AWS Directory Service 2015-04-16
- Client: Aws\DirectoryService\DirectoryServiceClient
- Service ID: ds
- Version: 2015-04-16
This page describes the parameters and results for the operations of the AWS Directory Service (2015-04-16), and shows how to use the Aws\DirectoryService\DirectoryServiceClient object to call the described operations. This documentation is specific to the 2015-04-16 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName'), where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */).
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */).
- AcceptSharedDirectory ( array $params = [] )
Accepts a directory sharing request that was sent from the directory owner account.
- AddIpRoutes ( array $params = [] )
If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services.
- AddRegion ( array $params = [] )
Adds two domain controllers in the specified Region for the specified directory.
- AddTagsToResource ( array $params = [] )
Adds or overwrites one or more tags for the specified directory.
- CancelSchemaExtension ( array $params = [] )
Cancels an in-progress schema extension to a Microsoft AD directory.
- ConnectDirectory ( array $params = [] )
Creates an AD Connector to connect to a self-managed directory.
- CreateAlias ( array $params = [] )
Creates an alias for a directory and assigns the alias to the directory.
- CreateComputer ( array $params = [] )
Creates an Active Directory computer object in the specified directory.
- CreateConditionalForwarder ( array $params = [] )
Creates a conditional forwarder associated with your Amazon Web Services directory.
- CreateDirectory ( array $params = [] )
Creates a Simple AD directory.
- CreateLogSubscription ( array $params = [] )
Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account.
- CreateMicrosoftAD ( array $params = [] )
Creates a Microsoft AD directory in the Amazon Web Services Cloud.
- CreateSnapshot ( array $params = [] )
Creates a snapshot of a Simple AD or Microsoft AD directory in the Amazon Web Services cloud.
- CreateTrust ( array $params = [] )
Directory Service for Microsoft Active Directory allows you to configure trust relationships.
- DeleteConditionalForwarder ( array $params = [] )
Deletes a conditional forwarder that has been set up for your Amazon Web Services directory.
- DeleteDirectory ( array $params = [] )
Deletes an Directory Service directory.
- DeleteLogSubscription ( array $params = [] )
Deletes the specified log subscription.
- DeleteSnapshot ( array $params = [] )
Deletes a directory snapshot.
- DeleteTrust ( array $params = [] )
Deletes an existing trust relationship between your Managed Microsoft AD directory and an external domain.
- DeregisterCertificate ( array $params = [] )
Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication.
- DeregisterEventTopic ( array $params = [] )
Removes the specified directory as a publisher to the specified Amazon SNS topic.
- DescribeCertificate ( array $params = [] )
Displays information about the certificate registered for secure LDAP or client certificate authentication.
- DescribeClientAuthenticationSettings ( array $params = [] )
Retrieves information about the type of client authentication for the specified directory, if the type is specified.
- DescribeConditionalForwarders ( array $params = [] )
Obtains information about the conditional forwarders for this account.
- DescribeDirectories ( array $params = [] )
Obtains information about the directories that belong to this account.
- DescribeDomainControllers ( array $params = [] )
Provides information about any domain controllers in your directory.
- DescribeEventTopics ( array $params = [] )
Obtains information about which Amazon SNS topics receive status messages from the specified directory.
- DescribeLDAPSSettings ( array $params = [] )
Describes the status of LDAP security for the specified directory.
- DescribeRegions ( array $params = [] )
Provides information about the Regions that are configured for multi-Region replication.
- DescribeSettings ( array $params = [] )
Retrieves information about the configurable settings for the specified directory.
- DescribeSharedDirectories ( array $params = [] )
Returns the shared directories in your account.
- DescribeSnapshots ( array $params = [] )
Obtains information about the directory snapshots that belong to this account.
- DescribeTrusts ( array $params = [] )
Obtains information about the trust relationships for this account.
- DescribeUpdateDirectory ( array $params = [] )
Describes the updates of a directory for a particular update type.
- DisableClientAuthentication ( array $params = [] )
Disables alternative client authentication methods for the specified directory.
- DisableLDAPS ( array $params = [] )
Deactivates LDAP secure calls for the specified directory.
- DisableRadius ( array $params = [] )
Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.
- DisableSso ( array $params = [] )
Disables single-sign on for a directory.
- EnableClientAuthentication ( array $params = [] )
Enables alternative client authentication methods for the specified directory.
- EnableLDAPS ( array $params = [] )
Activates the switch for the specific directory to always use LDAP secure calls.
- EnableRadius ( array $params = [] )
Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.
- EnableSso ( array $params = [] )
Enables single sign-on for a directory.
- GetDirectoryLimits ( array $params = [] )
Obtains directory limit information for the current Region.
- GetSnapshotLimits ( array $params = [] )
Obtains the manual snapshot limits for a directory.
- ListCertificates ( array $params = [] )
For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication.
- ListIpRoutes ( array $params = [] )
Lists the address blocks that you have added to a directory.
- ListLogSubscriptions ( array $params = [] )
Lists the active log subscriptions for the Amazon Web Services account.
- ListSchemaExtensions ( array $params = [] )
Lists all schema extensions applied to a Microsoft AD Directory.
- ListTagsForResource ( array $params = [] )
Lists all tags on a directory.
- RegisterCertificate ( array $params = [] )
Registers a certificate for a secure LDAP or client certificate authentication.
- RegisterEventTopic ( array $params = [] )
Associates a directory with an Amazon SNS topic.
- RejectSharedDirectory ( array $params = [] )
Rejects a directory sharing request that was sent from the directory owner account.
- RemoveIpRoutes ( array $params = [] )
Removes IP address blocks from a directory.
- RemoveRegion ( array $params = [] )
Stops all replication and removes the domain controllers from the specified Region.
- RemoveTagsFromResource ( array $params = [] )
Removes tags from a directory.
- ResetUserPassword ( array $params = [] )
Resets the password for any user in your Managed Microsoft AD or Simple AD directory.
- RestoreFromSnapshot ( array $params = [] )
Restores a directory using an existing directory snapshot.
- ShareDirectory ( array $params = [] )
Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer).
- StartSchemaExtension ( array $params = [] )
Applies a schema extension to a Microsoft AD directory.
- UnshareDirectory ( array $params = [] )
Stops the directory sharing between the directory owner and consumer accounts.
- UpdateConditionalForwarder ( array $params = [] )
Updates a conditional forwarder that has been set up for your Amazon Web Services directory.
- UpdateDirectorySetup ( array $params = [] )
Updates the directory for a particular update type.
- UpdateNumberOfDomainControllers ( array $params = [] )
Adds or removes domain controllers to or from the directory.
- UpdateRadius ( array $params = [] )
Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory.
- UpdateSettings ( array $params = [] )
Updates the configurable settings for the specified directory.
- UpdateTrust ( array $params = [] )
Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory.
- VerifyTrust ( array $params = [] )
Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AcceptSharedDirectory
$result = $client->acceptSharedDirectory([/* ... */]); $promise = $client->acceptSharedDirectoryAsync([/* ... */]);
Accepts a directory sharing request that was sent from the directory owner account.
Parameter Syntax
$result = $client->acceptSharedDirectory([
'SharedDirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'SharedDirectory' => [
'CreatedDateTime' => <DateTime>,
'LastUpdatedDateTime' => <DateTime>,
'OwnerAccountId' => '<string>',
'OwnerDirectoryId' => '<string>',
'ShareMethod' => 'ORGANIZATIONS|HANDSHAKE',
'ShareNotes' => '<string>',
'ShareStatus' => 'Shared|PendingAcceptance|Rejected|Rejecting|RejectFailed|Sharing|ShareFailed|Deleted|Deleting',
'SharedAccountId' => '<string>',
'SharedDirectoryId' => '<string>',
],
]
Result Details
Members
- SharedDirectory
-
- Type: SharedDirectory structure
The shared directory in the directory consumer account.
Errors
-
One or more parameters are not valid.
-
The specified entity could not be found.
-
DirectoryAlreadySharedException:
The specified directory has already been shared with this Amazon Web Services account.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
AddIpRoutes
$result = $client->addIpRoutes([/* ... */]); $promise = $client->addIpRoutesAsync([/* ... */]);
If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC.
Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
Parameter Syntax
$result = $client->addIpRoutes([
'DirectoryId' => '<string>', // REQUIRED
'IpRoutes' => [ // REQUIRED
[
'CidrIp' => '<string>',
'Description' => '<string>',
],
// ...
],
'UpdateSecurityGroupForDirectoryControllers' => true || false,
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
Identifier (ID) of the directory to which to add the address block.
- IpRoutes
-
- Required: Yes
- Type: Array of IpRoute structures
IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your self-managed domain.
- UpdateSecurityGroupForDirectoryControllers
-
- Type: boolean
If set to true, updates the inbound and outbound rules of the security group that has the description: "Amazon Web Services created security group for directory ID directory controllers." Following are the new rules:
Inbound:
-
Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: 0.0.0.0/0
-
Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: 0.0.0.0/0
-
Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: 0.0.0.0/0
-
Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: 0.0.0.0/0
-
Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: 0.0.0.0/0
-
Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: 0.0.0.0/0
-
Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: 0.0.0.0/0
-
Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: 0.0.0.0/0
-
Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: 0.0.0.0/0
-
Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: 0.0.0.0/0
-
Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: 0.0.0.0/0
-
Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: 0.0.0.0/0
-
Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: 0.0.0.0/0
-
Type: DNS (UDP), Protocol: UDP, Range: 53, Source: 0.0.0.0/0
-
Type: DNS (TCP), Protocol: TCP, Range: 53, Source: 0.0.0.0/0
-
Type: LDAP, Protocol: TCP, Range: 389, Source: 0.0.0.0/0
-
Type: All ICMP, Protocol: All, Range: N/A, Source: 0.0.0.0/0
Outbound:
-
Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0
These security rules impact an internal network interface that is not exposed publicly.
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
The specified entity already exists.
-
One or more parameters are not valid.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
IpRouteLimitExceededException:
The maximum allowed number of IP addresses was exceeded. The default limit is 100 IP address blocks.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
AddRegion
$result = $client->addRegion([/* ... */]); $promise = $client->addRegionAsync([/* ... */]);
Adds two domain controllers in the specified Region for the specified directory.
