can also specify a maximum number of return results with the *Limit* parameter. See also: AWS API Documentation **Request Syntax** response = client.describe_snapshots( DirectoryId='string', SnapshotIds=[ 'string', ], NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- The identifier of the directory for which to retrieve snapshot information. * **SnapshotIds** (*list*) -- A list of identifiers of the snapshots to obtain the information for. If this member is null or empty, all snapshots are returned using the *Limit* and *NextToken* members. * *(string) --* * **NextToken** (*string*) -- The *DescribeSnapshotsResult.NextToken* value from a previous call to DescribeSnapshots. Pass null if this is the first call. * **Limit** (*integer*) -- The maximum number of objects to return. Return type: dict Returns: **Response Syntax** { 'Snapshots': [ { 'DirectoryId': 'string', 'SnapshotId': 'string', 'Type': 'Auto'|'Manual', 'Name': 'string', 'Status': 'Creating'|'Completed'|'Failed', 'StartTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* Contains the results of the DescribeSnapshots operation. * **Snapshots** *(list) --* The list of Snapshot objects that were retrieved. It is possible that this list contains less than the number of items specified in the *Limit* member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. * *(dict) --* Describes a directory snapshot. * **DirectoryId** *(string) --* The directory identifier. * **SnapshotId** *(string) --* The snapshot identifier. * **Type** *(string) --* The snapshot type. * **Name** *(string) --* The descriptive name of the snapshot. * **Status** *(string) --* The snapshot status. * **StartTime** *(datetime) --* The date and time that the snapshot was taken. * **NextToken** *(string) --* If not null, more results are available. Pass this value in the *NextToken* member of a subsequent call to DescribeSnapshots. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_ad_assessment describe_ad_assessment ********************** DirectoryService.Client.describe_ad_assessment(**kwargs) Retrieves detailed information about a directory assessment, including its current status, validation results, and configuration details. Use this operation to monitor assessment progress and review results. See also: AWS API Documentation **Request Syntax** response = client.describe_ad_assessment( AssessmentId='string' ) Parameters: **AssessmentId** (*string*) -- **[REQUIRED]** The identifier of the directory assessment to describe. Return type: dict Returns: **Response Syntax** { 'Assessment': { 'AssessmentId': 'string', 'DirectoryId': 'string', 'DnsName': 'string', 'StartTime': datetime(2015, 1, 1), 'LastUpdateDateTime': datetime(2015, 1, 1), 'Status': 'string', 'StatusCode': 'string', 'StatusReason': 'string', 'CustomerDnsIps': [ 'string', ], 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupIds': [ 'string', ], 'SelfManagedInstanceIds': [ 'string', ], 'ReportType': 'string', 'Version': 'string' }, 'AssessmentReports': [ { 'DomainControllerIp': 'string', 'Validations': [ { 'Category': 'string', 'Name': 'string', 'Status': 'string', 'StatusCode': 'string', 'StatusReason': 'string', 'StartTime': datetime(2015, 1, 1), 'LastUpdateDateTime': datetime(2015, 1, 1) }, ] }, ] } **Response Structure** * *(dict) --* * **Assessment** *(dict) --* Detailed information about the self-managed instance settings (IDs and DNS IPs). * **AssessmentId** *(string) --* The unique identifier of the directory assessment. * **DirectoryId** *(string) --* The identifier of the directory associated with this assessment. * **DnsName** *(string) --* The fully qualified domain name (FQDN) of the Active Directory domain being assessed. * **StartTime** *(datetime) --* The date and time when the assessment was initiated. * **LastUpdateDateTime** *(datetime) --* The date and time when the assessment status was last updated. * **Status** *(string) --* The current status of the assessment. Valid values include "SUCCESS", "FAILED", "PENDING", and "IN_PROGRESS". * **StatusCode** *(string) --* A detailed status code providing additional information about the assessment state. * **StatusReason** *(string) --* A human-readable description of the current assessment status, including any error details or progress information. * **CustomerDnsIps** *(list) --* The IP addresses of the DNS servers or domain controllers in your self-managed AD environment. * *(string) --* * **VpcId** *(string) --* Contains Amazon VPC information for the "StartADAssessment" operation. * **SubnetIds** *(list) --* A list of subnet identifiers in the Amazon VPC in which the hybrid directory is created. * *(string) --* * **SecurityGroupIds** *(list) --* The security groups identifiers attached to the network interfaces. * *(string) --* * **SelfManagedInstanceIds** *(list) --* The identifiers of the self-managed AD instances used to perform the assessment. * *(string) --* * **ReportType** *(string) --* The type of assessment report generated. Valid values are "CUSTOMER" and "SYSTEM". * **Version** *(string) --* The version of the assessment framework used to evaluate your self-managed AD environment. * **AssessmentReports** *(list) --* A list of assessment reports containing validation results for each domain controller and test category. Each report includes specific validation details and outcomes. * *(dict) --* Contains the results of validation tests performed against a specific domain controller during a directory assessment. * **DomainControllerIp** *(string) --* The IP address of the domain controller that was tested during the assessment. * **Validations** *(list) --* A list of validation results for different test categories performed against this domain controller. * *(dict) --* Contains information about a specific validation test performed during a directory assessment. * **Category** *(string) --* The category of the validation test. * **Name** *(string) --* The name of the specific validation test performed within the category. * **Status** *(string) --* The result status of the validation test. Valid values include "SUCCESS", "FAILED", "PENDING", and "IN_PROGRESS". * **StatusCode** *(string) --* A detailed status code providing additional information about the validation result. * **StatusReason** *(string) --* A human-readable description of the validation result, including any error details or recommendations. * **StartTime** *(datetime) --* The date and time when the validation test was started. * **LastUpdateDateTime** *(datetime) --* The date and time when the validation test was completed or last updated. **Exceptions** * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" DirectoryService / Client / verify_trust verify_trust ************ DirectoryService.Client.verify_trust(**kwargs) Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships. This action verifies a trust relationship between your Managed Microsoft AD directory and an external domain. See also: AWS API Documentation **Request Syntax** response = client.verify_trust( TrustId='string' ) Parameters: **TrustId** (*string*) -- **[REQUIRED]** The unique Trust ID of the trust relationship to verify. Return type: dict Returns: **Response Syntax** { 'TrustId': 'string' } **Response Structure** * *(dict) --* Result of a VerifyTrust request. * **TrustId** *(string) --* The unique Trust ID of the trust relationship that was verified. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" DirectoryService / Client / can_paginate can_paginate ************ DirectoryService.Client.can_paginate(operation_name) Check if an operation can be paginated. Parameters: **operation_name** (*string*) -- The operation name. This is the same name as the method name on the client. For example, if the method name is "create_foo", and you'd normally invoke the operation as "client.create_foo(**kwargs)", if the "create_foo" operation can be paginated, you can use the call "client.get_paginator("create_foo")". Returns: "True" if the operation can be paginated, "False" otherwise. DirectoryService / Client / unshare_directory unshare_directory ***************** DirectoryService.Client.unshare_directory(**kwargs) Stops the directory sharing between the directory owner and consumer accounts. See also: AWS API Documentation **Request Syntax** response = client.unshare_directory( DirectoryId='string', UnshareTarget={ 'Id': 'string', 'Type': 'ACCOUNT' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the Managed Microsoft AD directory that you want to stop sharing. * **UnshareTarget** (*dict*) -- **[REQUIRED]** Identifier for the directory consumer account with whom the directory has to be unshared. * **Id** *(string) --* **[REQUIRED]** Identifier of the directory consumer account. * **Type** *(string) --* **[REQUIRED]** Type of identifier to be used in the *Id* field. Return type: dict Returns: **Response Syntax** { 'SharedDirectoryId': 'string' } **Response Structure** * *(dict) --* * **SharedDirectoryId** *(string) --* Identifier of the directory stored in the directory consumer account that is to be unshared from the specified directory ( "DirectoryId"). **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidTargetException" * "DirectoryService.Client.exceptions.DirectoryNotSharedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / update_radius update_radius ************* DirectoryService.Client.update_radius(**kwargs) Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory. See also: AWS API Documentation **Request Syntax** response = client.update_radius( DirectoryId='string', RadiusSettings={ 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to update the RADIUS server information. * **RadiusSettings** (*dict*) -- **[REQUIRED]** A RadiusSettings object that contains information about the RADIUS server. * **RadiusServers** *(list) --* An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer. * *(string) --* * **RadiusPort** *(integer) --* The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers. * **RadiusTimeout** *(integer) --* The amount of time, in seconds, to wait for the RADIUS server to respond. * **RadiusRetries** *(integer) --* The maximum number of times that communication with the RADIUS server is retried after the initial attempt. * **SharedSecret** *(string) --* Required for enabling RADIUS on the directory. * **AuthenticationProtocol** *(string) --* The protocol specified for your RADIUS endpoints. * **DisplayLabel** *(string) --* Not currently used. * **UseSameUsername** *(boolean) --* Not currently used. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* Contains the results of the UpdateRadius operation. **Exceptions** * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / disable_radius disable_radius ************** DirectoryService.Client.disable_radius(**kwargs) Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory. See also: AWS API Documentation **Request Syntax** response = client.disable_radius( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to disable MFA. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* Contains the results of the DisableRadius operation. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / connect_directory connect_directory ***************** DirectoryService.Client.connect_directory(**kwargs) Creates an AD Connector to connect to a self-managed directory. Before you call "ConnectDirectory", ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the "ConnectDirectory" operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. See also: AWS API Documentation **Request Syntax** response = client.connect_directory( Name='string', ShortName='string', Password='string', Description='string', Size='Small'|'Large', ConnectSettings={ 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'CustomerDnsIps': [ 'string', ], 'CustomerUserName': 'string' }, Tags=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **Name** (*string*) -- **[REQUIRED]** The fully qualified name of your self-managed directory, such as "corp.example.com". * **ShortName** (*string*) -- The NetBIOS name of your self- managed directory, such as "CORP". * **Password** (*string*) -- **[REQUIRED]** The password for your self-managed user account. * **Description** (*string*) -- A description for the directory. * **Size** (*string*) -- **[REQUIRED]** The size of the directory. * **ConnectSettings** (*dict*) -- **[REQUIRED]** A DirectoryConnectSettings object that contains additional information for the operation. * **VpcId** *(string) --* **[REQUIRED]** The identifier of the VPC in which the AD Connector is created. * **SubnetIds** *(list) --* **[REQUIRED]** A list of subnet identifiers in the VPC in which the AD Connector is created. * *(string) --* * **CustomerDnsIps** *(list) --* **[REQUIRED]** A list of one or more IP addresses of DNS servers or domain controllers in your self-managed directory. * *(string) --* * **CustomerUserName** *(string) --* **[REQUIRED]** The user name of an account in your self-managed directory that is used to connect to the directory. This account must have the following permissions: * Read users and groups * Create computer objects * Join computers to the domain * **Tags** (*list*) -- The tags to be assigned to AD Connector. * *(dict) --* Metadata assigned to a directory consisting of a key-value pair. * **Key** *(string) --* **[REQUIRED]** Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **Value** *(string) --* **[REQUIRED]** The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string' } **Response Structure** * *(dict) --* Contains the results of the ConnectDirectory operation. * **DirectoryId** *(string) --* The identifier of the new directory. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryLimitExceededExcept ion" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / update_number_of_domain_controllers update_number_of_domain_controllers *********************************** DirectoryService.Client.update_number_of_domain_controllers(**kwargs) Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request. See also: AWS API Documentation **Request Syntax** response = client.update_number_of_domain_controllers( DirectoryId='string', DesiredNumber=123 ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier of the directory to which the domain controllers will be added or removed. * **DesiredNumber** (*integer*) -- **[REQUIRED]** The number of domain controllers desired in the directory. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.DomainControllerLimitExceede dException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / list_schema_extensions list_schema_extensions ********************** DirectoryService.Client.list_schema_extensions(**kwargs) Lists all schema extensions applied to a Microsoft AD Directory. See also: AWS API Documentation **Request Syntax** response = client.list_schema_extensions( DirectoryId='string', NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory from which to retrieve the schema extension information. * **NextToken** (*string*) -- The "ListSchemaExtensions.NextToken" value from a previous call to "ListSchemaExtensions". Pass null if this is the first call. * **Limit** (*integer*) -- The maximum number of items to return. Return type: dict Returns: **Response Syntax** { 'SchemaExtensionsInfo': [ { 'DirectoryId': 'string', 'SchemaExtensionId': 'string', 'Description': 'string', 'SchemaExtensionStatus': 'Initializing'|'CreatingSnapshot'|'UpdatingSchema'|'Replicating'|'CancelInProgress'|'RollbackInProgress'|'Cancelled'|'Failed'|'Completed', 'SchemaExtensionStatusReason': 'string', 'StartDateTime': datetime(2015, 1, 1), 'EndDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **SchemaExtensionsInfo** *(list) --* Information about the schema extensions applied to the directory. * *(dict) --* Information about a schema extension. * **DirectoryId** *(string) --* The identifier of the directory to which the schema extension is applied. * **SchemaExtensionId** *(string) --* The identifier of the schema extension. * **Description** *(string) --* A description of the schema extension. * **SchemaExtensionStatus** *(string) --* The current status of the schema extension. * **SchemaExtensionStatusReason** *(string) --* The reason for the "SchemaExtensionStatus". * **StartDateTime** *(datetime) --* The date and time that the schema extension started being applied to the directory. * **EndDateTime** *(datetime) --* The date and time that the schema extension was completed. * **NextToken** *(string) --* If not null, more results are available. Pass this value for the "NextToken" parameter in a subsequent call to "ListSchemaExtensions" to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_regions describe_regions **************** DirectoryService.Client.describe_regions(**kwargs) Provides information about the Regions that are configured for multi-Region replication. See also: AWS API Documentation **Request Syntax** response = client.describe_regions( DirectoryId='string', RegionName='string', NextToken='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **RegionName** (*string*) -- The name of the Region. For example, "us-east-1". * **NextToken** (*string*) -- The "DescribeRegionsResult.NextToken" value from a previous call to DescribeRegions. Pass null if this is the first call. Return type: dict Returns: **Response Syntax** { 'RegionsDescription': [ { 'DirectoryId': 'string', 'RegionName': 'string', 'RegionType': 'Primary'|'Additional', 'Status': 'Requested'|'Creating'|'Created'|'Active'|'Inoperable'|'Impaired'|'Restoring'|'RestoreFailed'|'Deleting'|'Deleted'|'Failed'|'Updating', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, 'DesiredNumberOfDomainControllers': 123, 'LaunchTime': datetime(2015, 1, 1), 'StatusLastUpdatedDateTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **RegionsDescription** *(list) --* List of Region information related to the directory for each replicated Region. * *(dict) --* The replicated Region information for a directory. * **DirectoryId** *(string) --* The identifier of the directory. * **RegionName** *(string) --* The name of the Region. For example, "us-east-1". * **RegionType** *(string) --* Specifies whether the Region is the primary Region or an additional Region. * **Status** *(string) --* The status of the replication process for the specified Region. * **VpcSettings** *(dict) --* Contains VPC information for the CreateDirectory, CreateMicrosoftAD, or CreateHybridAD operation. * **VpcId** *(string) --* The identifier of the VPC in which to create the directory. * **SubnetIds** *(list) --* The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets. * *(string) --* * **DesiredNumberOfDomainControllers** *(integer) --* The desired number of domain controllers in the specified Region for the specified directory. * **LaunchTime** *(datetime) --* Specifies when the Region replication began. * **StatusLastUpdatedDateTime** *(datetime) --* The date and time that the Region status was last updated. * **LastUpdatedDateTime** *(datetime) --* The date and time that the Region description was last updated. * **NextToken** *(string) --* If not null, more results are available. Pass this value for the "NextToken" parameter in a subsequent call to DescribeRegions to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_trust create_trust ************ DirectoryService.Client.create_trust(**kwargs) Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials. This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust. See also: AWS API Documentation **Request Syntax** response = client.create_trust( DirectoryId='string', RemoteDomainName='string', TrustPassword='string', TrustDirection='One-Way: Outgoing'|'One-Way: Incoming'|'Two-Way', TrustType='Forest'|'External', ConditionalForwarderIpAddrs=[ 'string', ], SelectiveAuth='Enabled'|'Disabled' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship. * **RemoteDomainName** (*string*) -- **[REQUIRED]** The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship. * **TrustPassword** (*string*) -- **[REQUIRED]** The trust password. The trust password must be the same password that was used when creating the trust relationship on the external domain. * **TrustDirection** (*string*) -- **[REQUIRED]** The direction of the trust relationship. * **TrustType** (*string*) -- The trust relationship type. "Forest" is the default. * **ConditionalForwarderIpAddrs** (*list*) -- The IP addresses of the remote DNS server associated with RemoteDomainName. * *(string) --* * **SelectiveAuth** (*string*) -- Optional parameter to enable selective authentication for the trust. Return type: dict Returns: **Response Syntax** { 'TrustId': 'string' } **Response Structure** * *(dict) --* The result of a CreateTrust request. * **TrustId** *(string) --* A unique identifier for the trust relationship that was created. **Exceptions** * "DirectoryService.Client.exceptions.EntityAlreadyExistsException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" DirectoryService / Client / delete_directory delete_directory **************** DirectoryService.Client.delete_directory(**kwargs) Deletes an Directory Service directory. Before you call "DeleteDirectory", ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the "DeleteDirectory" operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. See also: AWS API Documentation **Request Syntax** response = client.delete_directory( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory to delete. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string' } **Response Structure** * *(dict) --* Contains the results of the DeleteDirectory operation. * **DirectoryId** *(string) --* The directory identifier. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / update_hybrid_ad update_hybrid_ad **************** DirectoryService.Client.update_hybrid_ad(**kwargs) Updates the configuration of an existing hybrid directory. You can recover hybrid directory administrator account or modify self- managed instance settings. Updates are applied asynchronously. Use DescribeHybridADUpdate to monitor the progress of configuration changes. The "InstanceIds" must have a one-to-one correspondence with "CustomerDnsIps", meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410]. Note: You must provide at least one update to UpdateHybridADRequest$HybridAdministratorAccountUpdate or UpdateHybridADRequest$SelfManagedInstancesSettings. See also: AWS API Documentation **Request Syntax** response = client.update_hybrid_ad( DirectoryId='string', HybridAdministratorAccountUpdate={ 'SecretArn': 'string' }, SelfManagedInstancesSettings={ 'CustomerDnsIps': [ 'string', ], 'InstanceIds': [ 'string', ] } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the hybrid directory to update. * **HybridAdministratorAccountUpdate** (*dict*) -- We create a hybrid directory administrator account when we create a hybrid directory. Use "HybridAdministratorAccountUpdate" to recover the hybrid directory administrator account if you have deleted it. To recover your hybrid directory administrator account, we need temporary access to a user in your self-managed AD with administrator permissions in the form of a secret from Amazon Web Services Secrets Manager. We use these credentials once during recovery and don't store them. If your hybrid directory administrator account exists, then you don’t need to use "HybridAdministratorAccountUpdate", even if you have updated your self-managed AD administrator user. * **SecretArn** *(string) --* **[REQUIRED]** The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that contains the credentials for the AD administrator user, and enables hybrid domain controllers to join the managed AD domain. For example: "{"customerAdAdminDomainUsername":"carlos_salazar","custome rAdAdminDomainPassword":"ExamplePassword123!"}." * **SelfManagedInstancesSettings** (*dict*) -- Updates to the self-managed AD configuration, including DNS server IP addresses and Amazon Web Services System Manager managed node identifiers. * **CustomerDnsIps** *(list) --* **[REQUIRED]** The IP addresses of the DNS servers or domain controllers in your self-managed AD environment. * *(string) --* * **InstanceIds** *(list) --* **[REQUIRED]** The identifiers of the self-managed instances with SSM used in hybrid directory. * *(string) --* Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'AssessmentId': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier of the updated hybrid directory. * **AssessmentId** *(string) --* The identifier of the assessment performed to validate the update configuration. This assessment ensures the updated settings are compatible with your environment. **Exceptions** * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.ADAssessmentLimitExceededExc eption" DirectoryService / Client / share_directory share_directory *************** DirectoryService.Client.share_directory(**kwargs) Shares a specified directory ( "DirectoryId") in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer). With this operation you can use your directory from any Amazon Web Services account and from any Amazon VPC within an Amazon Web Services Region. When you share your Managed Microsoft AD directory, Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account. The "ShareMethod" parameter determines whether the specified directory can be shared between Amazon Web Services accounts inside the same Amazon Web Services organization ( "ORGANIZATIONS"). It also determines whether you can share the directory with any other Amazon Web Services account either inside or outside of the organization ( "HANDSHAKE"). The "ShareNotes" parameter is only used when "HANDSHAKE" is called, which sends a directory sharing request to the directory consumer. See also: AWS API Documentation **Request Syntax** response = client.share_directory( DirectoryId='string', ShareNotes='string', ShareTarget={ 'Id': 'string', 'Type': 'ACCOUNT' }, ShareMethod='ORGANIZATIONS'|'HANDSHAKE' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier of the Managed Microsoft AD directory that you want to share with other Amazon Web Services accounts. * **ShareNotes** (*string*) -- A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation. * **ShareTarget** (*dict*) -- **[REQUIRED]** Identifier for the directory consumer account with whom the directory is to be shared. * **Id** *(string) --* **[REQUIRED]** Identifier of the directory consumer account. * **Type** *(string) --* **[REQUIRED]** Type of identifier to be used in the "Id" field. * **ShareMethod** (*string*) -- **[REQUIRED]** The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( "ORGANIZATIONS") or with any Amazon Web Services account by sending a directory sharing request ( "HANDSHAKE"). Return type: dict Returns: **Response Syntax** { 'SharedDirectoryId': 'string' } **Response Structure** * *(dict) --* * **SharedDirectoryId** *(string) --* Identifier of the directory that is stored in the directory consumer account that is shared from the specified directory ( "DirectoryId"). **Exceptions** * "DirectoryService.Client.exceptions.DirectoryAlreadySharedExcept ion" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidTargetException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ShareLimitExceededException" * "DirectoryService.Client.exceptions.OrganizationsException" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / update_trust update_trust ************ DirectoryService.Client.update_trust(**kwargs) Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory. See also: AWS API Documentation **Request Syntax** response = client.update_trust( TrustId='string', SelectiveAuth='Enabled'|'Disabled' ) Parameters: * **TrustId** (*string*) -- **[REQUIRED]** Identifier of the trust relationship. * **SelectiveAuth** (*string*) -- Updates selective authentication for the trust. Return type: dict Returns: **Response Syntax** { 'RequestId': 'string', 'TrustId': 'string' } **Response Structure** * *(dict) --* * **RequestId** *(string) --* The Amazon Web Services request identifier. * **TrustId** *(string) --* Identifier of the trust relationship. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_directory create_directory **************** DirectoryService.Client.create_directory(**kwargs) Creates a Simple AD directory. For more information, see Simple Active Directory in the *Directory Service Admin Guide*. Before you call "CreateDirectory", ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the "CreateDirectory" operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. See also: AWS API Documentation **Request Syntax** response = client.create_directory( Name='string', ShortName='string', Password='string', Description='string', Size='Small'|'Large', VpcSettings={ 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, Tags=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **Name** (*string*) -- **[REQUIRED]** The fully qualified name for the directory, such as "corp.example.com". * **ShortName** (*string*) -- The NetBIOS name of the directory, such as "CORP". * **Password** (*string*) -- **[REQUIRED]** The password for the directory administrator. The directory creation process creates a directory administrator account with the user name "Administrator" and this password. If you need to change the password for the administrator account, you can use the ResetUserPassword API call. The regex pattern for this string is made up of the following conditions: * Length (?=^.{8,64}$) – Must be between 8 and 64 characters AND any 3 of the following password complexity rules required by Active Directory: * Numbers and upper case and lowercase (?=.*d)(?=.*[A-Z])(?=.*[a-z]) * Numbers and special characters and lower case (?=.*d)(?=.*[^A-Za-z0-9s])(?=.*[a-z]) * Special characters and upper case and lower case (?=.*[^A-Za-z0-9s])(?=.*[A-Z])(?=.*[a-z]) * Numbers and upper case and special characters (?=.*d)(?=.*[A-Z])(?=.*[^A-Za-z0-9s]) For additional information about how Active Directory passwords are enforced, see Password must meet complexity requirements on the Microsoft website. * **Description** (*string*) -- A description for the directory. * **Size** (*string*) -- **[REQUIRED]** The size of the directory. * **VpcSettings** (*dict*) -- A DirectoryVpcSettings object that contains additional information for the operation. * **VpcId** *(string) --* **[REQUIRED]** The identifier of the VPC in which to create the directory. * **SubnetIds** *(list) --* **[REQUIRED]** The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets. * *(string) --* * **Tags** (*list*) -- The tags to be assigned to the Simple AD directory. * *(dict) --* Metadata assigned to a directory consisting of a key-value pair. * **Key** *(string) --* **[REQUIRED]** Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **Value** *(string) --* **[REQUIRED]** The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string' } **Response Structure** * *(dict) --* Contains the results of the CreateDirectory operation. * **DirectoryId** *(string) --* The identifier of the directory that was created. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryLimitExceededExcept ion" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / reset_user_password reset_user_password ******************* DirectoryService.Client.reset_user_password(**kwargs) Resets the password for any user in your Managed Microsoft AD or Simple AD directory. Disabled users will become enabled and can be authenticated following the API call. You can reset the password for any user in your directory with the following exceptions: * For Simple AD, you cannot reset the password for any user that is a member of either the **Domain Admins** or **Enterprise Admins** group except for the administrator user. * For Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the **Amazon Web Services Reserved** OU. For more information about the OU structure for an Managed Microsoft AD directory, see What Gets Created in the *Directory Service Administration Guide*. See also: AWS API Documentation **Request Syntax** response = client.reset_user_password( DirectoryId='string', UserName='string', NewPassword='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier of the Managed Microsoft AD or Simple AD directory in which the user resides. * **UserName** (*string*) -- **[REQUIRED]** The user name of the user whose password will be reset. * **NewPassword** (*string*) -- **[REQUIRED]** The new password that will be reset. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.UserDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidPasswordException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / reject_shared_directory reject_shared_directory *********************** DirectoryService.Client.reject_shared_directory(**kwargs) Rejects a directory sharing request that was sent from the directory owner account. See also: AWS API Documentation **Request Syntax** response = client.reject_shared_directory( SharedDirectoryId='string' ) Parameters: **SharedDirectoryId** (*string*) -- **[REQUIRED]** Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account. Return type: dict Returns: **Response Syntax** { 'SharedDirectoryId': 'string' } **Response Structure** * *(dict) --* * **SharedDirectoryId** *(string) --* Identifier of the shared directory in the directory consumer account. **Exceptions** * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryAlreadySharedExcept ion" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / update_settings update_settings *************** DirectoryService.Client.update_settings(**kwargs) Updates the configurable settings for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.update_settings( DirectoryId='string', Settings=[ { 'Name': 'string', 'Value': 'string' }, ] ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to update settings. * **Settings** (*list*) -- **[REQUIRED]** The list of Setting objects. * *(dict) --* Contains information about the configurable settings for a directory. * **Name** *(string) --* **[REQUIRED]** The name of the directory setting. For example: "TLS_1_0" * **Value** *(string) --* **[REQUIRED]** The value of the directory setting for which to retrieve information. For example, for "TLS_1_0", the valid values are: "Enable" and "Disable". Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier of the directory. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.IncompatibleSettingsExceptio n" * "DirectoryService.Client.exceptions.UnsupportedSettingsException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / accept_shared_directory accept_shared_directory *********************** DirectoryService.Client.accept_shared_directory(**kwargs) Accepts a directory sharing request that was sent from the directory owner account. See also: AWS API Documentation **Request Syntax** response = client.accept_shared_directory( SharedDirectoryId='string' ) Parameters: **SharedDirectoryId** (*string*) -- **[REQUIRED]** Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account. Return type: dict Returns: **Response Syntax** { 'SharedDirectory': { 'OwnerAccountId': 'string', 'OwnerDirectoryId': 'string', 'ShareMethod': 'ORGANIZATIONS'|'HANDSHAKE', 'SharedAccountId': 'string', 'SharedDirectoryId': 'string', 'ShareStatus': 'Shared'|'PendingAcceptance'|'Rejected'|'Rejecting'|'RejectFailed'|'Sharing'|'ShareFailed'|'Deleted'|'Deleting', 'ShareNotes': 'string', 'CreatedDateTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) } } **Response Structure** * *(dict) --* * **SharedDirectory** *(dict) --* The shared directory in the directory consumer account. * **OwnerAccountId** *(string) --* Identifier of the directory owner account, which contains the directory that has been shared to the consumer account. * **OwnerDirectoryId** *(string) --* Identifier of the directory in the directory owner account. * **ShareMethod** *(string) --* The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( "ORGANIZATIONS") or with any Amazon Web Services account by sending a shared directory request ( "HANDSHAKE"). * **SharedAccountId** *(string) --* Identifier of the directory consumer account that has access to the shared directory ( "OwnerDirectoryId") in the directory owner account. * **SharedDirectoryId** *(string) --* Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account. * **ShareStatus** *(string) --* Current directory status of the shared Managed Microsoft AD directory. * **ShareNotes** *(string) --* A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation. * **CreatedDateTime** *(datetime) --* The date and time that the shared directory was created. * **LastUpdatedDateTime** *(datetime) --* The date and time that the shared directory was last updated. **Exceptions** * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryAlreadySharedExcept ion" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_settings describe_settings ***************** DirectoryService.Client.describe_settings(**kwargs) Retrieves information about the configurable settings for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.describe_settings( DirectoryId='string', Status='Requested'|'Updating'|'Updated'|'Failed'|'Default', NextToken='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to retrieve information. * **Status** (*string*) -- The status of the directory settings for which to retrieve information. * **NextToken** (*string*) -- The "DescribeSettingsResult.NextToken" value from a previous call to DescribeSettings. Pass null if this is the first call. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'SettingEntries': [ { 'Type': 'string', 'Name': 'string', 'AllowedValues': 'string', 'AppliedValue': 'string', 'RequestedValue': 'string', 'RequestStatus': 'Requested'|'Updating'|'Updated'|'Failed'|'Default', 'RequestDetailedStatus': { 'string': 'Requested'|'Updating'|'Updated'|'Failed'|'Default' }, 'RequestStatusMessage': 'string', 'LastUpdatedDateTime': datetime(2015, 1, 1), 'LastRequestedDateTime': datetime(2015, 1, 1), 'DataType': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The identifier of the directory. * **SettingEntries** *(list) --* The list of SettingEntry objects that were retrieved. It is possible that this list contains less than the number of items specified in the "Limit" member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. * *(dict) --* Contains information about the specified configurable setting for a directory. * **Type** *(string) --* The type, or category, of a directory setting. Similar settings have the same type. For example, "Protocol", "Cipher", or "Certificate-Based Authentication". * **Name** *(string) --* The name of the directory setting. For example: "TLS_1_0" * **AllowedValues** *(string) --* The valid range of values for the directory setting. These values depend on the "DataType" of your directory. * **AppliedValue** *(string) --* The value of the directory setting that is applied to the directory. * **RequestedValue** *(string) --* The value that was last requested for the directory setting. * **RequestStatus** *(string) --* The overall status of the request to update the directory setting request. If the directory setting is deployed in more than one region, and the request fails in any region, the overall status is "Failed". * **RequestDetailedStatus** *(dict) --* Details about the status of the request to update the directory setting. If the directory setting is deployed in more than one region, status is returned for the request in each region where the setting is deployed. * *(string) --* * *(string) --* * **RequestStatusMessage** *(string) --* The last status message for the directory status request. * **LastUpdatedDateTime** *(datetime) --* The date and time when the directory setting was last updated. * **LastRequestedDateTime** *(datetime) --* The date and time when the request to update a directory setting was last submitted. * **DataType** *(string) --* The data type of a directory setting. This is used to define the "AllowedValues" of a setting. For example a data type can be "Boolean", "DurationInSeconds", or "Enum". * **NextToken** *(string) --* If not null, token that indicates that more results are available. Pass this value for the "NextToken" parameter in a subsequent call to "DescribeSettings" to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / list_certificates list_certificates ***************** DirectoryService.Client.list_certificates(**kwargs) For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication. See also: AWS API Documentation **Request Syntax** response = client.list_certificates( DirectoryId='string', NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **NextToken** (*string*) -- A token for requesting another page of certificates if the "NextToken" response element indicates that more certificates are available. Use the value of the returned "NextToken" element in your request until the token comes back as "null". Pass "null" if this is the first call. * **Limit** (*integer*) -- The number of items that should show up on one page Return type: dict Returns: **Response Syntax** { 'NextToken': 'string', 'CertificatesInfo': [ { 'CertificateId': 'string', 'CommonName': 'string', 'State': 'Registering'|'Registered'|'RegisterFailed'|'Deregistering'|'Deregistered'|'DeregisterFailed', 'ExpiryDateTime': datetime(2015, 1, 1), 'Type': 'ClientCertAuth'|'ClientLDAPS' }, ] } **Response Structure** * *(dict) --* * **NextToken** *(string) --* Indicates whether another page of certificates is available when the number of available certificates exceeds the page limit. * **CertificatesInfo** *(list) --* A list of certificates with basic details including certificate ID, certificate common name, certificate state. * *(dict) --* Contains general information about a certificate. * **CertificateId** *(string) --* The identifier of the certificate. * **CommonName** *(string) --* The common name for the certificate. * **State** *(string) --* The state of the certificate. * **ExpiryDateTime** *(datetime) --* The date and time when the certificate will expire. * **Type** *(string) --* The function that the registered certificate performs. Valid values include "ClientLDAPS" or "ClientCertAuth". The default value is "ClientLDAPS". **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / enable_directory_data_access enable_directory_data_access **************************** DirectoryService.Client.enable_directory_data_access(**kwargs) Enables access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference. See also: AWS API Documentation **Request Syntax** response = client.enable_directory_data_access( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** The directory identifier. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryInDesiredStateExcep tion" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / list_ad_assessments list_ad_assessments ******************* DirectoryService.Client.list_ad_assessments(**kwargs) Retrieves a list of directory assessments for the specified directory or all assessments in your account. Use this operation to monitor assessment status and manage multiple assessments. See also: AWS API Documentation **Request Syntax** response = client.list_ad_assessments( DirectoryId='string', NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- The identifier of the directory for which to list assessments. If not specified, all assessments in your account are returned. * **NextToken** (*string*) -- The pagination token from a previous request to ListADAssessments. Pass null if this is the first request. * **Limit** (*integer*) -- The maximum number of assessment summaries to return. Return type: dict Returns: **Response Syntax** { 'Assessments': [ { 'AssessmentId': 'string', 'DirectoryId': 'string', 'DnsName': 'string', 'StartTime': datetime(2015, 1, 1), 'LastUpdateDateTime': datetime(2015, 1, 1), 'Status': 'string', 'CustomerDnsIps': [ 'string', ], 'ReportType': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Assessments** *(list) --* A list of assessment summaries containing basic information about each directory assessment. * *(dict) --* Contains summary information about a directory assessment, providing a high-level overview without detailed validation results. * **AssessmentId** *(string) --* The unique identifier of the directory assessment. * **DirectoryId** *(string) --* The identifier of the directory associated with this assessment. * **DnsName** *(string) --* The fully qualified domain name (FQDN) of the Active Directory domain being assessed. * **StartTime** *(datetime) --* The date and time when the assessment was initiated. * **LastUpdateDateTime** *(datetime) --* The date and time when the assessment status was last updated. * **Status** *(string) --* The current status of the assessment. Valid values include "SUCCESS", "FAILED", "PENDING", and "IN_PROGRESS". * **CustomerDnsIps** *(list) --* The IP addresses of the DNS servers or domain controllers in your self-managed AD environment. * *(string) --* * **ReportType** *(string) --* The type of assessment report generated. Valid values include "CUSTOMER" and "SYSTEM". * **NextToken** *(string) --* If not null, more results are available. Pass this value for the "NextToken" parameter in a subsequent request to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" DirectoryService / Client / list_tags_for_resource list_tags_for_resource ********************** DirectoryService.Client.list_tags_for_resource(**kwargs) Lists all tags on a directory. See also: AWS API Documentation **Request Syntax** response = client.list_tags_for_resource( ResourceId='string', NextToken='string', Limit=123 ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** Identifier (ID) of the directory for which you want to retrieve tags. * **NextToken** (*string*) -- Reserved for future use. * **Limit** (*integer*) -- Reserved for future use. Return type: dict Returns: **Response Syntax** { 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **Tags** *(list) --* List of tags returned by the ListTagsForResource operation. * *(dict) --* Metadata assigned to a directory consisting of a key-value pair. * **Key** *(string) --* Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **Value** *(string) --* The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **NextToken** *(string) --* Reserved for future use. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_alias create_alias ************ DirectoryService.Client.create_alias(**kwargs) Creates an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as "http://.awsapps.com". Warning: After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary. See also: AWS API Documentation **Request Syntax** response = client.create_alias( DirectoryId='string', Alias='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to create the alias. * **Alias** (*string*) -- **[REQUIRED]** The requested alias. The alias must be unique amongst all aliases in Amazon Web Services. This operation throws an "EntityAlreadyExistsException" error if the alias already exists. Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string', 'Alias': 'string' } **Response Structure** * *(dict) --* Contains the results of the CreateAlias operation. * **DirectoryId** *(string) --* The identifier of the directory. * **Alias** *(string) --* The alias for the directory. **Exceptions** * "DirectoryService.Client.exceptions.EntityAlreadyExistsException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_client_authentication_settings describe_client_authentication_settings *************************************** DirectoryService.Client.describe_client_authentication_settings(**kwargs) Retrieves information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only "SmartCard" is supported. See also: AWS API Documentation **Request Syntax** response = client.describe_client_authentication_settings( DirectoryId='string', Type='SmartCard'|'SmartCardOrPassword', NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to retrieve information. * **Type** (*string*) -- The type of client authentication for which to retrieve information. If no type is specified, a list of all client authentication types that are supported for the specified directory is retrieved. * **NextToken** (*string*) -- The *DescribeClientAuthenticationSettingsResult.NextToken* value from a previous call to DescribeClientAuthenticationSettings. Pass null if this is the first call. * **Limit** (*integer*) -- The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation. Return type: dict Returns: **Response Syntax** { 'ClientAuthenticationSettingsInfo': [ { 'Type': 'SmartCard'|'SmartCardOrPassword', 'Status': 'Enabled'|'Disabled', 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **ClientAuthenticationSettingsInfo** *(list) --* Information about the type of client authentication for the specified directory. The following information is retrieved: The date and time when the status of the client authentication type was last updated, whether the client authentication type is enabled or disabled, and the type of client authentication. * *(dict) --* Contains information about a client authentication method for a directory. * **Type** *(string) --* The type of client authentication for the specified directory. If no type is specified, a list of all client authentication types that are supported for the directory is retrieved. * **Status** *(string) --* Whether the client authentication type is enabled or disabled for the specified directory. * **LastUpdatedDateTime** *(datetime) --* The date and time when the status of the client authentication type was last updated. * **NextToken** *(string) --* The next token used to retrieve the client authentication settings if the number of setting types exceeds page limit and there is another page. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_ldaps_settings describe_ldaps_settings *********************** DirectoryService.Client.describe_ldaps_settings(**kwargs) Describes the status of LDAP security for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.describe_ldaps_settings( DirectoryId='string', Type='Client', NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **Type** (*string*) -- The type of LDAP security to enable. Currently only the value "Client" is supported. * **NextToken** (*string*) -- The type of next token used for pagination. * **Limit** (*integer*) -- Specifies the number of items that should be displayed on one page. Return type: dict Returns: **Response Syntax** { 'LDAPSSettingsInfo': [ { 'LDAPSStatus': 'Enabling'|'Enabled'|'EnableFailed'|'Disabled', 'LDAPSStatusReason': 'string', 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **LDAPSSettingsInfo** *(list) --* Information about LDAP security for the specified directory, including status of enablement, state last updated date time, and the reason for the state. * *(dict) --* Contains general information about the LDAPS settings. * **LDAPSStatus** *(string) --* The state of the LDAPS settings. * **LDAPSStatusReason** *(string) --* Describes a state change for LDAPS. * **LastUpdatedDateTime** *(datetime) --* The date and time when the LDAPS settings were last updated. * **NextToken** *(string) --* The next token used to retrieve the LDAPS settings if the number of setting types exceeds page limit and there is another page. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / deregister_event_topic deregister_event_topic ********************** DirectoryService.Client.deregister_event_topic(**kwargs) Removes the specified directory as a publisher to the specified Amazon SNS topic. See also: AWS API Documentation **Request Syntax** response = client.deregister_event_topic( DirectoryId='string', TopicName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The Directory ID to remove as a publisher. This directory will no longer send messages to the specified Amazon SNS topic. * **TopicName** (*string*) -- **[REQUIRED]** The name of the Amazon SNS topic from which to remove the directory as a publisher. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* The result of a DeregisterEventTopic request. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / get_waiter get_waiter ********** DirectoryService.Client.get_waiter(waiter_name) Returns an object that can wait for some condition. Parameters: **waiter_name** (*str*) -- The name of the waiter to get. See the waiters section of the service docs for a list of available waiters. Returns: The specified waiter object. Return type: "botocore.waiter.Waiter" DirectoryService / Client / enable_client_authentication enable_client_authentication **************************** DirectoryService.Client.enable_client_authentication(**kwargs) Enables alternative client authentication methods for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.enable_client_authentication( DirectoryId='string', Type='SmartCard'|'SmartCardOrPassword' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the specified directory. * **Type** (*string*) -- **[REQUIRED]** The type of client authentication to enable. Currently only the value "SmartCard" is supported. Smart card authentication in AD Connector requires that you enable Kerberos Constrained Delegation for the Service User to the LDAP service in your self-managed AD. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidClientAuthStatusExcep tion" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.NoAvailableCertificateExcept ion" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_shared_directories describe_shared_directories *************************** DirectoryService.Client.describe_shared_directories(**kwargs) Returns the shared directories in your account. See also: AWS API Documentation **Request Syntax** response = client.describe_shared_directories( OwnerDirectoryId='string', SharedDirectoryIds=[ 'string', ], NextToken='string', Limit=123 ) Parameters: * **OwnerDirectoryId** (*string*) -- **[REQUIRED]** Returns the identifier of the directory in the directory owner account. * **SharedDirectoryIds** (*list*) -- A list of identifiers of all shared directories in your account. * *(string) --* * **NextToken** (*string*) -- The "DescribeSharedDirectoriesResult.NextToken" value from a previous call to DescribeSharedDirectories. Pass null if this is the first call. * **Limit** (*integer*) -- The number of shared directories to return in the response object. Return type: dict Returns: **Response Syntax** { 'SharedDirectories': [ { 'OwnerAccountId': 'string', 'OwnerDirectoryId': 'string', 'ShareMethod': 'ORGANIZATIONS'|'HANDSHAKE', 'SharedAccountId': 'string', 'SharedDirectoryId': 'string', 'ShareStatus': 'Shared'|'PendingAcceptance'|'Rejected'|'Rejecting'|'RejectFailed'|'Sharing'|'ShareFailed'|'Deleted'|'Deleting', 'ShareNotes': 'string', 'CreatedDateTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **SharedDirectories** *(list) --* A list of all shared directories in your account. * *(dict) --* Details about the shared directory in the directory owner account for which the share request in the directory consumer account has been accepted. * **OwnerAccountId** *(string) --* Identifier of the directory owner account, which contains the directory that has been shared to the consumer account. * **OwnerDirectoryId** *(string) --* Identifier of the directory in the directory owner account. * **ShareMethod** *(string) --* The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( "ORGANIZATIONS") or with any Amazon Web Services account by sending a shared directory request ( "HANDSHAKE"). * **SharedAccountId** *(string) --* Identifier of the directory consumer account that has access to the shared directory ( "OwnerDirectoryId") in the directory owner account. * **SharedDirectoryId** *(string) --* Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account. * **ShareStatus** *(string) --* Current directory status of the shared Managed Microsoft AD directory. * **ShareNotes** *(string) --* A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation. * **CreatedDateTime** *(datetime) --* The date and time that the shared directory was created. * **LastUpdatedDateTime** *(datetime) --* The date and time that the shared directory was last updated. * **NextToken** *(string) --* If not null, token that indicates that more results are available. Pass this value for the "NextToken" parameter in a subsequent call to DescribeSharedDirectories to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / deregister_certificate deregister_certificate ********************** DirectoryService.Client.deregister_certificate(**kwargs) Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication. See also: AWS API Documentation **Request Syntax** response = client.deregister_certificate( DirectoryId='string', CertificateId='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **CertificateId** (*string*) -- **[REQUIRED]** The identifier of the certificate. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.CertificateDoesNotExistExcep tion" * "DirectoryService.Client.exceptions.CertificateInUseException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / remove_tags_from_resource remove_tags_from_resource ************************* DirectoryService.Client.remove_tags_from_resource(**kwargs) Removes tags from a directory. See also: AWS API Documentation **Request Syntax** response = client.remove_tags_from_resource( ResourceId='string', TagKeys=[ 'string', ] ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** Identifier (ID) of the directory from which to remove the tag. * **TagKeys** (*list*) -- **[REQUIRED]** The tag key (name) of the tag to be removed. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / enable_sso enable_sso ********** DirectoryService.Client.enable_sso(**kwargs) Enables single sign-on for a directory. Single sign-on allows users in your directory to access certain Amazon Web Services services from a computer joined to the directory without having to enter their credentials separately. See also: AWS API Documentation **Request Syntax** response = client.enable_sso( DirectoryId='string', UserName='string', Password='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to enable single- sign on. * **UserName** (*string*) -- The username of an alternate account to use to enable single- sign on. This is only used for AD Connector directories. This account must have privileges to add a service principal name. If the AD Connector service account does not have privileges to add a service principal name, you can specify an alternate account with the *UserName* and *Password* parameters. These credentials are only used to enable single sign-on and are not stored by the service. The AD Connector service account is not changed. * **Password** (*string*) -- The password of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. For more information, see the *UserName* parameter. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* Contains the results of the EnableSso operation. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InsufficientPermissionsExcep tion" * "DirectoryService.Client.exceptions.AuthenticationFailedExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / cancel_schema_extension cancel_schema_extension *********************** DirectoryService.Client.cancel_schema_extension(**kwargs) Cancels an in-progress schema extension to a Microsoft AD directory. Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; "Initializing", "CreatingSnapshot", and "UpdatingSchema". See also: AWS API Documentation **Request Syntax** response = client.cancel_schema_extension( DirectoryId='string', SchemaExtensionId='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory whose schema extension will be canceled. * **SchemaExtensionId** (*string*) -- **[REQUIRED]** The identifier of the schema extension that will be canceled. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_conditional_forwarders describe_conditional_forwarders ******************************* DirectoryService.Client.describe_conditional_forwarders(**kwargs) Obtains information about the conditional forwarders for this account. If no input parameters are provided for RemoteDomainNames, this request describes all conditional forwarders for the specified directory ID. See also: AWS API Documentation **Request Syntax** response = client.describe_conditional_forwarders( DirectoryId='string', RemoteDomainNames=[ 'string', ] ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The directory ID for which to get the list of associated conditional forwarders. * **RemoteDomainNames** (*list*) -- The fully qualified domain names (FQDN) of the remote domains for which to get the list of associated conditional forwarders. If this member is null, all conditional forwarders are returned. * *(string) --* Return type: dict Returns: **Response Syntax** { 'ConditionalForwarders': [ { 'RemoteDomainName': 'string', 'DnsIpAddrs': [ 'string', ], 'ReplicationScope': 'Domain' }, ] } **Response Structure** * *(dict) --* The result of a DescribeConditionalForwarder request. * **ConditionalForwarders** *(list) --* The list of conditional forwarders that have been created. * *(dict) --* Points to a remote domain with which you are setting up a trust relationship. Conditional forwarders are required in order to set up a trust relationship with another domain. * **RemoteDomainName** *(string) --* The fully qualified domain name (FQDN) of the remote domains pointed to by the conditional forwarder. * **DnsIpAddrs** *(list) --* The IP addresses of the remote DNS server associated with RemoteDomainName. This is the IP address of the DNS server that your conditional forwarder points to. * *(string) --* * **ReplicationScope** *(string) --* The replication scope of the conditional forwarder. The only allowed value is "Domain", which will replicate the conditional forwarder to all of the domain controllers for your Amazon Web Services directory. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_computer create_computer *************** DirectoryService.Client.create_computer(**kwargs) Creates an Active Directory computer object in the specified directory. See also: AWS API Documentation **Request Syntax** response = client.create_computer( DirectoryId='string', ComputerName='string', Password='string', OrganizationalUnitDistinguishedName='string', ComputerAttributes=[ { 'Name': 'string', 'Value': 'string' }, ] ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory in which to create the computer account. * **ComputerName** (*string*) -- **[REQUIRED]** The name of the computer account. * **Password** (*string*) -- **[REQUIRED]** A one-time password that is used to join the computer to the directory. You should generate a random, strong password to use for this parameter. * **OrganizationalUnitDistinguishedName** (*string*) -- The fully-qualified distinguished name of the organizational unit to place the computer account in. * **ComputerAttributes** (*list*) -- An array of Attribute objects that contain any LDAP attributes to apply to the computer account. * *(dict) --* Represents a named directory attribute. * **Name** *(string) --* The name of the attribute. * **Value** *(string) --* The value of the attribute. Return type: dict Returns: **Response Syntax** { 'Computer': { 'ComputerId': 'string', 'ComputerName': 'string', 'ComputerAttributes': [ { 'Name': 'string', 'Value': 'string' }, ] } } **Response Structure** * *(dict) --* Contains the results for the CreateComputer operation. * **Computer** *(dict) --* A Computer object that represents the computer account. * **ComputerId** *(string) --* The identifier of the computer. * **ComputerName** *(string) --* The computer name. * **ComputerAttributes** *(list) --* An array of Attribute objects containing the LDAP attributes that belong to the computer account. * *(dict) --* Represents a named directory attribute. * **Name** *(string) --* The name of the attribute. * **Value** *(string) --* The value of the attribute. **Exceptions** * "DirectoryService.Client.exceptions.AuthenticationFailedExceptio n" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.EntityAlreadyExistsException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / get_directory_limits get_directory_limits ******************** DirectoryService.Client.get_directory_limits() Obtains directory limit information for the current Region. See also: AWS API Documentation **Request Syntax** response = client.get_directory_limits() Return type: dict Returns: **Response Syntax** { 'DirectoryLimits': { 'CloudOnlyDirectoriesLimit': 123, 'CloudOnlyDirectoriesCurrentCount': 123, 'CloudOnlyDirectoriesLimitReached': True|False, 'CloudOnlyMicrosoftADLimit': 123, 'CloudOnlyMicrosoftADCurrentCount': 123, 'CloudOnlyMicrosoftADLimitReached': True|False, 'ConnectedDirectoriesLimit': 123, 'ConnectedDirectoriesCurrentCount': 123, 'ConnectedDirectoriesLimitReached': True|False } } **Response Structure** * *(dict) --* Contains the results of the GetDirectoryLimits operation. * **DirectoryLimits** *(dict) --* A DirectoryLimits object that contains the directory limits for the current Region. * **CloudOnlyDirectoriesLimit** *(integer) --* The maximum number of cloud directories allowed in the Region. * **CloudOnlyDirectoriesCurrentCount** *(integer) --* The current number of cloud directories in the Region. * **CloudOnlyDirectoriesLimitReached** *(boolean) --* Indicates if the cloud directory limit has been reached. * **CloudOnlyMicrosoftADLimit** *(integer) --* The maximum number of Managed Microsoft AD directories allowed in the region. * **CloudOnlyMicrosoftADCurrentCount** *(integer) --* The current number of Managed Microsoft AD directories in the region. * **CloudOnlyMicrosoftADLimitReached** *(boolean) --* Indicates if the Managed Microsoft AD directory limit has been reached. * **ConnectedDirectoriesLimit** *(integer) --* The maximum number of connected directories allowed in the Region. * **ConnectedDirectoriesCurrentCount** *(integer) --* The current number of connected directories in the Region. * **ConnectedDirectoriesLimitReached** *(boolean) --* Indicates if the connected directory limit has been reached. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / enable_radius enable_radius ************* DirectoryService.Client.enable_radius(**kwargs) Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory. See also: AWS API Documentation **Request Syntax** response = client.enable_radius( DirectoryId='string', RadiusSettings={ 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to enable MFA. * **RadiusSettings** (*dict*) -- **[REQUIRED]** A RadiusSettings object that contains information about the RADIUS server. * **RadiusServers** *(list) --* An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer. * *(string) --* * **RadiusPort** *(integer) --* The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers. * **RadiusTimeout** *(integer) --* The amount of time, in seconds, to wait for the RADIUS server to respond. * **RadiusRetries** *(integer) --* The maximum number of times that communication with the RADIUS server is retried after the initial attempt. * **SharedSecret** *(string) --* Required for enabling RADIUS on the directory. * **AuthenticationProtocol** *(string) --* The protocol specified for your RADIUS endpoints. * **DisplayLabel** *(string) --* Not currently used. * **UseSameUsername** *(boolean) --* Not currently used. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* Contains the results of the EnableRadius operation. **Exceptions** * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.EntityAlreadyExistsException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / update_directory_setup update_directory_setup ********************** DirectoryService.Client.update_directory_setup(**kwargs) Updates the directory for a particular update type. See also: AWS API Documentation **Request Syntax** response = client.update_directory_setup( DirectoryId='string', UpdateType='OS', OSUpdateSettings={ 'OSVersion': 'SERVER_2012'|'SERVER_2019' }, CreateSnapshotBeforeUpdate=True|False ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory on which you want to perform the update. * **UpdateType** (*string*) -- **[REQUIRED]** The type of update that needs to be performed on the directory. For example, OS. * **OSUpdateSettings** (*dict*) -- The settings for the OS update that needs to be performed on the directory. * **OSVersion** *(string) --* OS version that the directory needs to be updated to. * **CreateSnapshotBeforeUpdate** (*boolean*) -- The boolean that specifies if a snapshot for the directory needs to be taken before updating the directory. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryInDesiredStateExcep tion" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.SnapshotLimitExceededExcepti on" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / delete_snapshot delete_snapshot *************** DirectoryService.Client.delete_snapshot(**kwargs) Deletes a directory snapshot. See also: AWS API Documentation **Request Syntax** response = client.delete_snapshot( SnapshotId='string' ) Parameters: **SnapshotId** (*string*) -- **[REQUIRED]** The identifier of the directory snapshot to be deleted. Return type: dict Returns: **Response Syntax** { 'SnapshotId': 'string' } **Response Structure** * *(dict) --* Contains the results of the DeleteSnapshot operation. * **SnapshotId** *(string) --* The identifier of the directory snapshot that was deleted. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_microsoft_ad create_microsoft_ad ******************* DirectoryService.Client.create_microsoft_ad(**kwargs) Creates a Microsoft AD directory in the Amazon Web Services Cloud. For more information, see Managed Microsoft AD in the *Directory Service Admin Guide*. Before you call *CreateMicrosoftAD*, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the *CreateMicrosoftAD* operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. See also: AWS API Documentation **Request Syntax** response = client.create_microsoft_ad( Name='string', ShortName='string', Password='string', Description='string', VpcSettings={ 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, Edition='Enterprise'|'Standard', Tags=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **Name** (*string*) -- **[REQUIRED]** The fully qualified domain name for the Managed Microsoft AD directory, such as "corp.example.com". This name will resolve inside your VPC only. It does not need to be publicly resolvable. * **ShortName** (*string*) -- The NetBIOS name for your domain, such as "CORP". If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example, "CORP" for the directory DNS "corp.example.com". * **Password** (*string*) -- **[REQUIRED]** The password for the default administrative user named "Admin". If you need to change the password for the administrator account, you can use the ResetUserPassword API call. * **Description** (*string*) -- A description for the directory. This label will appear on the Amazon Web Services console "Directory Details" page after the directory is created. * **VpcSettings** (*dict*) -- **[REQUIRED]** Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation. * **VpcId** *(string) --* **[REQUIRED]** The identifier of the VPC in which to create the directory. * **SubnetIds** *(list) --* **[REQUIRED]** The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets. * *(string) --* * **Edition** (*string*) -- Managed Microsoft AD is available in two editions: "Standard" and "Enterprise". "Enterprise" is the default. * **Tags** (*list*) -- The tags to be assigned to the Managed Microsoft AD directory. * *(dict) --* Metadata assigned to a directory consisting of a key-value pair. * **Key** *(string) --* **[REQUIRED]** Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **Value** *(string) --* **[REQUIRED]** The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string' } **Response Structure** * *(dict) --* Result of a CreateMicrosoftAD request. * **DirectoryId** *(string) --* The identifier of the directory that was created. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryLimitExceededExcept ion" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" DirectoryService / Client / add_region add_region ********** DirectoryService.Client.add_region(**kwargs) Adds two domain controllers in the specified Region for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.add_region( DirectoryId='string', RegionName='string', VPCSettings={ 'VpcId': 'string', 'SubnetIds': [ 'string', ] } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory to which you want to add Region replication. * **RegionName** (*string*) -- **[REQUIRED]** The name of the Region where you want to add domain controllers for replication. For example, "us-east-1". * **VPCSettings** (*dict*) -- **[REQUIRED]** Contains VPC information for the CreateDirectory, CreateMicrosoftAD, or CreateHybridAD operation. * **VpcId** *(string) --* **[REQUIRED]** The identifier of the VPC in which to create the directory. * **SubnetIds** *(list) --* **[REQUIRED]** The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryAlreadyInRegionExce ption" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.RegionLimitExceededException" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / disable_sso disable_sso *********** DirectoryService.Client.disable_sso(**kwargs) Disables single-sign on for a directory. See also: AWS API Documentation **Request Syntax** response = client.disable_sso( DirectoryId='string', UserName='string', Password='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which to disable single- sign on. * **UserName** (*string*) -- The username of an alternate account to use to disable single- sign on. This is only used for AD Connector directories. This account must have privileges to remove a service principal name. If the AD Connector service account does not have privileges to remove a service principal name, you can specify an alternate account with the *UserName* and *Password* parameters. These credentials are only used to disable single sign-on and are not stored by the service. The AD Connector service account is not changed. * **Password** (*string*) -- The password of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. For more information, see the *UserName* parameter. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* Contains the results of the DisableSso operation. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InsufficientPermissionsExcep tion" * "DirectoryService.Client.exceptions.AuthenticationFailedExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / restore_from_snapshot restore_from_snapshot ********************* DirectoryService.Client.restore_from_snapshot(**kwargs) Restores a directory using an existing directory snapshot. When you restore a directory from a snapshot, any changes made to the directory after the snapshot date are overwritten. This action returns as soon as the restore operation is initiated. You can monitor the progress of the restore operation by calling the DescribeDirectories operation with the directory identifier. When the **DirectoryDescription.Stage** value changes to "Active", the restore operation is complete. See also: AWS API Documentation **Request Syntax** response = client.restore_from_snapshot( SnapshotId='string' ) Parameters: **SnapshotId** (*string*) -- **[REQUIRED]** The identifier of the snapshot to restore from. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* Contains the results of the RestoreFromSnapshot operation. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / list_log_subscriptions list_log_subscriptions ********************** DirectoryService.Client.list_log_subscriptions(**kwargs) Lists the active log subscriptions for the Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.list_log_subscriptions( DirectoryId='string', NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- If a *DirectoryID* is provided, lists only the log subscription associated with that directory. If no *DirectoryId* is provided, lists all log subscriptions associated with your Amazon Web Services account. If there are no log subscriptions for the Amazon Web Services account or the directory, an empty list will be returned. * **NextToken** (*string*) -- The token for the next set of items to return. * **Limit** (*integer*) -- The maximum number of items returned. Return type: dict Returns: **Response Syntax** { 'LogSubscriptions': [ { 'DirectoryId': 'string', 'LogGroupName': 'string', 'SubscriptionCreatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **LogSubscriptions** *(list) --* A list of active LogSubscription objects for calling the Amazon Web Services account. * *(dict) --* Represents a log subscription, which tracks real-time data from a chosen log group to a specified destination. * **DirectoryId** *(string) --* Identifier (ID) of the directory that you want to associate with the log subscription. * **LogGroupName** *(string) --* The name of the log group. * **SubscriptionCreatedDateTime** *(datetime) --* The date and time that the log subscription was created. * **NextToken** *(string) --* The token for the next set of items to return. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / enable_ldaps enable_ldaps ************ DirectoryService.Client.enable_ldaps(**kwargs) Activates the switch for the specific directory to always use LDAP secure calls. See also: AWS API Documentation **Request Syntax** response = client.enable_ldaps( DirectoryId='string', Type='Client' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **Type** (*string*) -- **[REQUIRED]** The type of LDAP security to enable. Currently only the value "Client" is supported. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.NoAvailableCertificateExcept ion" * "DirectoryService.Client.exceptions.InvalidLDAPSStatusException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / list_ip_routes list_ip_routes ************** DirectoryService.Client.list_ip_routes(**kwargs) Lists the address blocks that you have added to a directory. See also: AWS API Documentation **Request Syntax** response = client.list_ip_routes( DirectoryId='string', NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier (ID) of the directory for which you want to retrieve the IP addresses. * **NextToken** (*string*) -- The *ListIpRoutes.NextToken* value from a previous call to ListIpRoutes. Pass null if this is the first call. * **Limit** (*integer*) -- Maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation. Return type: dict Returns: **Response Syntax** { 'IpRoutesInfo': [ { 'DirectoryId': 'string', 'CidrIp': 'string', 'IpRouteStatusMsg': 'Adding'|'Added'|'Removing'|'Removed'|'AddFailed'|'RemoveFailed', 'AddedDateTime': datetime(2015, 1, 1), 'IpRouteStatusReason': 'string', 'Description': 'string' }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **IpRoutesInfo** *(list) --* A list of IpRoutes. * *(dict) --* Information about one or more IP address blocks. * **DirectoryId** *(string) --* Identifier (ID) of the directory associated with the IP addresses. * **CidrIp** *(string) --* IP address block in the IpRoute. * **IpRouteStatusMsg** *(string) --* The status of the IP address block. * **AddedDateTime** *(datetime) --* The date and time the address block was added to the directory. * **IpRouteStatusReason** *(string) --* The reason for the IpRouteStatusMsg. * **Description** *(string) --* Description of the IpRouteInfo. * **NextToken** *(string) --* If not null, more results are available. Pass this value for the *NextToken* parameter in a subsequent call to ListIpRoutes to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_log_subscription create_log_subscription *********************** DirectoryService.Client.create_log_subscription(**kwargs) Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account. See also: AWS API Documentation **Request Syntax** response = client.create_log_subscription( DirectoryId='string', LogGroupName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier of the directory to which you want to subscribe and receive real-time logs to your specified CloudWatch log group. * **LogGroupName** (*string*) -- **[REQUIRED]** The name of the CloudWatch log group where the real-time domain controller logs are forwarded. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityAlreadyExistsException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InsufficientPermissionsExcep tion" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_conditional_forwarder create_conditional_forwarder **************************** DirectoryService.Client.create_conditional_forwarder(**kwargs) Creates a conditional forwarder associated with your Amazon Web Services directory. Conditional forwarders are required in order to set up a trust relationship with another domain. The conditional forwarder points to the trusted domain. See also: AWS API Documentation **Request Syntax** response = client.create_conditional_forwarder( DirectoryId='string', RemoteDomainName='string', DnsIpAddrs=[ 'string', ] ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The directory ID of the Amazon Web Services directory for which you are creating the conditional forwarder. * **RemoteDomainName** (*string*) -- **[REQUIRED]** The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship. * **DnsIpAddrs** (*list*) -- **[REQUIRED]** The IP addresses of the remote DNS server associated with RemoteDomainName. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* The result of a CreateConditinalForwarder request. **Exceptions** * "DirectoryService.Client.exceptions.EntityAlreadyExistsException" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / start_ad_assessment start_ad_assessment ******************* DirectoryService.Client.start_ad_assessment(**kwargs) Initiates a directory assessment to validate your self-managed AD environment for hybrid domain join. The assessment checks compatibility and connectivity of the self-managed AD environment. A directory assessment is automatically created when you create a hybrid directory. There are two types of assessments: "CUSTOMER" and "SYSTEM". Your Amazon Web Services account has a limit of 100 "CUSTOMER" directory assessments. The assessment process typically takes 30 minutes or more to complete. The assessment process is asynchronous and you can monitor it with "DescribeADAssessment". The "InstanceIds" must have a one-to-one correspondence with "CustomerDnsIps", meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410]. Note: You must provide exactly one "DirectoryId" or "AssessmentConfiguration". See also: AWS API Documentation **Request Syntax** response = client.start_ad_assessment( AssessmentConfiguration={ 'CustomerDnsIps': [ 'string', ], 'DnsName': 'string', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ] }, 'InstanceIds': [ 'string', ], 'SecurityGroupIds': [ 'string', ] }, DirectoryId='string' ) Parameters: * **AssessmentConfiguration** (*dict*) -- Configuration parameters for the directory assessment, including DNS server information, domain name, Amazon VPC subnet, and Amazon Web Services System Manager managed node details. * **CustomerDnsIps** *(list) --* **[REQUIRED]** A list of IP addresses for the DNS servers or domain controllers in your self-managed AD that are tested during the assessment. * *(string) --* * **DnsName** *(string) --* **[REQUIRED]** The fully qualified domain name (FQDN) of the self-managed AD domain to assess. * **VpcSettings** *(dict) --* **[REQUIRED]** Contains VPC information for the CreateDirectory, CreateMicrosoftAD, or CreateHybridAD operation. * **VpcId** *(string) --* **[REQUIRED]** The identifier of the VPC in which to create the directory. * **SubnetIds** *(list) --* **[REQUIRED]** The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets. * *(string) --* * **InstanceIds** *(list) --* **[REQUIRED]** The identifiers of the self-managed instances with SSM that are used to perform connectivity and validation tests. * *(string) --* * **SecurityGroupIds** *(list) --* By default, the service attaches a security group to allow network access to the self-managed nodes in your Amazon VPC. You can optionally supply your own security group that allows network traffic to and from your self-managed domain controllers outside of your Amazon VPC. * *(string) --* * **DirectoryId** (*string*) -- The identifier of the directory for which to perform the assessment. This should be an existing directory. If the assessment is not for an existing directory, this parameter should be omitted. Return type: dict Returns: **Response Syntax** { 'AssessmentId': 'string' } **Response Structure** * *(dict) --* * **AssessmentId** *(string) --* The unique identifier of the newly started directory assessment. Use this identifier to monitor assessment progress and retrieve results. **Exceptions** * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.ADAssessmentLimitExceededExc eption" DirectoryService / Client / close close ***** DirectoryService.Client.close() Closes underlying endpoint connections. DirectoryService / Client / remove_region remove_region ************* DirectoryService.Client.remove_region(**kwargs) Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation. Instead, use the "DeleteDirectory" API. See also: AWS API Documentation **Request Syntax** response = client.remove_region( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which you want to remove Region replication. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / disable_ldaps disable_ldaps ************* DirectoryService.Client.disable_ldaps(**kwargs) Deactivates LDAP secure calls for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.disable_ldaps( DirectoryId='string', Type='Client' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **Type** (*string*) -- **[REQUIRED]** The type of LDAP security to enable. Currently only the value "Client" is supported. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.InvalidLDAPSStatusException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / delete_log_subscription delete_log_subscription *********************** DirectoryService.Client.delete_log_subscription(**kwargs) Deletes the specified log subscription. See also: AWS API Documentation **Request Syntax** response = client.delete_log_subscription( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** Identifier of the directory whose log subscription you want to delete. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / delete_conditional_forwarder delete_conditional_forwarder **************************** DirectoryService.Client.delete_conditional_forwarder(**kwargs) Deletes a conditional forwarder that has been set up for your Amazon Web Services directory. See also: AWS API Documentation **Request Syntax** response = client.delete_conditional_forwarder( DirectoryId='string', RemoteDomainName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The directory ID for which you are deleting the conditional forwarder. * **RemoteDomainName** (*string*) -- **[REQUIRED]** The fully qualified domain name (FQDN) of the remote domain with which you are deleting the conditional forwarder. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* The result of a DeleteConditionalForwarder request. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / start_schema_extension start_schema_extension ********************** DirectoryService.Client.start_schema_extension(**kwargs) Applies a schema extension to a Microsoft AD directory. See also: AWS API Documentation **Request Syntax** response = client.start_schema_extension( DirectoryId='string', CreateSnapshotBeforeSchemaExtension=True|False, LdifContent='string', Description='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory for which the schema extension will be applied to. * **CreateSnapshotBeforeSchemaExtension** (*boolean*) -- **[REQUIRED]** If true, creates a snapshot of the directory before applying the schema extension. * **LdifContent** (*string*) -- **[REQUIRED]** The LDIF file represented as a string. To construct the LdifContent string, precede each line as it would be formatted in an ldif file with n. See the example request below for more details. The file size can be no larger than 1MB. * **Description** (*string*) -- **[REQUIRED]** A description of the schema extension. Return type: dict Returns: **Response Syntax** { 'SchemaExtensionId': 'string' } **Response Structure** * *(dict) --* * **SchemaExtensionId** *(string) --* The identifier of the schema extension that will be applied. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.SnapshotLimitExceededExcepti on" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / register_certificate register_certificate ******************** DirectoryService.Client.register_certificate(**kwargs) Registers a certificate for a secure LDAP or client certificate authentication. See also: AWS API Documentation **Request Syntax** response = client.register_certificate( DirectoryId='string', CertificateData='string', Type='ClientCertAuth'|'ClientLDAPS', ClientCertAuthSettings={ 'OCSPUrl': 'string' } ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **CertificateData** (*string*) -- **[REQUIRED]** The certificate PEM string that needs to be registered. * **Type** (*string*) -- The function that the registered certificate performs. Valid values include "ClientLDAPS" or "ClientCertAuth". The default value is "ClientLDAPS". * **ClientCertAuthSettings** (*dict*) -- A "ClientCertAuthSettings" object that contains client certificate authentication settings. * **OCSPUrl** *(string) --* Specifies the URL of the default OCSP server used to check for revocation status. A secondary value to any OCSP address found in the AIA extension of the user certificate. Return type: dict Returns: **Response Syntax** { 'CertificateId': 'string' } **Response Structure** * *(dict) --* * **CertificateId** *(string) --* The identifier of the certificate. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.InvalidCertificateException" * "DirectoryService.Client.exceptions.CertificateLimitExceededExce ption" * "DirectoryService.Client.exceptions.CertificateAlreadyExistsExce ption" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / register_event_topic register_event_topic ******************** DirectoryService.Client.register_event_topic(**kwargs) Associates a directory with an Amazon SNS topic. This establishes the directory as a publisher to the specified Amazon SNS topic. You can then receive email or text (SMS) messages when the status of your directory changes. You get notified if your directory goes from an Active status to an Impaired or Inoperable status. You also receive a notification when the directory returns to an Active status. See also: AWS API Documentation **Request Syntax** response = client.register_event_topic( DirectoryId='string', TopicName='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The Directory ID that will publish status messages to the Amazon SNS topic. * **TopicName** (*string*) -- **[REQUIRED]** The Amazon SNS topic name to which the directory will publish status messages. This Amazon SNS topic must be in the same region as the specified Directory ID. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* The result of a RegisterEventTopic request. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_event_topics describe_event_topics ********************* DirectoryService.Client.describe_event_topics(**kwargs) Obtains information about which Amazon SNS topics receive status messages from the specified directory. If no input parameters are provided, such as DirectoryId or TopicName, this request describes all of the associations in the account. See also: AWS API Documentation **Request Syntax** response = client.describe_event_topics( DirectoryId='string', TopicNames=[ 'string', ] ) Parameters: * **DirectoryId** (*string*) -- The Directory ID for which to get the list of associated Amazon SNS topics. If this member is null, associations for all Directory IDs are returned. * **TopicNames** (*list*) -- A list of Amazon SNS topic names for which to obtain the information. If this member is null, all associations for the specified Directory ID are returned. An empty list results in an "InvalidParameterException" being thrown. * *(string) --* Return type: dict Returns: **Response Syntax** { 'EventTopics': [ { 'DirectoryId': 'string', 'TopicName': 'string', 'TopicArn': 'string', 'CreatedDateTime': datetime(2015, 1, 1), 'Status': 'Registered'|'Topic not found'|'Failed'|'Deleted' }, ] } **Response Structure** * *(dict) --* The result of a DescribeEventTopic request. * **EventTopics** *(list) --* A list of Amazon SNS topic names that receive status messages from the specified Directory ID. * *(dict) --* Information about Amazon SNS topic and Directory Service directory associations. * **DirectoryId** *(string) --* The Directory ID of an Directory Service directory that will publish status messages to an Amazon SNS topic. * **TopicName** *(string) --* The name of an Amazon SNS topic the receives status messages from the directory. * **TopicArn** *(string) --* The Amazon SNS topic ARN (Amazon Resource Name). * **CreatedDateTime** *(datetime) --* The date and time of when you associated your directory with the Amazon SNS topic. * **Status** *(string) --* The topic registration status. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / delete_trust delete_trust ************ DirectoryService.Client.delete_trust(**kwargs) Deletes an existing trust relationship between your Managed Microsoft AD directory and an external domain. See also: AWS API Documentation **Request Syntax** response = client.delete_trust( TrustId='string', DeleteAssociatedConditionalForwarder=True|False ) Parameters: * **TrustId** (*string*) -- **[REQUIRED]** The Trust ID of the trust relationship to be deleted. * **DeleteAssociatedConditionalForwarder** (*boolean*) -- Delete a conditional forwarder as part of a DeleteTrustRequest. Return type: dict Returns: **Response Syntax** { 'TrustId': 'string' } **Response Structure** * *(dict) --* The result of a DeleteTrust request. * **TrustId** *(string) --* The Trust ID of the trust relationship that was deleted. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" DirectoryService / Client / add_ip_routes add_ip_routes ************* DirectoryService.Client.add_ip_routes(**kwargs) If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. *AddIpRoutes* adds this address block. You can also use *AddIpRoutes* to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC. Before you call *AddIpRoutes*, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the *AddIpRoutes* operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. See also: AWS API Documentation **Request Syntax** response = client.add_ip_routes( DirectoryId='string', IpRoutes=[ { 'CidrIp': 'string', 'Description': 'string' }, ], UpdateSecurityGroupForDirectoryControllers=True|False ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier (ID) of the directory to which to add the address block. * **IpRoutes** (*list*) -- **[REQUIRED]** IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your self-managed domain. * *(dict) --* IP address block. This is often the address block of the DNS server used for your self-managed domain. * **CidrIp** *(string) --* IP address block using CIDR format, for example 10.0.0.0/24. This is often the address block of the DNS server used for your self-managed domain. For a single IP address use a CIDR address block with /32. For example 10.0.0.0/32. * **Description** *(string) --* Description of the address block. * **UpdateSecurityGroupForDirectoryControllers** (*boolean*) -- If set to true, updates the inbound and outbound rules of the security group that has the description: "Amazon Web Services created security group for *directory ID* directory controllers." Following are the new rules: Inbound: * Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: DNS (UDP), Protocol: UDP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: DNS (TCP), Protocol: TCP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: LDAP, Protocol: TCP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR * Type: All ICMP, Protocol: All, Range: N/A, Source: Managed Microsoft AD VPC IPv4 CIDR Outbound: * Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0 These security rules impact an internal network interface that is not exposed publicly. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.EntityAlreadyExistsException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.IpRouteLimitExceededExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / disable_client_authentication disable_client_authentication ***************************** DirectoryService.Client.disable_client_authentication(**kwargs) Disables alternative client authentication methods for the specified directory. See also: AWS API Documentation **Request Syntax** response = client.disable_client_authentication( DirectoryId='string', Type='SmartCard'|'SmartCardOrPassword' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory * **Type** (*string*) -- **[REQUIRED]** The type of client authentication to disable. Currently the only parameter ""SmartCard"" is supported. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.InvalidClientAuthStatusExcep tion" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / remove_ip_routes remove_ip_routes **************** DirectoryService.Client.remove_ip_routes(**kwargs) Removes IP address blocks from a directory. See also: AWS API Documentation **Request Syntax** response = client.remove_ip_routes( DirectoryId='string', CidrIps=[ 'string', ] ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier (ID) of the directory from which you want to remove the IP addresses. * **CidrIps** (*list*) -- **[REQUIRED]** IP address blocks that you want to remove. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / create_hybrid_ad create_hybrid_ad **************** DirectoryService.Client.create_hybrid_ad(**kwargs) Creates a hybrid directory that connects your self-managed Active Directory (AD) infrastructure and Amazon Web Services. You must have a successful directory assessment using StartADAssessment to validate your environment compatibility before you use this operation. Updates are applied asynchronously. Use DescribeDirectories to monitor the progress of directory creation. See also: AWS API Documentation **Request Syntax** response = client.create_hybrid_ad( SecretArn='string', AssessmentId='string', Tags=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **SecretArn** (*string*) -- **[REQUIRED]** The Amazon Resource Name (ARN) of the Amazon Web Services Secrets Manager secret that contains the credentials for the service account used to join hybrid domain controllers to your self-managed AD domain. This secret is used once and not stored. The secret must contain key-value pairs with keys matching "customerAdAdminDomainUsername" and "customerAdAdminDomainPassword". For example: "{"customerAdAd minDomainUsername":"carlos_salazar","customerAdAdminDomainPas sword":"ExamplePassword123!"}". * **AssessmentId** (*string*) -- **[REQUIRED]** The unique identifier of the successful directory assessment that validates your self-managed AD environment. You must have a successful directory assessment before you create a hybrid directory. * **Tags** (*list*) -- The tags to be assigned to the directory. Each tag consists of a key and value pair. You can specify multiple tags as a list. * *(dict) --* Metadata assigned to a directory consisting of a key-value pair. * **Key** *(string) --* **[REQUIRED]** Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **Value** *(string) --* **[REQUIRED]** The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). Return type: dict Returns: **Response Syntax** { 'DirectoryId': 'string' } **Response Structure** * *(dict) --* * **DirectoryId** *(string) --* The unique identifier of the newly created hybrid directory. **Exceptions** * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryLimitExceededExcept ion" * "DirectoryService.Client.exceptions.ADAssessmentLimitExceededExc eption" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" DirectoryService / Client / add_tags_to_resource add_tags_to_resource ******************** DirectoryService.Client.add_tags_to_resource(**kwargs) Adds or overwrites one or more tags for the specified directory. Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource. See also: AWS API Documentation **Request Syntax** response = client.add_tags_to_resource( ResourceId='string', Tags=[ { 'Key': 'string', 'Value': 'string' }, ] ) Parameters: * **ResourceId** (*string*) -- **[REQUIRED]** Identifier (ID) for the directory to which to add the tag. * **Tags** (*list*) -- **[REQUIRED]** The tags to be assigned to the directory. * *(dict) --* Metadata assigned to a directory consisting of a key-value pair. * **Key** *(string) --* **[REQUIRED]** Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@'(Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). * **Value** *(string) --* **[REQUIRED]** The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-', ':', '@' (Java regex: "^([\p{L}\p{Z}\p{N}_.:/=+\-]*)$"). Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.TagLimitExceededException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_domain_controllers describe_domain_controllers *************************** DirectoryService.Client.describe_domain_controllers(**kwargs) Provides information about any domain controllers in your directory. See also: AWS API Documentation **Request Syntax** response = client.describe_domain_controllers( DirectoryId='string', DomainControllerIds=[ 'string', ], NextToken='string', Limit=123 ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** Identifier of the directory for which to retrieve the domain controller information. * **DomainControllerIds** (*list*) -- A list of identifiers for the domain controllers whose information will be provided. * *(string) --* * **NextToken** (*string*) -- The *DescribeDomainControllers.NextToken* value from a previous call to DescribeDomainControllers. Pass null if this is the first call. * **Limit** (*integer*) -- The maximum number of items to return. Return type: dict Returns: **Response Syntax** { 'DomainControllers': [ { 'DirectoryId': 'string', 'DomainControllerId': 'string', 'DnsIpAddr': 'string', 'VpcId': 'string', 'SubnetId': 'string', 'AvailabilityZone': 'string', 'Status': 'Creating'|'Active'|'Impaired'|'Restoring'|'Deleting'|'Deleted'|'Failed'|'Updating', 'StatusReason': 'string', 'LaunchTime': datetime(2015, 1, 1), 'StatusLastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **DomainControllers** *(list) --* List of the DomainController objects that were retrieved. * *(dict) --* Contains information about the domain controllers for a specified directory. * **DirectoryId** *(string) --* Identifier of the directory where the domain controller resides. * **DomainControllerId** *(string) --* Identifies a specific domain controller in the directory. * **DnsIpAddr** *(string) --* The IP address of the domain controller. * **VpcId** *(string) --* The identifier of the VPC that contains the domain controller. * **SubnetId** *(string) --* Identifier of the subnet in the VPC that contains the domain controller. * **AvailabilityZone** *(string) --* The Availability Zone where the domain controller is located. * **Status** *(string) --* The status of the domain controller. * **StatusReason** *(string) --* A description of the domain controller state. * **LaunchTime** *(datetime) --* Specifies when the domain controller was created. * **StatusLastUpdatedDateTime** *(datetime) --* The date and time that the status was last updated. * **NextToken** *(string) --* If not null, more results are available. Pass this value for the "NextToken" parameter in a subsequent call to DescribeDomainControllers retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" DirectoryService / Client / describe_directories describe_directories ******************** DirectoryService.Client.describe_directories(**kwargs) Obtains information about the directories that belong to this account. You can retrieve information about specific directories by passing the directory identifiers in the "DirectoryIds" parameter. Otherwise, all directories that belong to the current account are returned. This operation supports pagination with the use of the "NextToken" request and response parameters. If more results are available, the "DescribeDirectoriesResult.NextToken" member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items. You can also specify a maximum number of return results with the "Limit" parameter. See also: AWS API Documentation **Request Syntax** response = client.describe_directories( DirectoryIds=[ 'string', ], NextToken='string', Limit=123 ) Parameters: * **DirectoryIds** (*list*) -- A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned. An empty list results in an "InvalidParameterException" being thrown. * *(string) --* * **NextToken** (*string*) -- The "DescribeDirectoriesResult.NextToken" value from a previous call to DescribeDirectories. Pass null if this is the first call. * **Limit** (*integer*) -- The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation. Return type: dict Returns: **Response Syntax** { 'DirectoryDescriptions': [ { 'DirectoryId': 'string', 'Name': 'string', 'ShortName': 'string', 'Size': 'Small'|'Large', 'Edition': 'Enterprise'|'Standard', 'Alias': 'string', 'AccessUrl': 'string', 'Description': 'string', 'DnsIpAddrs': [ 'string', ], 'Stage': 'Requested'|'Creating'|'Created'|'Active'|'Inoperable'|'Impaired'|'Restoring'|'RestoreFailed'|'Deleting'|'Deleted'|'Failed'|'Updating', 'ShareStatus': 'Shared'|'PendingAcceptance'|'Rejected'|'Rejecting'|'RejectFailed'|'Sharing'|'ShareFailed'|'Deleted'|'Deleting', 'ShareMethod': 'ORGANIZATIONS'|'HANDSHAKE', 'ShareNotes': 'string', 'LaunchTime': datetime(2015, 1, 1), 'StageLastUpdatedDateTime': datetime(2015, 1, 1), 'Type': 'SimpleAD'|'ADConnector'|'MicrosoftAD'|'SharedMicrosoftAD', 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'ConnectSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'CustomerUserName': 'string', 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ], 'ConnectIps': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed', 'StageReason': 'string', 'SsoEnabled': True|False, 'DesiredNumberOfDomainControllers': 123, 'OwnerDirectoryDescription': { 'DirectoryId': 'string', 'AccountId': 'string', 'DnsIpAddrs': [ 'string', ], 'VpcSettings': { 'VpcId': 'string', 'SubnetIds': [ 'string', ], 'SecurityGroupId': 'string', 'AvailabilityZones': [ 'string', ] }, 'RadiusSettings': { 'RadiusServers': [ 'string', ], 'RadiusPort': 123, 'RadiusTimeout': 123, 'RadiusRetries': 123, 'SharedSecret': 'string', 'AuthenticationProtocol': 'PAP'|'CHAP'|'MS-CHAPv1'|'MS-CHAPv2', 'DisplayLabel': 'string', 'UseSameUsername': True|False }, 'RadiusStatus': 'Creating'|'Completed'|'Failed' }, 'RegionsInfo': { 'PrimaryRegion': 'string', 'AdditionalRegions': [ 'string', ] }, 'OsVersion': 'SERVER_2012'|'SERVER_2019', 'HybridSettings': { 'SelfManagedDnsIpAddrs': [ 'string', ], 'SelfManagedInstanceIds': [ 'string', ] } }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* Contains the results of the DescribeDirectories operation. * **DirectoryDescriptions** *(list) --* The list of available DirectoryDescription objects that were retrieved. It is possible that this list contains less than the number of items specified in the "Limit" member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. * *(dict) --* Contains information about an Directory Service directory. * **DirectoryId** *(string) --* The directory identifier. * **Name** *(string) --* The fully qualified name of the directory. * **ShortName** *(string) --* The short name of the directory. * **Size** *(string) --* The directory size. * **Edition** *(string) --* The edition associated with this directory. * **Alias** *(string) --* The alias for the directory. If no alias has been created for the directory, the alias is the directory identifier, such as "d-XXXXXXXXXX". * **AccessUrl** *(string) --* The access URL for the directory, such as "http://.awsapps.com". If no alias has been created for the directory, "" is the directory identifier, such as "d-XXXXXXXXXX". * **Description** *(string) --* The description for the directory. * **DnsIpAddrs** *(list) --* The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected. * *(string) --* * **Stage** *(string) --* The current stage of the directory. * **ShareStatus** *(string) --* Current directory status of the shared Managed Microsoft AD directory. * **ShareMethod** *(string) --* The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization ( "ORGANIZATIONS") or with any Amazon Web Services account by sending a shared directory request ( "HANDSHAKE"). * **ShareNotes** *(string) --* A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation. * **LaunchTime** *(datetime) --* Specifies when the directory was created. * **StageLastUpdatedDateTime** *(datetime) --* The date and time that the stage was last updated. * **Type** *(string) --* The directory type. * **VpcSettings** *(dict) --* A DirectoryVpcSettingsDescription object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed Microsoft AD directory. * **VpcId** *(string) --* The identifier of the VPC that the directory is in. * **SubnetIds** *(list) --* The identifiers of the subnets for the directory servers. * *(string) --* * **SecurityGroupId** *(string) --* The domain controller security group identifier for the directory. * **AvailabilityZones** *(list) --* The list of Availability Zones that the directory is in. * *(string) --* * **ConnectSettings** *(dict) --* A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. This member is only present if the directory is an AD Connector directory. * **VpcId** *(string) --* The identifier of the VPC that the AD Connector is in. * **SubnetIds** *(list) --* A list of subnet identifiers in the VPC that the AD Connector is in. * *(string) --* * **CustomerUserName** *(string) --* The user name of the service account in your self- managed directory. * **SecurityGroupId** *(string) --* The security group identifier for the AD Connector directory. * **AvailabilityZones** *(list) --* A list of the Availability Zones that the directory is in. * *(string) --* * **ConnectIps** *(list) --* The IP addresses of the AD Connector servers. * *(string) --* * **RadiusSettings** *(dict) --* A RadiusSettings object that contains information about the RADIUS server configured for this directory. * **RadiusServers** *(list) --* An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer. * *(string) --* * **RadiusPort** *(integer) --* The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers. * **RadiusTimeout** *(integer) --* The amount of time, in seconds, to wait for the RADIUS server to respond. * **RadiusRetries** *(integer) --* The maximum number of times that communication with the RADIUS server is retried after the initial attempt. * **SharedSecret** *(string) --* Required for enabling RADIUS on the directory. * **AuthenticationProtocol** *(string) --* The protocol specified for your RADIUS endpoints. * **DisplayLabel** *(string) --* Not currently used. * **UseSameUsername** *(boolean) --* Not currently used. * **RadiusStatus** *(string) --* The status of the RADIUS MFA server connection. * **StageReason** *(string) --* Additional information about the directory stage. * **SsoEnabled** *(boolean) --* Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso. * **DesiredNumberOfDomainControllers** *(integer) --* The desired number of domain controllers in the directory if the directory is Microsoft AD. * **OwnerDirectoryDescription** *(dict) --* Describes the Managed Microsoft AD directory in the directory owner account. * **DirectoryId** *(string) --* Identifier of the Managed Microsoft AD directory in the directory owner account. * **AccountId** *(string) --* Identifier of the directory owner account. * **DnsIpAddrs** *(list) --* IP address of the directory’s domain controllers. * *(string) --* * **VpcSettings** *(dict) --* Information about the VPC settings for the directory. * **VpcId** *(string) --* The identifier of the VPC that the directory is in. * **SubnetIds** *(list) --* The identifiers of the subnets for the directory servers. * *(string) --* * **SecurityGroupId** *(string) --* The domain controller security group identifier for the directory. * **AvailabilityZones** *(list) --* The list of Availability Zones that the directory is in. * *(string) --* * **RadiusSettings** *(dict) --* A RadiusSettings object that contains information about the RADIUS server. * **RadiusServers** *(list) --* An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer. * *(string) --* * **RadiusPort** *(integer) --* The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers. * **RadiusTimeout** *(integer) --* The amount of time, in seconds, to wait for the RADIUS server to respond. * **RadiusRetries** *(integer) --* The maximum number of times that communication with the RADIUS server is retried after the initial attempt. * **SharedSecret** *(string) --* Required