Parameter Syntax
$result = $client->addRegion([
'DirectoryId' => '<string>', // REQUIRED
'RegionName' => '<string>', // REQUIRED
'VPCSettings' => [ // REQUIRED
'SubnetIds' => ['<string>', ...], // REQUIRED
'VpcId' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory to which you want to add Region replication.
- RegionName
-
- Required: Yes
- Type: string
The name of the Region where you want to add domain controllers for replication. For example,
us-east-1. - VPCSettings
-
- Required: Yes
- Type: DirectoryVpcSettings structure
Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.
Result Syntax
[]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
One or more parameters are not valid.
-
The specified entity could not be found.
-
DirectoryAlreadyInRegionException:
The Region you specified is the same Region where the Managed Microsoft AD directory was created. Specify a different Region and try again.
-
UnsupportedOperationException:
The operation is not supported.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
You have reached the limit for maximum number of simultaneous Region replications per directory.
-
Client authentication is not available in this region at this time.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
AddTagsToResource
$result = $client->addTagsToResource([/* ... */]); $promise = $client->addTagsToResourceAsync([/* ... */]);
Adds or overwrites one or more tags for the specified directory. Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource.
Parameter Syntax
$result = $client->addTagsToResource([
'ResourceId' => '<string>', // REQUIRED
'Tags' => [ // REQUIRED
[
'Key' => '<string>', // REQUIRED
'Value' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- ResourceId
-
- Required: Yes
- Type: string
Identifier (ID) for the directory to which to add the tag.
- Tags
-
- Required: Yes
- Type: Array of Tag structures
The tags to be assigned to the directory.
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
The maximum allowed number of tags was exceeded.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CancelSchemaExtension
$result = $client->cancelSchemaExtension([/* ... */]); $promise = $client->cancelSchemaExtensionAsync([/* ... */]);
Cancels an in-progress schema extension to a Microsoft AD directory. Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; Initializing, CreatingSnapshot, and UpdatingSchema.
Parameter Syntax
$result = $client->cancelSchemaExtension([
'DirectoryId' => '<string>', // REQUIRED
'SchemaExtensionId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
ConnectDirectory
$result = $client->connectDirectory([/* ... */]); $promise = $client->connectDirectoryAsync([/* ... */]);
Creates an AD Connector to connect to a self-managed directory.
Before you call ConnectDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the ConnectDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
Parameter Syntax
$result = $client->connectDirectory([
'ConnectSettings' => [ // REQUIRED
'CustomerDnsIps' => ['<string>', ...], // REQUIRED
'CustomerUserName' => '<string>', // REQUIRED
'SubnetIds' => ['<string>', ...], // REQUIRED
'VpcId' => '<string>', // REQUIRED
],
'Description' => '<string>',
'Name' => '<string>', // REQUIRED
'Password' => '<string>', // REQUIRED
'ShortName' => '<string>',
'Size' => 'Small|Large', // REQUIRED
'Tags' => [
[
'Key' => '<string>', // REQUIRED
'Value' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
- ConnectSettings
-
- Required: Yes
- Type: DirectoryConnectSettings structure
A DirectoryConnectSettings object that contains additional information for the operation.
- Description
-
- Type: string
A description for the directory.
- Name
-
- Required: Yes
- Type: string
The fully qualified name of your self-managed directory, such as
corp.example.com. - Password
-
- Required: Yes
- Type: string
The password for your self-managed user account.
- ShortName
-
- Type: string
The NetBIOS name of your self-managed directory, such as
CORP. - Size
-
- Required: Yes
- Type: string
The size of the directory.
- Tags
-
- Type: Array of Tag structures
The tags to be assigned to AD Connector.
Result Syntax
[
'DirectoryId' => '<string>',
]
Result Details
Errors
-
DirectoryLimitExceededException:
The maximum number of directories in the region has been reached. You can use the GetDirectoryLimits operation to determine your directory limits in the region.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CreateAlias
$result = $client->createAlias([/* ... */]); $promise = $client->createAliasAsync([/* ... */]);
Creates an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as http://<alias>.awsapps.com.
After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary.
Parameter Syntax
$result = $client->createAlias([
'Alias' => '<string>', // REQUIRED
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
- Alias
-
- Required: Yes
- Type: string
The requested alias.
The alias must be unique amongst all aliases in Amazon Web Services. This operation throws an
EntityAlreadyExistsExceptionerror if the alias already exists. - DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which to create the alias.
Result Syntax
[
'Alias' => '<string>',
'DirectoryId' => '<string>',
]
Result Details
Members
Errors
-
The specified entity already exists.
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CreateComputer
$result = $client->createComputer([/* ... */]); $promise = $client->createComputerAsync([/* ... */]);
Creates an Active Directory computer object in the specified directory.
Parameter Syntax
$result = $client->createComputer([
'ComputerAttributes' => [
[
'Name' => '<string>',
'Value' => '<string>',
],
// ...
],
'ComputerName' => '<string>', // REQUIRED
'DirectoryId' => '<string>', // REQUIRED
'OrganizationalUnitDistinguishedName' => '<string>',
'Password' => '<string>', // REQUIRED
]);
Parameter Details
Members
- ComputerAttributes
-
- Type: Array of Attribute structures
An array of Attribute objects that contain any LDAP attributes to apply to the computer account.
- ComputerName
-
- Required: Yes
- Type: string
The name of the computer account.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory in which to create the computer account.
- OrganizationalUnitDistinguishedName
-
- Type: string
The fully-qualified distinguished name of the organizational unit to place the computer account in.
- Password
-
- Required: Yes
- Type: string
A one-time password that is used to join the computer to the directory. You should generate a random, strong password to use for this parameter.
Result Syntax
[
'Computer' => [
'ComputerAttributes' => [
[
'Name' => '<string>',
'Value' => '<string>',
],
// ...
],
'ComputerId' => '<string>',
'ComputerName' => '<string>',
],
]
Result Details
Errors
-
AuthenticationFailedException:
An authentication error occurred.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
The specified entity already exists.
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CreateConditionalForwarder
$result = $client->createConditionalForwarder([/* ... */]); $promise = $client->createConditionalForwarderAsync([/* ... */]);
Creates a conditional forwarder associated with your Amazon Web Services directory. Conditional forwarders are required in order to set up a trust relationship with another domain. The conditional forwarder points to the trusted domain.
Parameter Syntax
$result = $client->createConditionalForwarder([
'DirectoryId' => '<string>', // REQUIRED
'DnsIpAddrs' => ['<string>', ...], // REQUIRED
'RemoteDomainName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The directory ID of the Amazon Web Services directory for which you are creating the conditional forwarder.
- DnsIpAddrs
-
- Required: Yes
- Type: Array of strings
The IP addresses of the remote DNS server associated with RemoteDomainName.
- RemoteDomainName
-
- Required: Yes
- Type: string
The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.
Result Syntax
[]
Result Details
Errors
-
The specified entity already exists.
-
The specified entity could not be found.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
One or more parameters are not valid.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CreateDirectory
$result = $client->createDirectory([/* ... */]); $promise = $client->createDirectoryAsync([/* ... */]);
Creates a Simple AD directory. For more information, see Simple Active Directory in the Directory Service Admin Guide.
Before you call CreateDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
Parameter Syntax
$result = $client->createDirectory([
'Description' => '<string>',
'Name' => '<string>', // REQUIRED
'Password' => '<string>', // REQUIRED
'ShortName' => '<string>',
'Size' => 'Small|Large', // REQUIRED
'Tags' => [
[
'Key' => '<string>', // REQUIRED
'Value' => '<string>', // REQUIRED
],
// ...
],
'VpcSettings' => [
'SubnetIds' => ['<string>', ...], // REQUIRED
'VpcId' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- Description
-
- Type: string
A description for the directory.
- Name
-
- Required: Yes
- Type: string
The fully qualified name for the directory, such as
corp.example.com. - Password
-
- Required: Yes
- Type: string
The password for the directory administrator. The directory creation process creates a directory administrator account with the user name
Administratorand this password.If you need to change the password for the administrator account, you can use the ResetUserPassword API call.
The regex pattern for this string is made up of the following conditions:
-
Length (?=^.{8,64}$) – Must be between 8 and 64 characters
AND any 3 of the following password complexity rules required by Active Directory:
-
Numbers and upper case and lowercase (?=.*\d)(?=.*[A-Z])(?=.*[a-z])
-
Numbers and special characters and lower case (?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])
-
Special characters and upper case and lower case (?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])
-
Numbers and upper case and special characters (?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s])
For additional information about how Active Directory passwords are enforced, see Password must meet complexity requirements on the Microsoft website.
- ShortName
-
- Type: string
The NetBIOS name of the directory, such as
CORP. - Size
-
- Required: Yes
- Type: string
The size of the directory.
- Tags
-
- Type: Array of Tag structures
The tags to be assigned to the Simple AD directory.
- VpcSettings
-
- Type: DirectoryVpcSettings structure
A DirectoryVpcSettings object that contains additional information for the operation.
Result Syntax
[
'DirectoryId' => '<string>',
]
Result Details
Errors
-
DirectoryLimitExceededException:
The maximum number of directories in the region has been reached. You can use the GetDirectoryLimits operation to determine your directory limits in the region.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CreateLogSubscription
$result = $client->createLogSubscription([/* ... */]); $promise = $client->createLogSubscriptionAsync([/* ... */]);
Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account.
Parameter Syntax
$result = $client->createLogSubscription([
'DirectoryId' => '<string>', // REQUIRED
'LogGroupName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity already exists.
-
The specified entity could not be found.
-
UnsupportedOperationException:
The operation is not supported.
-
InsufficientPermissionsException:
The account does not have sufficient permission to perform the operation.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CreateMicrosoftAD
$result = $client->createMicrosoftAD([/* ... */]); $promise = $client->createMicrosoftADAsync([/* ... */]);
Creates a Microsoft AD directory in the Amazon Web Services Cloud. For more information, see Managed Microsoft AD in the Directory Service Admin Guide.
Before you call CreateMicrosoftAD, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateMicrosoftAD operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
Parameter Syntax
$result = $client->createMicrosoftAD([
'Description' => '<string>',
'Edition' => 'Enterprise|Standard',
'Name' => '<string>', // REQUIRED
'Password' => '<string>', // REQUIRED
'ShortName' => '<string>',
'Tags' => [
[
'Key' => '<string>', // REQUIRED
'Value' => '<string>', // REQUIRED
],
// ...
],
'VpcSettings' => [ // REQUIRED
'SubnetIds' => ['<string>', ...], // REQUIRED
'VpcId' => '<string>', // REQUIRED
],
]);
Parameter Details
Members
- Description
-
- Type: string
A description for the directory. This label will appear on the Amazon Web Services console
Directory Detailspage after the directory is created. - Edition
-
- Type: string
Managed Microsoft AD is available in two editions:
StandardandEnterprise.Enterpriseis the default. - Name
-
- Required: Yes
- Type: string
The fully qualified domain name for the Managed Microsoft AD directory, such as
corp.example.com. This name will resolve inside your VPC only. It does not need to be publicly resolvable. - Password
-
- Required: Yes
- Type: string
The password for the default administrative user named
Admin.If you need to change the password for the administrator account, you can use the ResetUserPassword API call.
- ShortName
-
- Type: string
The NetBIOS name for your domain, such as
CORP. If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example,CORPfor the directory DNScorp.example.com. - Tags
-
- Type: Array of Tag structures
The tags to be assigned to the Managed Microsoft AD directory.
- VpcSettings
-
- Required: Yes
- Type: DirectoryVpcSettings structure
Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.
Result Syntax
[
'DirectoryId' => '<string>',
]
Result Details
Errors
-
DirectoryLimitExceededException:
The maximum number of directories in the region has been reached. You can use the GetDirectoryLimits operation to determine your directory limits in the region.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
-
UnsupportedOperationException:
The operation is not supported.
CreateSnapshot
$result = $client->createSnapshot([/* ... */]); $promise = $client->createSnapshotAsync([/* ... */]);
Creates a snapshot of a Simple AD or Microsoft AD directory in the Amazon Web Services cloud.
You cannot take snapshots of AD Connector directories.
Parameter Syntax
$result = $client->createSnapshot([
'DirectoryId' => '<string>', // REQUIRED
'Name' => '<string>',
]);
Parameter Details
Members
Result Syntax
[
'SnapshotId' => '<string>',
]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
SnapshotLimitExceededException:
The maximum number of manual snapshots for the directory has been reached. You can use the GetSnapshotLimits operation to determine the snapshot limits for a directory.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
CreateTrust
$result = $client->createTrust([/* ... */]); $promise = $client->createTrustAsync([/* ... */]);
Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.
This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.
Parameter Syntax
$result = $client->createTrust([
'ConditionalForwarderIpAddrs' => ['<string>', ...],
'DirectoryId' => '<string>', // REQUIRED
'RemoteDomainName' => '<string>', // REQUIRED
'SelectiveAuth' => 'Enabled|Disabled',
'TrustDirection' => 'One-Way: Outgoing|One-Way: Incoming|Two-Way', // REQUIRED
'TrustPassword' => '<string>', // REQUIRED
'TrustType' => 'Forest|External',
]);
Parameter Details
Members
- ConditionalForwarderIpAddrs
-
- Type: Array of strings
The IP addresses of the remote DNS server associated with RemoteDomainName.
- DirectoryId
-
- Required: Yes
- Type: string
The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship.
- RemoteDomainName
-
- Required: Yes
- Type: string
The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.
- SelectiveAuth
-
- Type: string
Optional parameter to enable selective authentication for the trust.
- TrustDirection
-
- Required: Yes
- Type: string
The direction of the trust relationship.
- TrustPassword
-
- Required: Yes
- Type: string
The trust password. The must be the same password that was used when creating the trust relationship on the external domain.
- TrustType
-
- Type: string
The trust relationship type.
Forestis the default.
Result Syntax
[
'TrustId' => '<string>',
]
Result Details
Errors
-
The specified entity already exists.
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
-
UnsupportedOperationException:
The operation is not supported.
DeleteConditionalForwarder
$result = $client->deleteConditionalForwarder([/* ... */]); $promise = $client->deleteConditionalForwarderAsync([/* ... */]);
Deletes a conditional forwarder that has been set up for your Amazon Web Services directory.
Parameter Syntax
$result = $client->deleteConditionalForwarder([
'DirectoryId' => '<string>', // REQUIRED
'RemoteDomainName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
One or more parameters are not valid.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DeleteDirectory
$result = $client->deleteDirectory([/* ... */]); $promise = $client->deleteDirectoryAsync([/* ... */]);
Deletes an Directory Service directory.
Before you call DeleteDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the DeleteDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.
Parameter Syntax
$result = $client->deleteDirectory([
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'DirectoryId' => '<string>',
]
Result Details
Errors
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DeleteLogSubscription
$result = $client->deleteLogSubscription([/* ... */]); $promise = $client->deleteLogSubscriptionAsync([/* ... */]);
Deletes the specified log subscription.
Parameter Syntax
$result = $client->deleteLogSubscription([
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DeleteSnapshot
$result = $client->deleteSnapshot([/* ... */]); $promise = $client->deleteSnapshotAsync([/* ... */]);
Deletes a directory snapshot.
Parameter Syntax
$result = $client->deleteSnapshot([
'SnapshotId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'SnapshotId' => '<string>',
]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DeleteTrust
$result = $client->deleteTrust([/* ... */]); $promise = $client->deleteTrustAsync([/* ... */]);
Deletes an existing trust relationship between your Managed Microsoft AD directory and an external domain.
Parameter Syntax
$result = $client->deleteTrust([
'DeleteAssociatedConditionalForwarder' => true || false,
'TrustId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'TrustId' => '<string>',
]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
-
UnsupportedOperationException:
The operation is not supported.
DeregisterCertificate
$result = $client->deregisterCertificate([/* ... */]); $promise = $client->deregisterCertificateAsync([/* ... */]);
Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication.
Parameter Syntax
$result = $client->deregisterCertificate([
'CertificateId' => '<string>', // REQUIRED
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
CertificateDoesNotExistException:
The certificate is not present in the system for describe or deregister activities.
-
The certificate is being used for the LDAP security connection and cannot be removed without disabling LDAP security.
-
UnsupportedOperationException:
The operation is not supported.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DeregisterEventTopic
$result = $client->deregisterEventTopic([/* ... */]); $promise = $client->deregisterEventTopicAsync([/* ... */]);
Removes the specified directory as a publisher to the specified Amazon SNS topic.
Parameter Syntax
$result = $client->deregisterEventTopic([
'DirectoryId' => '<string>', // REQUIRED
'TopicName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeCertificate
$result = $client->describeCertificate([/* ... */]); $promise = $client->describeCertificateAsync([/* ... */]);
Displays information about the certificate registered for secure LDAP or client certificate authentication.
Parameter Syntax
$result = $client->describeCertificate([
'CertificateId' => '<string>', // REQUIRED
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'Certificate' => [
'CertificateId' => '<string>',
'ClientCertAuthSettings' => [
'OCSPUrl' => '<string>',
],
'CommonName' => '<string>',
'ExpiryDateTime' => <DateTime>,
'RegisteredDateTime' => <DateTime>,
'State' => 'Registering|Registered|RegisterFailed|Deregistering|Deregistered|DeregisterFailed',
'StateReason' => '<string>',
'Type' => 'ClientCertAuth|ClientLDAPS',
],
]
Result Details
Members
- Certificate
-
- Type: Certificate structure
Information about the certificate, including registered date time, certificate state, the reason for the state, expiration date time, and certificate common name.
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
CertificateDoesNotExistException:
The certificate is not present in the system for describe or deregister activities.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeClientAuthenticationSettings
$result = $client->describeClientAuthenticationSettings([/* ... */]); $promise = $client->describeClientAuthenticationSettingsAsync([/* ... */]);
Retrieves information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported.
Parameter Syntax
$result = $client->describeClientAuthenticationSettings([
'DirectoryId' => '<string>', // REQUIRED
'Limit' => <integer>,
'NextToken' => '<string>',
'Type' => 'SmartCard|SmartCardOrPassword',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which to retrieve information.
- Limit
-
- Type: int
The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.
- NextToken
-
- Type: string
The DescribeClientAuthenticationSettingsResult.NextToken value from a previous call to DescribeClientAuthenticationSettings. Pass null if this is the first call.
- Type
-
- Type: string
The type of client authentication for which to retrieve information. If no type is specified, a list of all client authentication types that are supported for the specified directory is retrieved.
Result Syntax
[
'ClientAuthenticationSettingsInfo' => [
[
'LastUpdatedDateTime' => <DateTime>,
'Status' => 'Enabled|Disabled',
'Type' => 'SmartCard|SmartCardOrPassword',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- ClientAuthenticationSettingsInfo
-
- Type: Array of ClientAuthenticationSettingInfo structures
Information about the type of client authentication for the specified directory. The following information is retrieved: The date and time when the status of the client authentication type was last updated, whether the client authentication type is enabled or disabled, and the type of client authentication.
- NextToken
-
- Type: string
The next token used to retrieve the client authentication settings if the number of setting types exceeds page limit and there is another page.
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
Client authentication is not available in this region at this time.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeConditionalForwarders
$result = $client->describeConditionalForwarders([/* ... */]); $promise = $client->describeConditionalForwardersAsync([/* ... */]);
Obtains information about the conditional forwarders for this account.
If no input parameters are provided for RemoteDomainNames, this request describes all conditional forwarders for the specified directory ID.
Parameter Syntax
$result = $client->describeConditionalForwarders([
'DirectoryId' => '<string>', // REQUIRED
'RemoteDomainNames' => ['<string>', ...],
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The directory ID for which to get the list of associated conditional forwarders.
- RemoteDomainNames
-
- Type: Array of strings
The fully qualified domain names (FQDN) of the remote domains for which to get the list of associated conditional forwarders. If this member is null, all conditional forwarders are returned.
Result Syntax
[
'ConditionalForwarders' => [
[
'DnsIpAddrs' => ['<string>', ...],
'RemoteDomainName' => '<string>',
'ReplicationScope' => 'Domain',
],
// ...
],
]
Result Details
Members
- ConditionalForwarders
-
- Type: Array of ConditionalForwarder structures
The list of conditional forwarders that have been created.
Errors
-
The specified entity could not be found.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
One or more parameters are not valid.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeDirectories
$result = $client->describeDirectories([/* ... */]); $promise = $client->describeDirectoriesAsync([/* ... */]);
Obtains information about the directories that belong to this account.