for enabling RADIUS on the directory. * **AuthenticationProtocol** *(string) --* The protocol specified for your RADIUS endpoints. * **DisplayLabel** *(string) --* Not currently used. * **UseSameUsername** *(boolean) --* Not currently used. * **RadiusStatus** *(string) --* Information about the status of the RADIUS server. * **RegionsInfo** *(dict) --* Lists the Regions where the directory has replicated. * **PrimaryRegion** *(string) --* The Region where the Managed Microsoft AD directory was originally created. * **AdditionalRegions** *(list) --* Lists the Regions where the directory has been replicated, excluding the primary Region. * *(string) --* * **OsVersion** *(string) --* The operating system (OS) version of the directory. * **HybridSettings** *(dict) --* Contains information about the hybrid directory configuration for the directory, including Amazon Web Services System Manager managed node identifiers and DNS IPs. * **SelfManagedDnsIpAddrs** *(list) --* The IP addresses of the DNS servers in your self- managed AD environment. * *(string) --* * **SelfManagedInstanceIds** *(list) --* The identifiers of the self-managed instances with SSM used for hybrid directory operations. * *(string) --* * **NextToken** *(string) --* If not null, more results are available. Pass this value for the "NextToken" parameter in a subsequent call to DescribeDirectories to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_certificate describe_certificate ******************** DirectoryService.Client.describe_certificate(**kwargs) Displays information about the certificate registered for secure LDAP or client certificate authentication. See also: AWS API Documentation **Request Syntax** response = client.describe_certificate( DirectoryId='string', CertificateId='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the directory. * **CertificateId** (*string*) -- **[REQUIRED]** The identifier of the certificate. Return type: dict Returns: **Response Syntax** { 'Certificate': { 'CertificateId': 'string', 'State': 'Registering'|'Registered'|'RegisterFailed'|'Deregistering'|'Deregistered'|'DeregisterFailed', 'StateReason': 'string', 'CommonName': 'string', 'RegisteredDateTime': datetime(2015, 1, 1), 'ExpiryDateTime': datetime(2015, 1, 1), 'Type': 'ClientCertAuth'|'ClientLDAPS', 'ClientCertAuthSettings': { 'OCSPUrl': 'string' } } } **Response Structure** * *(dict) --* * **Certificate** *(dict) --* Information about the certificate, including registered date time, certificate state, the reason for the state, expiration date time, and certificate common name. * **CertificateId** *(string) --* The identifier of the certificate. * **State** *(string) --* The state of the certificate. * **StateReason** *(string) --* Describes a state change for the certificate. * **CommonName** *(string) --* The common name for the certificate. * **RegisteredDateTime** *(datetime) --* The date and time that the certificate was registered. * **ExpiryDateTime** *(datetime) --* The date and time when the certificate will expire. * **Type** *(string) --* The function that the registered certificate performs. Valid values include "ClientLDAPS" or "ClientCertAuth". The default value is "ClientLDAPS". * **ClientCertAuthSettings** *(dict) --* A "ClientCertAuthSettings" object that contains client certificate authentication settings. * **OCSPUrl** *(string) --* Specifies the URL of the default OCSP server used to check for revocation status. A secondary value to any OCSP address found in the AIA extension of the user certificate. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.CertificateDoesNotExistExcep tion" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / delete_ad_assessment delete_ad_assessment ******************** DirectoryService.Client.delete_ad_assessment(**kwargs) Deletes a directory assessment and all associated data. This operation permanently removes the assessment results, validation reports, and configuration information. You cannot delete system-initiated assessments. You can delete customer-created assessments even if they are in progress. See also: AWS API Documentation **Request Syntax** response = client.delete_ad_assessment( AssessmentId='string' ) Parameters: **AssessmentId** (*string*) -- **[REQUIRED]** The unique identifier of the directory assessment to delete. Return type: dict Returns: **Response Syntax** { 'AssessmentId': 'string' } **Response Structure** * *(dict) --* * **AssessmentId** *(string) --* The unique identifier of the deleted directory assessment. **Exceptions** * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.EntityDoesNotExistException" DirectoryService / Client / update_conditional_forwarder update_conditional_forwarder **************************** DirectoryService.Client.update_conditional_forwarder(**kwargs) Updates a conditional forwarder that has been set up for your Amazon Web Services directory. See also: AWS API Documentation **Request Syntax** response = client.update_conditional_forwarder( DirectoryId='string', RemoteDomainName='string', DnsIpAddrs=[ 'string', ] ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The directory ID of the Amazon Web Services directory for which to update the conditional forwarder. * **RemoteDomainName** (*string*) -- **[REQUIRED]** The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship. * **DnsIpAddrs** (*list*) -- **[REQUIRED]** The updated IP addresses of the remote DNS server associated with the conditional forwarder. * *(string) --* Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* The result of an UpdateConditionalForwarder request. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / describe_update_directory describe_update_directory ************************* DirectoryService.Client.describe_update_directory(**kwargs) Describes the updates of a directory for a particular update type. See also: AWS API Documentation **Request Syntax** response = client.describe_update_directory( DirectoryId='string', UpdateType='OS', RegionName='string', NextToken='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The unique identifier of the directory. * **UpdateType** (*string*) -- **[REQUIRED]** The type of updates you want to describe for the directory. * **RegionName** (*string*) -- The name of the Region. * **NextToken** (*string*) -- The "DescribeUpdateDirectoryResult". NextToken value from a previous call to DescribeUpdateDirectory. Pass null if this is the first call. Return type: dict Returns: **Response Syntax** { 'UpdateActivities': [ { 'Region': 'string', 'Status': 'Updated'|'Updating'|'UpdateFailed', 'StatusReason': 'string', 'InitiatedBy': 'string', 'NewValue': { 'OSUpdateSettings': { 'OSVersion': 'SERVER_2012'|'SERVER_2019' } }, 'PreviousValue': { 'OSUpdateSettings': { 'OSVersion': 'SERVER_2012'|'SERVER_2019' } }, 'StartTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1) }, ], 'NextToken': 'string' } **Response Structure** * *(dict) --* * **UpdateActivities** *(list) --* The list of update activities on a directory for the requested update type. * *(dict) --* An entry of update information related to a requested update type. * **Region** *(string) --* The name of the Region. * **Status** *(string) --* The status of the update performed on the directory. * **StatusReason** *(string) --* The reason for the current status of the update type activity. * **InitiatedBy** *(string) --* This specifies if the update was initiated by the customer or by the service team. * **NewValue** *(dict) --* The new value of the target setting. * **OSUpdateSettings** *(dict) --* The OS update related settings. * **OSVersion** *(string) --* OS version that the directory needs to be updated to. * **PreviousValue** *(dict) --* The old value of the target setting. * **OSUpdateSettings** *(dict) --* The OS update related settings. * **OSVersion** *(string) --* OS version that the directory needs to be updated to. * **StartTime** *(datetime) --* The start time of the "UpdateDirectorySetup" for the particular type. * **LastUpdatedDateTime** *(datetime) --* The last updated date and time of a particular directory setting. * **NextToken** *(string) --* If not null, more results are available. Pass this value for the "NextToken" parameter. **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" DirectoryService / Client / describe_hybrid_ad_update describe_hybrid_ad_update ************************* DirectoryService.Client.describe_hybrid_ad_update(**kwargs) Retrieves information about update activities for a hybrid directory. This operation provides details about configuration changes, administrator account updates, and self-managed instance settings (IDs and DNS IPs). See also: AWS API Documentation **Request Syntax** response = client.describe_hybrid_ad_update( DirectoryId='string', UpdateType='SelfManagedInstances'|'HybridAdministratorAccount', NextToken='string' ) Parameters: * **DirectoryId** (*string*) -- **[REQUIRED]** The identifier of the hybrid directory for which to retrieve update information. * **UpdateType** (*string*) -- The type of update activities to retrieve. Valid values include "SelfManagedInstances" and "HybridAdministratorAccount". * **NextToken** (*string*) -- The pagination token from a previous request to DescribeHybridADUpdate. Pass null if this is the first request. Return type: dict Returns: **Response Syntax** { 'UpdateActivities': { 'SelfManagedInstances': [ { 'Status': 'Updated'|'Updating'|'UpdateFailed', 'StatusReason': 'string', 'InitiatedBy': 'string', 'NewValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'PreviousValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'StartTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1), 'AssessmentId': 'string' }, ], 'HybridAdministratorAccount': [ { 'Status': 'Updated'|'Updating'|'UpdateFailed', 'StatusReason': 'string', 'InitiatedBy': 'string', 'NewValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'PreviousValue': { 'InstanceIds': [ 'string', ], 'DnsIps': [ 'string', ] }, 'StartTime': datetime(2015, 1, 1), 'LastUpdatedDateTime': datetime(2015, 1, 1), 'AssessmentId': 'string' }, ] }, 'NextToken': 'string' } **Response Structure** * *(dict) --* * **UpdateActivities** *(dict) --* Information about update activities for the hybrid directory, organized by update type. * **SelfManagedInstances** *(list) --* A list of update activities related to the self-managed instances with SSM in the self-managed instances with SSM hybrid directory configuration. * *(dict) --* Contains detailed information about a specific update activity for a hybrid directory component. * **Status** *(string) --* The current status of the update activity. Valid values include "UPDATED", "UPDATING", and "UPDATE_FAILED". * **StatusReason** *(string) --* A human-readable description of the update status, including any error details or progress information. * **InitiatedBy** *(string) --* Specifies if the update was initiated by the customer or Amazon Web Services. * **NewValue** *(dict) --* The new configuration values being applied in this update. * **InstanceIds** *(list) --* The identifiers of the self-managed instances with SSM in the hybrid directory configuration. * *(string) --* * **DnsIps** *(list) --* The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration. * *(string) --* * **PreviousValue** *(dict) --* The previous configuration values before this update was applied. * **InstanceIds** *(list) --* The identifiers of the self-managed instances with SSM in the hybrid directory configuration. * *(string) --* * **DnsIps** *(list) --* The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration. * *(string) --* * **StartTime** *(datetime) --* The date and time when the update activity was initiated. * **LastUpdatedDateTime** *(datetime) --* The date and time when the update activity status was last updated. * **AssessmentId** *(string) --* The identifier of the assessment performed to validate this update configuration. * **HybridAdministratorAccount** *(list) --* A list of update activities related to hybrid directory administrator account changes. * *(dict) --* Contains detailed information about a specific update activity for a hybrid directory component. * **Status** *(string) --* The current status of the update activity. Valid values include "UPDATED", "UPDATING", and "UPDATE_FAILED". * **StatusReason** *(string) --* A human-readable description of the update status, including any error details or progress information. * **InitiatedBy** *(string) --* Specifies if the update was initiated by the customer or Amazon Web Services. * **NewValue** *(dict) --* The new configuration values being applied in this update. * **InstanceIds** *(list) --* The identifiers of the self-managed instances with SSM in the hybrid directory configuration. * *(string) --* * **DnsIps** *(list) --* The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration. * *(string) --* * **PreviousValue** *(dict) --* The previous configuration values before this update was applied. * **InstanceIds** *(list) --* The identifiers of the self-managed instances with SSM in the hybrid directory configuration. * *(string) --* * **DnsIps** *(list) --* The IP addresses of the DNS servers or domain controllers in the hybrid directory configuration. * *(string) --* * **StartTime** *(datetime) --* The date and time when the update activity was initiated. * **LastUpdatedDateTime** *(datetime) --* The date and time when the update activity status was last updated. * **AssessmentId** *(string) --* The identifier of the assessment performed to validate this update configuration. * **NextToken** *(string) --* If not null, more results are available. Pass this value for the "NextToken" parameter in a subsequent request to retrieve the next set of items. **Exceptions** * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.InvalidParameterException" * "DirectoryService.Client.exceptions.InvalidNextTokenException" DirectoryService / Client / get_snapshot_limits get_snapshot_limits ******************* DirectoryService.Client.get_snapshot_limits(**kwargs) Obtains the manual snapshot limits for a directory. See also: AWS API Documentation **Request Syntax** response = client.get_snapshot_limits( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** Contains the identifier of the directory to obtain the limits for. Return type: dict Returns: **Response Syntax** { 'SnapshotLimits': { 'ManualSnapshotsLimit': 123, 'ManualSnapshotsCurrentCount': 123, 'ManualSnapshotsLimitReached': True|False } } **Response Structure** * *(dict) --* Contains the results of the GetSnapshotLimits operation. * **SnapshotLimits** *(dict) --* A SnapshotLimits object that contains the manual snapshot limits for the specified directory. * **ManualSnapshotsLimit** *(integer) --* The maximum number of manual snapshots allowed. * **ManualSnapshotsCurrentCount** *(integer) --* The current number of manual snapshots of the directory. * **ManualSnapshotsLimitReached** *(boolean) --* Indicates if the manual snapshot limit has been reached. **Exceptions** * "DirectoryService.Client.exceptions.EntityDoesNotExistException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException" DirectoryService / Client / disable_directory_data_access disable_directory_data_access ***************************** DirectoryService.Client.disable_directory_data_access(**kwargs) Deactivates access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference. See also: AWS API Documentation **Request Syntax** response = client.disable_directory_data_access( DirectoryId='string' ) Parameters: **DirectoryId** (*string*) -- **[REQUIRED]** The directory identifier. Return type: dict Returns: **Response Syntax** {} **Response Structure** * *(dict) --* **Exceptions** * "DirectoryService.Client.exceptions.DirectoryDoesNotExistExcepti on" * "DirectoryService.Client.exceptions.DirectoryUnavailableExceptio n" * "DirectoryService.Client.exceptions.UnsupportedOperationExceptio n" * "DirectoryService.Client.exceptions.DirectoryInDesiredStateExcep tion" * "DirectoryService.Client.exceptions.AccessDeniedException" * "DirectoryService.Client.exceptions.ClientException" * "DirectoryService.Client.exceptions.ServiceException"