You can retrieve information about specific directories by passing the directory identifiers in the DirectoryIds parameter. Otherwise, all directories that belong to the current account are returned.
This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeDirectoriesResult.NextToken member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items.
You can also specify a maximum number of return results with the Limit parameter.
Parameter Syntax
$result = $client->describeDirectories([
'DirectoryIds' => ['<string>', ...],
'Limit' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DirectoryIds
-
- Type: Array of strings
A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned.
An empty list results in an
InvalidParameterExceptionbeing thrown. - Limit
-
- Type: int
The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.
- NextToken
-
- Type: string
The
DescribeDirectoriesResult.NextTokenvalue from a previous call to DescribeDirectories. Pass null if this is the first call.
Result Syntax
[
'DirectoryDescriptions' => [
[
'AccessUrl' => '<string>',
'Alias' => '<string>',
'ConnectSettings' => [
'AvailabilityZones' => ['<string>', ...],
'ConnectIps' => ['<string>', ...],
'CustomerUserName' => '<string>',
'SecurityGroupId' => '<string>',
'SubnetIds' => ['<string>', ...],
'VpcId' => '<string>',
],
'Description' => '<string>',
'DesiredNumberOfDomainControllers' => <integer>,
'DirectoryId' => '<string>',
'DnsIpAddrs' => ['<string>', ...],
'Edition' => 'Enterprise|Standard',
'LaunchTime' => <DateTime>,
'Name' => '<string>',
'OsVersion' => 'SERVER_2012|SERVER_2019',
'OwnerDirectoryDescription' => [
'AccountId' => '<string>',
'DirectoryId' => '<string>',
'DnsIpAddrs' => ['<string>', ...],
'RadiusSettings' => [
'AuthenticationProtocol' => 'PAP|CHAP|MS-CHAPv1|MS-CHAPv2',
'DisplayLabel' => '<string>',
'RadiusPort' => <integer>,
'RadiusRetries' => <integer>,
'RadiusServers' => ['<string>', ...],
'RadiusTimeout' => <integer>,
'SharedSecret' => '<string>',
'UseSameUsername' => true || false,
],
'RadiusStatus' => 'Creating|Completed|Failed',
'VpcSettings' => [
'AvailabilityZones' => ['<string>', ...],
'SecurityGroupId' => '<string>',
'SubnetIds' => ['<string>', ...],
'VpcId' => '<string>',
],
],
'RadiusSettings' => [
'AuthenticationProtocol' => 'PAP|CHAP|MS-CHAPv1|MS-CHAPv2',
'DisplayLabel' => '<string>',
'RadiusPort' => <integer>,
'RadiusRetries' => <integer>,
'RadiusServers' => ['<string>', ...],
'RadiusTimeout' => <integer>,
'SharedSecret' => '<string>',
'UseSameUsername' => true || false,
],
'RadiusStatus' => 'Creating|Completed|Failed',
'RegionsInfo' => [
'AdditionalRegions' => ['<string>', ...],
'PrimaryRegion' => '<string>',
],
'ShareMethod' => 'ORGANIZATIONS|HANDSHAKE',
'ShareNotes' => '<string>',
'ShareStatus' => 'Shared|PendingAcceptance|Rejected|Rejecting|RejectFailed|Sharing|ShareFailed|Deleted|Deleting',
'ShortName' => '<string>',
'Size' => 'Small|Large',
'SsoEnabled' => true || false,
'Stage' => 'Requested|Creating|Created|Active|Inoperable|Impaired|Restoring|RestoreFailed|Deleting|Deleted|Failed',
'StageLastUpdatedDateTime' => <DateTime>,
'StageReason' => '<string>',
'Type' => 'SimpleAD|ADConnector|MicrosoftAD|SharedMicrosoftAD',
'VpcSettings' => [
'AvailabilityZones' => ['<string>', ...],
'SecurityGroupId' => '<string>',
'SubnetIds' => ['<string>', ...],
'VpcId' => '<string>',
],
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- DirectoryDescriptions
-
- Type: Array of DirectoryDescription structures
The list of DirectoryDescription objects that were retrieved.
It is possible that this list contains less than the number of items specified in the
Limitmember of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded. - NextToken
-
- Type: string
If not null, more results are available. Pass this value for the
NextTokenparameter in a subsequent call to DescribeDirectories to retrieve the next set of items.
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
The
NextTokenvalue is not valid. -
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeDomainControllers
$result = $client->describeDomainControllers([/* ... */]); $promise = $client->describeDomainControllersAsync([/* ... */]);
Provides information about any domain controllers in your directory.
Parameter Syntax
$result = $client->describeDomainControllers([
'DirectoryId' => '<string>', // REQUIRED
'DomainControllerIds' => ['<string>', ...],
'Limit' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
Identifier of the directory for which to retrieve the domain controller information.
- DomainControllerIds
-
- Type: Array of strings
A list of identifiers for the domain controllers whose information will be provided.
- Limit
-
- Type: int
The maximum number of items to return.
- NextToken
-
- Type: string
The DescribeDomainControllers.NextToken value from a previous call to DescribeDomainControllers. Pass null if this is the first call.
Result Syntax
[
'DomainControllers' => [
[
'AvailabilityZone' => '<string>',
'DirectoryId' => '<string>',
'DnsIpAddr' => '<string>',
'DomainControllerId' => '<string>',
'LaunchTime' => <DateTime>,
'Status' => 'Creating|Active|Impaired|Restoring|Deleting|Deleted|Failed',
'StatusLastUpdatedDateTime' => <DateTime>,
'StatusReason' => '<string>',
'SubnetId' => '<string>',
'VpcId' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- DomainControllers
-
- Type: Array of DomainController structures
List of the DomainController objects that were retrieved.
- NextToken
-
- Type: string
If not null, more results are available. Pass this value for the
NextTokenparameter in a subsequent call to DescribeDomainControllers retrieve the next set of items.
Errors
-
The specified entity could not be found.
-
The
NextTokenvalue is not valid. -
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
-
UnsupportedOperationException:
The operation is not supported.
DescribeEventTopics
$result = $client->describeEventTopics([/* ... */]); $promise = $client->describeEventTopicsAsync([/* ... */]);
Obtains information about which Amazon SNS topics receive status messages from the specified directory.
If no input parameters are provided, such as DirectoryId or TopicName, this request describes all of the associations in the account.
Parameter Syntax
$result = $client->describeEventTopics([
'DirectoryId' => '<string>',
'TopicNames' => ['<string>', ...],
]);
Parameter Details
Members
- DirectoryId
-
- Type: string
The Directory ID for which to get the list of associated Amazon SNS topics. If this member is null, associations for all Directory IDs are returned.
- TopicNames
-
- Type: Array of strings
A list of Amazon SNS topic names for which to obtain the information. If this member is null, all associations for the specified Directory ID are returned.
An empty list results in an
InvalidParameterExceptionbeing thrown.
Result Syntax
[
'EventTopics' => [
[
'CreatedDateTime' => <DateTime>,
'DirectoryId' => '<string>',
'Status' => 'Registered|Topic not found|Failed|Deleted',
'TopicArn' => '<string>',
'TopicName' => '<string>',
],
// ...
],
]
Result Details
Members
- EventTopics
-
- Type: Array of EventTopic structures
A list of Amazon SNS topic names that receive status messages from the specified Directory ID.
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeLDAPSSettings
$result = $client->describeLDAPSSettings([/* ... */]); $promise = $client->describeLDAPSSettingsAsync([/* ... */]);
Describes the status of LDAP security for the specified directory.
Parameter Syntax
$result = $client->describeLDAPSSettings([
'DirectoryId' => '<string>', // REQUIRED
'Limit' => <integer>,
'NextToken' => '<string>',
'Type' => 'Client',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory.
- Limit
-
- Type: int
Specifies the number of items that should be displayed on one page.
- NextToken
-
- Type: string
The type of next token used for pagination.
- Type
-
- Type: string
The type of LDAP security to enable. Currently only the value
Clientis supported.
Result Syntax
[
'LDAPSSettingsInfo' => [
[
'LDAPSStatus' => 'Enabling|Enabled|EnableFailed|Disabled',
'LDAPSStatusReason' => '<string>',
'LastUpdatedDateTime' => <DateTime>,
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- LDAPSSettingsInfo
-
- Type: Array of LDAPSSettingInfo structures
Information about LDAP security for the specified directory, including status of enablement, state last updated date time, and the reason for the state.
- NextToken
-
- Type: string
The next token used to retrieve the LDAPS settings if the number of setting types exceeds page limit and there is another page.
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
The
NextTokenvalue is not valid. -
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeRegions
$result = $client->describeRegions([/* ... */]); $promise = $client->describeRegionsAsync([/* ... */]);
Provides information about the Regions that are configured for multi-Region replication.
Parameter Syntax
$result = $client->describeRegions([
'DirectoryId' => '<string>', // REQUIRED
'NextToken' => '<string>',
'RegionName' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory.
- NextToken
-
- Type: string
The
DescribeRegionsResult.NextTokenvalue from a previous call to DescribeRegions. Pass null if this is the first call. - RegionName
-
- Type: string
The name of the Region. For example,
us-east-1.
Result Syntax
[
'NextToken' => '<string>',
'RegionsDescription' => [
[
'DesiredNumberOfDomainControllers' => <integer>,
'DirectoryId' => '<string>',
'LastUpdatedDateTime' => <DateTime>,
'LaunchTime' => <DateTime>,
'RegionName' => '<string>',
'RegionType' => 'Primary|Additional',
'Status' => 'Requested|Creating|Created|Active|Inoperable|Impaired|Restoring|RestoreFailed|Deleting|Deleted|Failed',
'StatusLastUpdatedDateTime' => <DateTime>,
'VpcSettings' => [
'SubnetIds' => ['<string>', ...],
'VpcId' => '<string>',
],
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
If not null, more results are available. Pass this value for the
NextTokenparameter in a subsequent call to DescribeRegions to retrieve the next set of items. - RegionsDescription
-
- Type: Array of RegionDescription structures
List of Region information related to the directory for each replicated Region.
Errors
-
One or more parameters are not valid.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
The
NextTokenvalue is not valid. -
Client authentication is not available in this region at this time.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeSettings
$result = $client->describeSettings([/* ... */]); $promise = $client->describeSettingsAsync([/* ... */]);
Retrieves information about the configurable settings for the specified directory.
Parameter Syntax
$result = $client->describeSettings([
'DirectoryId' => '<string>', // REQUIRED
'NextToken' => '<string>',
'Status' => 'Requested|Updating|Updated|Failed|Default',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which to retrieve information.
- NextToken
-
- Type: string
The
DescribeSettingsResult.NextTokenvalue from a previous call to DescribeSettings. Pass null if this is the first call. - Status
-
- Type: string
The status of the directory settings for which to retrieve information.
Result Syntax
[
'DirectoryId' => '<string>',
'NextToken' => '<string>',
'SettingEntries' => [
[
'AllowedValues' => '<string>',
'AppliedValue' => '<string>',
'LastRequestedDateTime' => <DateTime>,
'LastUpdatedDateTime' => <DateTime>,
'Name' => '<string>',
'RequestDetailedStatus' => ['<string>', ...],
'RequestStatus' => 'Requested|Updating|Updated|Failed|Default',
'RequestStatusMessage' => '<string>',
'RequestedValue' => '<string>',
'Type' => '<string>',
],
// ...
],
]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier of the directory.
- NextToken
-
- Type: string
If not null, token that indicates that more results are available. Pass this value for the
NextTokenparameter in a subsequent call toDescribeSettingsto retrieve the next set of items. - SettingEntries
-
- Type: Array of SettingEntry structures
The list of SettingEntry objects that were retrieved.
It is possible that this list contains less than the number of items specified in the
Limitmember of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
One or more parameters are not valid.
-
The
NextTokenvalue is not valid. -
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeSharedDirectories
$result = $client->describeSharedDirectories([/* ... */]); $promise = $client->describeSharedDirectoriesAsync([/* ... */]);
Returns the shared directories in your account.
Parameter Syntax
$result = $client->describeSharedDirectories([
'Limit' => <integer>,
'NextToken' => '<string>',
'OwnerDirectoryId' => '<string>', // REQUIRED
'SharedDirectoryIds' => ['<string>', ...],
]);
Parameter Details
Members
- Limit
-
- Type: int
The number of shared directories to return in the response object.
- NextToken
-
- Type: string
The
DescribeSharedDirectoriesResult.NextTokenvalue from a previous call to DescribeSharedDirectories. Pass null if this is the first call. - OwnerDirectoryId
-
- Required: Yes
- Type: string
Returns the identifier of the directory in the directory owner account.
- SharedDirectoryIds
-
- Type: Array of strings
A list of identifiers of all shared directories in your account.
Result Syntax
[
'NextToken' => '<string>',
'SharedDirectories' => [
[
'CreatedDateTime' => <DateTime>,
'LastUpdatedDateTime' => <DateTime>,
'OwnerAccountId' => '<string>',
'OwnerDirectoryId' => '<string>',
'ShareMethod' => 'ORGANIZATIONS|HANDSHAKE',
'ShareNotes' => '<string>',
'ShareStatus' => 'Shared|PendingAcceptance|Rejected|Rejecting|RejectFailed|Sharing|ShareFailed|Deleted|Deleting',
'SharedAccountId' => '<string>',
'SharedDirectoryId' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
If not null, token that indicates that more results are available. Pass this value for the
NextTokenparameter in a subsequent call to DescribeSharedDirectories to retrieve the next set of items. - SharedDirectories
-
- Type: Array of SharedDirectory structures
A list of all shared directories in your account.
Errors
-
The specified entity could not be found.
-
The
NextTokenvalue is not valid. -
One or more parameters are not valid.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeSnapshots
$result = $client->describeSnapshots([/* ... */]); $promise = $client->describeSnapshotsAsync([/* ... */]);
Obtains information about the directory snapshots that belong to this account.
This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeSnapshots.NextToken member contains a token that you pass in the next call to DescribeSnapshots to retrieve the next set of items.
You can also specify a maximum number of return results with the Limit parameter.
Parameter Syntax
$result = $client->describeSnapshots([
'DirectoryId' => '<string>',
'Limit' => <integer>,
'NextToken' => '<string>',
'SnapshotIds' => ['<string>', ...],
]);
Parameter Details
Members
- DirectoryId
-
- Type: string
The identifier of the directory for which to retrieve snapshot information.
- Limit
-
- Type: int
The maximum number of objects to return.
- NextToken
-
- Type: string
The DescribeSnapshotsResult.NextToken value from a previous call to DescribeSnapshots. Pass null if this is the first call.
- SnapshotIds
-
- Type: Array of strings
A list of identifiers of the snapshots to obtain the information for. If this member is null or empty, all snapshots are returned using the Limit and NextToken members.
Result Syntax
[
'NextToken' => '<string>',
'Snapshots' => [
[
'DirectoryId' => '<string>',
'Name' => '<string>',
'SnapshotId' => '<string>',
'StartTime' => <DateTime>,
'Status' => 'Creating|Completed|Failed',
'Type' => 'Auto|Manual',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
If not null, more results are available. Pass this value in the NextToken member of a subsequent call to DescribeSnapshots.
- Snapshots
-
- Type: Array of Snapshot structures
The list of Snapshot objects that were retrieved.
It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
The
NextTokenvalue is not valid. -
A client exception has occurred.
-
An exception has occurred in Directory Service.
DescribeTrusts
$result = $client->describeTrusts([/* ... */]); $promise = $client->describeTrustsAsync([/* ... */]);
Obtains information about the trust relationships for this account.
If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account.
Parameter Syntax
$result = $client->describeTrusts([
'DirectoryId' => '<string>',
'Limit' => <integer>,
'NextToken' => '<string>',
'TrustIds' => ['<string>', ...],
]);
Parameter Details
Members
- DirectoryId
-
- Type: string
The Directory ID of the Amazon Web Services directory that is a part of the requested trust relationship.
- Limit
-
- Type: int
The maximum number of objects to return.
- NextToken
-
- Type: string
The DescribeTrustsResult.NextToken value from a previous call to DescribeTrusts. Pass null if this is the first call.
- TrustIds
-
- Type: Array of strings
A list of identifiers of the trust relationships for which to obtain the information. If this member is null, all trust relationships that belong to the current account are returned.
An empty list results in an
InvalidParameterExceptionbeing thrown.
Result Syntax
[
'NextToken' => '<string>',
'Trusts' => [
[
'CreatedDateTime' => <DateTime>,
'DirectoryId' => '<string>',
'LastUpdatedDateTime' => <DateTime>,
'RemoteDomainName' => '<string>',
'SelectiveAuth' => 'Enabled|Disabled',
'StateLastUpdatedDateTime' => <DateTime>,
'TrustDirection' => 'One-Way: Outgoing|One-Way: Incoming|Two-Way',
'TrustId' => '<string>',
'TrustState' => 'Creating|Created|Verifying|VerifyFailed|Verified|Updating|UpdateFailed|Updated|Deleting|Deleted|Failed',
'TrustStateReason' => '<string>',
'TrustType' => 'Forest|External',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeTrusts to retrieve the next set of items.
- Trusts
-
- Type: Array of Trust structures
The list of Trust objects that were retrieved.
It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.
Errors
-
The specified entity could not be found.
-
The
NextTokenvalue is not valid. -
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
-
UnsupportedOperationException:
The operation is not supported.
DescribeUpdateDirectory
$result = $client->describeUpdateDirectory([/* ... */]); $promise = $client->describeUpdateDirectoryAsync([/* ... */]);
Describes the updates of a directory for a particular update type.
Parameter Syntax
$result = $client->describeUpdateDirectory([
'DirectoryId' => '<string>', // REQUIRED
'NextToken' => '<string>',
'RegionName' => '<string>',
'UpdateType' => 'OS', // REQUIRED
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The unique identifier of the directory.
- NextToken
-
- Type: string
The
DescribeUpdateDirectoryResult. NextToken value from a previous call to DescribeUpdateDirectory. Pass null if this is the first call. - RegionName
-
- Type: string
The name of the Region.
- UpdateType
-
- Required: Yes
- Type: string
The type of updates you want to describe for the directory.
Result Syntax
[
'NextToken' => '<string>',
'UpdateActivities' => [
[
'InitiatedBy' => '<string>',
'LastUpdatedDateTime' => <DateTime>,
'NewValue' => [
'OSUpdateSettings' => [
'OSVersion' => 'SERVER_2012|SERVER_2019',
],
],
'PreviousValue' => [
'OSUpdateSettings' => [
'OSVersion' => 'SERVER_2012|SERVER_2019',
],
],
'Region' => '<string>',
'StartTime' => <DateTime>,
'Status' => 'Updated|Updating|UpdateFailed',
'StatusReason' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
If not null, more results are available. Pass this value for the
NextTokenparameter. - UpdateActivities
-
- Type: Array of UpdateInfoEntry structures
The list of update activities on a directory for the requested update type.
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
One or more parameters are not valid.
-
Client authentication is not available in this region at this time.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
-
The
NextTokenvalue is not valid.
DisableClientAuthentication
$result = $client->disableClientAuthentication([/* ... */]); $promise = $client->disableClientAuthenticationAsync([/* ... */]);
Disables alternative client authentication methods for the specified directory.
Parameter Syntax
$result = $client->disableClientAuthentication([
'DirectoryId' => '<string>', // REQUIRED
'Type' => 'SmartCard|SmartCardOrPassword', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
InvalidClientAuthStatusException:
Client authentication is already enabled.
-
Client authentication is not available in this region at this time.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DisableLDAPS
$result = $client->disableLDAPS([/* ... */]); $promise = $client->disableLDAPSAsync([/* ... */]);
Deactivates LDAP secure calls for the specified directory.
Parameter Syntax
$result = $client->disableLDAPS([
'DirectoryId' => '<string>', // REQUIRED
'Type' => 'Client', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
The LDAP activities could not be performed because they are limited by the LDAPS status.
-
UnsupportedOperationException:
The operation is not supported.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DisableRadius
$result = $client->disableRadius([/* ... */]); $promise = $client->disableRadiusAsync([/* ... */]);
Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.
Parameter Syntax
$result = $client->disableRadius([
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
DisableSso
$result = $client->disableSso([/* ... */]); $promise = $client->disableSsoAsync([/* ... */]);
Disables single-sign on for a directory.
Parameter Syntax
$result = $client->disableSso([
'DirectoryId' => '<string>', // REQUIRED
'Password' => '<string>',
'UserName' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which to disable single-sign on.
- Password
-
- Type: string
The password of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.
- UserName
-
- Type: string
The username of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. This account must have privileges to remove a service principal name.
If the AD Connector service account does not have privileges to remove a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to disable single sign-on and are not stored by the service. The AD Connector service account is not changed.
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
InsufficientPermissionsException:
The account does not have sufficient permission to perform the operation.
-
AuthenticationFailedException:
An authentication error occurred.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
EnableClientAuthentication
$result = $client->enableClientAuthentication([/* ... */]); $promise = $client->enableClientAuthenticationAsync([/* ... */]);
Enables alternative client authentication methods for the specified directory.
Parameter Syntax
$result = $client->enableClientAuthentication([
'DirectoryId' => '<string>', // REQUIRED
'Type' => 'SmartCard|SmartCardOrPassword', // REQUIRED
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the specified directory.
- Type
-
- Required: Yes
- Type: string
The type of client authentication to enable. Currently only the value
SmartCardis supported. Smart card authentication in AD Connector requires that you enable Kerberos Constrained Delegation for the Service User to the LDAP service in your self-managed AD.
Result Syntax
[]
Result Details
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
InvalidClientAuthStatusException:
Client authentication is already enabled.
-
Client authentication is not available in this region at this time.
-
NoAvailableCertificateException:
Client authentication setup could not be completed because at least one valid certificate must be registered in the system.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
EnableLDAPS
$result = $client->enableLDAPS([/* ... */]); $promise = $client->enableLDAPSAsync([/* ... */]);
Activates the switch for the specific directory to always use LDAP secure calls.
Parameter Syntax
$result = $client->enableLDAPS([
'DirectoryId' => '<string>', // REQUIRED
'Type' => 'Client', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
NoAvailableCertificateException:
Client authentication setup could not be completed because at least one valid certificate must be registered in the system.
-
The LDAP activities could not be performed because they are limited by the LDAPS status.
-
UnsupportedOperationException:
The operation is not supported.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
EnableRadius
$result = $client->enableRadius([/* ... */]); $promise = $client->enableRadiusAsync([/* ... */]);
Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.
Parameter Syntax
$result = $client->enableRadius([
'DirectoryId' => '<string>', // REQUIRED
'RadiusSettings' => [ // REQUIRED
'AuthenticationProtocol' => 'PAP|CHAP|MS-CHAPv1|MS-CHAPv2',
'DisplayLabel' => '<string>',
'RadiusPort' => <integer>,
'RadiusRetries' => <integer>,
'RadiusServers' => ['<string>', ...],
'RadiusTimeout' => <integer>,
'SharedSecret' => '<string>',
'UseSameUsername' => true || false,
],
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which to enable MFA.
- RadiusSettings
-
- Required: Yes
- Type: RadiusSettings structure
A RadiusSettings object that contains information about the RADIUS server.
Result Syntax
[]
Result Details
Errors
-
One or more parameters are not valid.
-
The specified entity already exists.
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
EnableSso
$result = $client->enableSso([/* ... */]); $promise = $client->enableSsoAsync([/* ... */]);
Enables single sign-on for a directory. Single sign-on allows users in your directory to access certain Amazon Web Services services from a computer joined to the directory without having to enter their credentials separately.
Parameter Syntax
$result = $client->enableSso([
'DirectoryId' => '<string>', // REQUIRED
'Password' => '<string>',
'UserName' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which to enable single-sign on.
- Password
-
- Type: string
The password of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.
- UserName
-
- Type: string
The username of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. This account must have privileges to add a service principal name.
If the AD Connector service account does not have privileges to add a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to enable single sign-on and are not stored by the service. The AD Connector service account is not changed.
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
InsufficientPermissionsException:
The account does not have sufficient permission to perform the operation.
-
AuthenticationFailedException:
An authentication error occurred.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
GetDirectoryLimits
$result = $client->getDirectoryLimits([/* ... */]); $promise = $client->getDirectoryLimitsAsync([/* ... */]);
Obtains directory limit information for the current Region.
Parameter Syntax
$result = $client->getDirectoryLimits([ ]);
Parameter Details
Members
Result Syntax
[
'DirectoryLimits' => [
'CloudOnlyDirectoriesCurrentCount' => <integer>,
'CloudOnlyDirectoriesLimit' => <integer>,
'CloudOnlyDirectoriesLimitReached' => true || false,
'CloudOnlyMicrosoftADCurrentCount' => <integer>,
'CloudOnlyMicrosoftADLimit' => <integer>,
'CloudOnlyMicrosoftADLimitReached' => true || false,
'ConnectedDirectoriesCurrentCount' => <integer>,
'ConnectedDirectoriesLimit' => <integer>,
'ConnectedDirectoriesLimitReached' => true || false,
],
]
Result Details
Members
- DirectoryLimits
-
- Type: DirectoryLimits structure
A DirectoryLimits object that contains the directory limits for the current Region.
Errors
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
GetSnapshotLimits
$result = $client->getSnapshotLimits([/* ... */]); $promise = $client->getSnapshotLimitsAsync([/* ... */]);
Obtains the manual snapshot limits for a directory.
Parameter Syntax
$result = $client->getSnapshotLimits([
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'SnapshotLimits' => [
'ManualSnapshotsCurrentCount' => <integer>,
'ManualSnapshotsLimit' => <integer>,
'ManualSnapshotsLimitReached' => true || false,
],
]
Result Details
Members
- SnapshotLimits
-
- Type: SnapshotLimits structure
A SnapshotLimits object that contains the manual snapshot limits for the specified directory.
Errors
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
ListCertificates
$result = $client->listCertificates([/* ... */]); $promise = $client->listCertificatesAsync([/* ... */]);
For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication.
Parameter Syntax
$result = $client->listCertificates([
'DirectoryId' => '<string>', // REQUIRED
'Limit' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory.
- Limit
-
- Type: int
The number of items that should show up on one page
- NextToken
-
- Type: string
A token for requesting another page of certificates if the
NextTokenresponse element indicates that more certificates are available. Use the value of the returnedNextTokenelement in your request until the token comes back asnull. Passnullif this is the first call.
Result Syntax
[
'CertificatesInfo' => [
[
'CertificateId' => '<string>',
'CommonName' => '<string>',
'ExpiryDateTime' => <DateTime>,
'State' => 'Registering|Registered|RegisterFailed|Deregistering|Deregistered|DeregisterFailed',
'Type' => 'ClientCertAuth|ClientLDAPS',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- CertificatesInfo
-
- Type: Array of CertificateInfo structures
A list of certificates with basic details including certificate ID, certificate common name, certificate state.
- NextToken
-
- Type: string
Indicates whether another page of certificates is available when the number of available certificates exceeds the page limit.
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
One or more parameters are not valid.
-
The
NextTokenvalue is not valid. -
A client exception has occurred.
-
An exception has occurred in Directory Service.
ListIpRoutes
$result = $client->listIpRoutes([/* ... */]); $promise = $client->listIpRoutesAsync([/* ... */]);
Lists the address blocks that you have added to a directory.
Parameter Syntax
$result = $client->listIpRoutes([
'DirectoryId' => '<string>', // REQUIRED
'Limit' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
Identifier (ID) of the directory for which you want to retrieve the IP addresses.
- Limit
-
- Type: int
Maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.
- NextToken
-
- Type: string
The ListIpRoutes.NextToken value from a previous call to ListIpRoutes. Pass null if this is the first call.
Result Syntax
[
'IpRoutesInfo' => [
[
'AddedDateTime' => <DateTime>,
'CidrIp' => '<string>',
'Description' => '<string>',
'DirectoryId' => '<string>',
'IpRouteStatusMsg' => 'Adding|Added|Removing|Removed|AddFailed|RemoveFailed',
'IpRouteStatusReason' => '<string>',
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- IpRoutesInfo
-
- Type: Array of IpRouteInfo structures
A list of IpRoutes.
- NextToken
-
- Type: string
If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to ListIpRoutes to retrieve the next set of items.
Errors
-
The specified entity could not be found.
-
The
NextTokenvalue is not valid. -
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
ListLogSubscriptions
$result = $client->listLogSubscriptions([/* ... */]); $promise = $client->listLogSubscriptionsAsync([/* ... */]);
Lists the active log subscriptions for the Amazon Web Services account.
Parameter Syntax
$result = $client->listLogSubscriptions([
'DirectoryId' => '<string>',
'Limit' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Type: string
If a DirectoryID is provided, lists only the log subscription associated with that directory. If no DirectoryId is provided, lists all log subscriptions associated with your Amazon Web Services account. If there are no log subscriptions for the Amazon Web Services account or the directory, an empty list will be returned.
- Limit
-
- Type: int
The maximum number of items returned.
- NextToken
-
- Type: string
The token for the next set of items to return.
Result Syntax
[
'LogSubscriptions' => [
[
'DirectoryId' => '<string>',
'LogGroupName' => '<string>',
'SubscriptionCreatedDateTime' => <DateTime>,
],
// ...
],
'NextToken' => '<string>',
]
Result Details
Members
- LogSubscriptions
-
- Type: Array of LogSubscription structures
A list of active LogSubscription objects for calling the Amazon Web Services account.
- NextToken
-
- Type: string
The token for the next set of items to return.
Errors
-
The specified entity could not be found.
-
The
NextTokenvalue is not valid. -
A client exception has occurred.
-
An exception has occurred in Directory Service.
ListSchemaExtensions
$result = $client->listSchemaExtensions([/* ... */]); $promise = $client->listSchemaExtensionsAsync([/* ... */]);
Lists all schema extensions applied to a Microsoft AD Directory.
Parameter Syntax
$result = $client->listSchemaExtensions([
'DirectoryId' => '<string>', // REQUIRED
'Limit' => <integer>,
'NextToken' => '<string>',
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory from which to retrieve the schema extension information.
- Limit
-
- Type: int
The maximum number of items to return.
- NextToken
-
- Type: string
The
ListSchemaExtensions.NextTokenvalue from a previous call toListSchemaExtensions. Pass null if this is the first call.
Result Syntax
[
'NextToken' => '<string>',
'SchemaExtensionsInfo' => [
[
'Description' => '<string>',
'DirectoryId' => '<string>',
'EndDateTime' => <DateTime>,
'SchemaExtensionId' => '<string>',
'SchemaExtensionStatus' => 'Initializing|CreatingSnapshot|UpdatingSchema|Replicating|CancelInProgress|RollbackInProgress|Cancelled|Failed|Completed',
'SchemaExtensionStatusReason' => '<string>',
'StartDateTime' => <DateTime>,
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
If not null, more results are available. Pass this value for the
NextTokenparameter in a subsequent call toListSchemaExtensionsto retrieve the next set of items. - SchemaExtensionsInfo
-
- Type: Array of SchemaExtensionInfo structures
Information about the schema extensions applied to the directory.
Errors
-
The
NextTokenvalue is not valid. -
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
ListTagsForResource
$result = $client->listTagsForResource([/* ... */]); $promise = $client->listTagsForResourceAsync([/* ... */]);
Lists all tags on a directory.
Parameter Syntax
$result = $client->listTagsForResource([
'Limit' => <integer>,
'NextToken' => '<string>',
'ResourceId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'NextToken' => '<string>',
'Tags' => [
[
'Key' => '<string>',
'Value' => '<string>',
],
// ...
],
]
Result Details
Members
- NextToken
-
- Type: string
Reserved for future use.
- Tags
-
- Type: Array of Tag structures
List of tags returned by the ListTagsForResource operation.
Errors
-
The specified entity could not be found.
-
The
NextTokenvalue is not valid. -
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
RegisterCertificate
$result = $client->registerCertificate([/* ... */]); $promise = $client->registerCertificateAsync([/* ... */]);
Registers a certificate for a secure LDAP or client certificate authentication.
Parameter Syntax
$result = $client->registerCertificate([
'CertificateData' => '<string>', // REQUIRED
'ClientCertAuthSettings' => [
'OCSPUrl' => '<string>',
],
'DirectoryId' => '<string>', // REQUIRED
'Type' => 'ClientCertAuth|ClientLDAPS',
]);
Parameter Details
Members
- CertificateData
-
- Required: Yes
- Type: string
The certificate PEM string that needs to be registered.
- ClientCertAuthSettings
-
- Type: ClientCertAuthSettings structure
A
ClientCertAuthSettingsobject that contains client certificate authentication settings. - DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory.
- Type
-
- Type: string
The function that the registered certificate performs. Valid values include
ClientLDAPSorClientCertAuth. The default value isClientLDAPS.
Result Syntax
[
'CertificateId' => '<string>',
]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
The certificate PEM that was provided has incorrect encoding.
-
CertificateLimitExceededException:
The certificate could not be added because the certificate limit has been reached.
-
CertificateAlreadyExistsException:
The certificate has already been registered into the system.
-
UnsupportedOperationException:
The operation is not supported.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
RegisterEventTopic
$result = $client->registerEventTopic([/* ... */]); $promise = $client->registerEventTopicAsync([/* ... */]);
Associates a directory with an Amazon SNS topic. This establishes the directory as a publisher to the specified Amazon SNS topic. You can then receive email or text (SMS) messages when the status of your directory changes. You get notified if your directory goes from an Active status to an Impaired or Inoperable status. You also receive a notification when the directory returns to an Active status.
Parameter Syntax
$result = $client->registerEventTopic([
'DirectoryId' => '<string>', // REQUIRED
'TopicName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The Directory ID that will publish status messages to the Amazon SNS topic.
- TopicName
-
- Required: Yes
- Type: string
The Amazon SNS topic name to which the directory will publish status messages. This Amazon SNS topic must be in the same region as the specified Directory ID.
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
RejectSharedDirectory
$result = $client->rejectSharedDirectory([/* ... */]); $promise = $client->rejectSharedDirectoryAsync([/* ... */]);
Rejects a directory sharing request that was sent from the directory owner account.
Parameter Syntax
$result = $client->rejectSharedDirectory([
'SharedDirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'SharedDirectoryId' => '<string>',
]
Result Details
Members
Errors
-
One or more parameters are not valid.
-
The specified entity could not be found.
-
DirectoryAlreadySharedException:
The specified directory has already been shared with this Amazon Web Services account.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
RemoveIpRoutes
$result = $client->removeIpRoutes([/* ... */]); $promise = $client->removeIpRoutesAsync([/* ... */]);
Removes IP address blocks from a directory.
Parameter Syntax
$result = $client->removeIpRoutes([
'CidrIps' => ['<string>', ...], // REQUIRED
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
RemoveRegion
$result = $client->removeRegion([/* ... */]); $promise = $client->removeRegionAsync([/* ... */]);
Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation. Instead, use the DeleteDirectory API.
Parameter Syntax
$result = $client->removeRegion([
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
Client authentication is not available in this region at this time.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
RemoveTagsFromResource
$result = $client->removeTagsFromResource([/* ... */]); $promise = $client->removeTagsFromResourceAsync([/* ... */]);
Removes tags from a directory.
Parameter Syntax
$result = $client->removeTagsFromResource([
'ResourceId' => '<string>', // REQUIRED
'TagKeys' => ['<string>', ...], // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
ResetUserPassword
$result = $client->resetUserPassword([/* ... */]); $promise = $client->resetUserPasswordAsync([/* ... */]);
Resets the password for any user in your Managed Microsoft AD or Simple AD directory.
You can reset the password for any user in your directory with the following exceptions:
-
For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user.
-
For Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the Amazon Web Services Reserved OU. For more information about the OU structure for an Managed Microsoft AD directory, see What Gets Created in the Directory Service Administration Guide.
Parameter Syntax
$result = $client->resetUserPassword([
'DirectoryId' => '<string>', // REQUIRED
'NewPassword' => '<string>', // REQUIRED
'UserName' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
The user provided a username that does not exist in your directory.
-
The new password provided by the user does not meet the password complexity requirements defined in your directory.
-
UnsupportedOperationException:
The operation is not supported.
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
RestoreFromSnapshot
$result = $client->restoreFromSnapshot([/* ... */]); $promise = $client->restoreFromSnapshotAsync([/* ... */]);
Restores a directory using an existing directory snapshot.
When you restore a directory from a snapshot, any changes made to the directory after the snapshot date are overwritten.
This action returns as soon as the restore operation is initiated. You can monitor the progress of the restore operation by calling the DescribeDirectories operation with the directory identifier. When the DirectoryDescription.Stage value changes to Active, the restore operation is complete.
Parameter Syntax
$result = $client->restoreFromSnapshot([
'SnapshotId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
ShareDirectory
$result = $client->shareDirectory([/* ... */]); $promise = $client->shareDirectoryAsync([/* ... */]);
Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer). With this operation you can use your directory from any Amazon Web Services account and from any Amazon VPC within an Amazon Web Services Region.
When you share your Managed Microsoft AD directory, Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account.
The ShareMethod parameter determines whether the specified directory can be shared between Amazon Web Services accounts inside the same Amazon Web Services organization (ORGANIZATIONS). It also determines whether you can share the directory with any other Amazon Web Services account either inside or outside of the organization (HANDSHAKE).
The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer.
Parameter Syntax
$result = $client->shareDirectory([
'DirectoryId' => '<string>', // REQUIRED
'ShareMethod' => 'ORGANIZATIONS|HANDSHAKE', // REQUIRED
'ShareNotes' => '<string>',
'ShareTarget' => [ // REQUIRED
'Id' => '<string>', // REQUIRED
'Type' => 'ACCOUNT', // REQUIRED
],
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
Identifier of the Managed Microsoft AD directory that you want to share with other Amazon Web Services accounts.
- ShareMethod
-
- Required: Yes
- Type: string
The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization (
ORGANIZATIONS) or with any Amazon Web Services account by sending a directory sharing request (HANDSHAKE). - ShareNotes
-
- Type: string
A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.
- ShareTarget
-
- Required: Yes
- Type: ShareTarget structure
Identifier for the directory consumer account with whom the directory is to be shared.
Result Syntax
[
'SharedDirectoryId' => '<string>',
]
Result Details
Members
Errors
-
DirectoryAlreadySharedException:
The specified directory has already been shared with this Amazon Web Services account.
-
The specified entity could not be found.
-
The specified shared target is not valid.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
The maximum number of Amazon Web Services accounts that you can share with this directory has been reached.
-
Exception encountered while trying to access your Amazon Web Services organization.
-
Client authentication is not available in this region at this time.
-
UnsupportedOperationException:
The operation is not supported.
-
An exception has occurred in Directory Service.
StartSchemaExtension
$result = $client->startSchemaExtension([/* ... */]); $promise = $client->startSchemaExtensionAsync([/* ... */]);
Applies a schema extension to a Microsoft AD directory.
Parameter Syntax
$result = $client->startSchemaExtension([
'CreateSnapshotBeforeSchemaExtension' => true || false, // REQUIRED
'Description' => '<string>', // REQUIRED
'DirectoryId' => '<string>', // REQUIRED
'LdifContent' => '<string>', // REQUIRED
]);
Parameter Details
Members
- CreateSnapshotBeforeSchemaExtension
-
- Required: Yes
- Type: boolean
If true, creates a snapshot of the directory before applying the schema extension.
- Description
-
- Required: Yes
- Type: string
A description of the schema extension.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which the schema extension will be applied to.
- LdifContent
-
- Required: Yes
- Type: string
The LDIF file represented as a string. To construct the LdifContent string, precede each line as it would be formatted in an ldif file with \n. See the example request below for more details. The file size can be no larger than 1MB.
Result Syntax
[
'SchemaExtensionId' => '<string>',
]
Result Details
Errors
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
SnapshotLimitExceededException:
The maximum number of manual snapshots for the directory has been reached. You can use the GetSnapshotLimits operation to determine the snapshot limits for a directory.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
UnshareDirectory
$result = $client->unshareDirectory([/* ... */]); $promise = $client->unshareDirectoryAsync([/* ... */]);
Stops the directory sharing between the directory owner and consumer accounts.
Parameter Syntax
$result = $client->unshareDirectory([
'DirectoryId' => '<string>', // REQUIRED
'UnshareTarget' => [ // REQUIRED
'Id' => '<string>', // REQUIRED
'Type' => 'ACCOUNT', // REQUIRED
],
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the Managed Microsoft AD directory that you want to stop sharing.
- UnshareTarget
-
- Required: Yes
- Type: UnshareTarget structure
Identifier for the directory consumer account with whom the directory has to be unshared.
Result Syntax
[
'SharedDirectoryId' => '<string>',
]
Result Details
Members
Errors
-
The specified entity could not be found.
-
The specified shared target is not valid.
-
The specified directory has not been shared with this Amazon Web Services account.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
UpdateConditionalForwarder
$result = $client->updateConditionalForwarder([/* ... */]); $promise = $client->updateConditionalForwarderAsync([/* ... */]);
Updates a conditional forwarder that has been set up for your Amazon Web Services directory.
Parameter Syntax
$result = $client->updateConditionalForwarder([
'DirectoryId' => '<string>', // REQUIRED
'DnsIpAddrs' => ['<string>', ...], // REQUIRED
'RemoteDomainName' => '<string>', // REQUIRED
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The directory ID of the Amazon Web Services directory for which to update the conditional forwarder.
- DnsIpAddrs
-
- Required: Yes
- Type: Array of strings
The updated IP addresses of the remote DNS server associated with the conditional forwarder.
- RemoteDomainName
-
- Required: Yes
- Type: string
The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
One or more parameters are not valid.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
UpdateDirectorySetup
$result = $client->updateDirectorySetup([/* ... */]); $promise = $client->updateDirectorySetupAsync([/* ... */]);
Updates the directory for a particular update type.
Parameter Syntax
$result = $client->updateDirectorySetup([
'CreateSnapshotBeforeUpdate' => true || false,
'DirectoryId' => '<string>', // REQUIRED
'OSUpdateSettings' => [
'OSVersion' => 'SERVER_2012|SERVER_2019',
],
'UpdateType' => 'OS', // REQUIRED
]);
Parameter Details
Members
- CreateSnapshotBeforeUpdate
-
- Type: boolean
The boolean that specifies if a snapshot for the directory needs to be taken before updating the directory.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory on which you want to perform the update.
- OSUpdateSettings
-
- Type: OSUpdateSettings structure
The settings for the OS update that needs to be performed on the directory.
- UpdateType
-
- Required: Yes
- Type: string
The type of update that needs to be performed on the directory. For example, OS.
Result Syntax
[]
Result Details
Errors
-
UnsupportedOperationException:
The operation is not supported.
-
DirectoryInDesiredStateException:
The directory is already updated to desired update type settings.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
SnapshotLimitExceededException:
The maximum number of manual snapshots for the directory has been reached. You can use the GetSnapshotLimits operation to determine the snapshot limits for a directory.
-
One or more parameters are not valid.
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
Client authentication is not available in this region at this time.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
UpdateNumberOfDomainControllers
$result = $client->updateNumberOfDomainControllers([/* ... */]); $promise = $client->updateNumberOfDomainControllersAsync([/* ... */]);
Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.
Parameter Syntax
$result = $client->updateNumberOfDomainControllers([
'DesiredNumber' => <integer>, // REQUIRED
'DirectoryId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[]
Result Details
Errors
-
The specified entity could not be found.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
DomainControllerLimitExceededException:
The maximum allowed number of domain controllers per directory was exceeded. The default limit per directory is 20 domain controllers.
-
One or more parameters are not valid.
-
UnsupportedOperationException:
The operation is not supported.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
UpdateRadius
$result = $client->updateRadius([/* ... */]); $promise = $client->updateRadiusAsync([/* ... */]);
Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory.
Parameter Syntax
$result = $client->updateRadius([
'DirectoryId' => '<string>', // REQUIRED
'RadiusSettings' => [ // REQUIRED
'AuthenticationProtocol' => 'PAP|CHAP|MS-CHAPv1|MS-CHAPv2',
'DisplayLabel' => '<string>',
'RadiusPort' => <integer>,
'RadiusRetries' => <integer>,
'RadiusServers' => ['<string>', ...],
'RadiusTimeout' => <integer>,
'SharedSecret' => '<string>',
'UseSameUsername' => true || false,
],
]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier of the directory for which to update the RADIUS server information.
- RadiusSettings
-
- Required: Yes
- Type: RadiusSettings structure
A RadiusSettings object that contains information about the RADIUS server.
Result Syntax
[]
Result Details
Errors
-
One or more parameters are not valid.
-
The specified entity could not be found.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
UpdateSettings
$result = $client->updateSettings([/* ... */]); $promise = $client->updateSettingsAsync([/* ... */]);
Updates the configurable settings for the specified directory.
Parameter Syntax
$result = $client->updateSettings([
'DirectoryId' => '<string>', // REQUIRED
'Settings' => [ // REQUIRED
[
'Name' => '<string>', // REQUIRED
'Value' => '<string>', // REQUIRED
],
// ...
],
]);
Parameter Details
Members
Result Syntax
[
'DirectoryId' => '<string>',
]
Result Details
Errors
-
DirectoryDoesNotExistException:
The specified directory does not exist in the system.
-
UnsupportedOperationException:
The operation is not supported.
-
DirectoryUnavailableException:
The specified directory is unavailable or could not be found.
-
IncompatibleSettingsException:
The specified directory setting is not compatible with other settings.
-
The specified directory setting is not supported.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
UpdateTrust
$result = $client->updateTrust([/* ... */]); $promise = $client->updateTrustAsync([/* ... */]);
Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory.
Parameter Syntax
$result = $client->updateTrust([
'SelectiveAuth' => 'Enabled|Disabled',
'TrustId' => '<string>', // REQUIRED
]);
Parameter Details
Members
Result Syntax
[
'RequestId' => '<string>',
'TrustId' => '<string>',
]
Result Details
Members
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
VerifyTrust
$result = $client->verifyTrust([/* ... */]); $promise = $client->verifyTrustAsync([/* ... */]);
Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships.
This action verifies a trust relationship between your Managed Microsoft AD directory and an external domain.
Parameter Syntax
$result = $client->verifyTrust([
'TrustId' => '<string>', // REQUIRED
]);
Parameter Details
Result Syntax
[
'TrustId' => '<string>',
]
Result Details
Errors
-
The specified entity could not be found.
-
One or more parameters are not valid.
-
A client exception has occurred.
-
An exception has occurred in Directory Service.
-
UnsupportedOperationException:
The operation is not supported.
Shapes
AccessDeniedException
Description
Client authentication is not available in this region at this time.
Members
Attribute
Description
Represents a named directory attribute.
Members
AuthenticationFailedException
Description
An authentication error occurred.
Members
Certificate
Description
Information about the certificate.
Members
- CertificateId
-
- Type: string
The identifier of the certificate.
- ClientCertAuthSettings
-
- Type: ClientCertAuthSettings structure
A
ClientCertAuthSettingsobject that contains client certificate authentication settings. - CommonName
-
- Type: string
The common name for the certificate.
- ExpiryDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the certificate will expire.
- RegisteredDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the certificate was registered.
- State
-
- Type: string
The state of the certificate.
- StateReason
-
- Type: string
Describes a state change for the certificate.
- Type
-
- Type: string
The function that the registered certificate performs. Valid values include
ClientLDAPSorClientCertAuth. The default value isClientLDAPS.
CertificateAlreadyExistsException
Description
The certificate has already been registered into the system.
Members
CertificateDoesNotExistException
Description
The certificate is not present in the system for describe or deregister activities.
Members
CertificateInUseException
Description
The certificate is being used for the LDAP security connection and cannot be removed without disabling LDAP security.
Members
CertificateInfo
Description
Contains general information about a certificate.
Members
- CertificateId
-
- Type: string
The identifier of the certificate.
- CommonName
-
- Type: string
The common name for the certificate.
- ExpiryDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the certificate will expire.
- State
-
- Type: string
The state of the certificate.
- Type
-
- Type: string
The function that the registered certificate performs. Valid values include
ClientLDAPSorClientCertAuth. The default value isClientLDAPS.
CertificateLimitExceededException
Description
The certificate could not be added because the certificate limit has been reached.
Members
ClientAuthenticationSettingInfo
Description
Contains information about a client authentication method for a directory.
Members
- LastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the status of the client authentication type was last updated.
- Status
-
- Type: string
Whether the client authentication type is enabled or disabled for the specified directory.
- Type
-
- Type: string
The type of client authentication for the specified directory. If no type is specified, a list of all client authentication types that are supported for the directory is retrieved.
ClientCertAuthSettings
Description
Contains information about the client certificate authentication settings for the RegisterCertificate and DescribeCertificate operations.
Members
ClientException
Description
A client exception has occurred.
Members
Computer
Description
Contains information about a computer account in a directory.
Members
ConditionalForwarder
Description
Points to a remote domain with which you are setting up a trust relationship. Conditional forwarders are required in order to set up a trust relationship with another domain.
Members
- DnsIpAddrs
-
- Type: Array of strings
The IP addresses of the remote DNS server associated with RemoteDomainName. This is the IP address of the DNS server that your conditional forwarder points to.
- RemoteDomainName
-
- Type: string
The fully qualified domain name (FQDN) of the remote domains pointed to by the conditional forwarder.
- ReplicationScope
-
- Type: string
The replication scope of the conditional forwarder. The only allowed value is
Domain, which will replicate the conditional forwarder to all of the domain controllers for your Amazon Web Services directory.
DirectoryAlreadyInRegionException
Description
The Region you specified is the same Region where the Managed Microsoft AD directory was created. Specify a different Region and try again.
Members
DirectoryAlreadySharedException
Description
The specified directory has already been shared with this Amazon Web Services account.
Members
DirectoryConnectSettings
Description
Contains information for the ConnectDirectory operation when an AD Connector directory is being created.
Members
- CustomerDnsIps
-
- Required: Yes
- Type: Array of strings
A list of one or more IP addresses of DNS servers or domain controllers in your self-managed directory.
- CustomerUserName
-
- Required: Yes
- Type: string
The user name of an account in your self-managed directory that is used to connect to the directory. This account must have the following permissions:
-
Read users and groups
-
Create computer objects
-
Join computers to the domain
- SubnetIds
-
- Required: Yes
- Type: Array of strings
A list of subnet identifiers in the VPC in which the AD Connector is created.
- VpcId
-
- Required: Yes
- Type: string
The identifier of the VPC in which the AD Connector is created.
DirectoryConnectSettingsDescription
Description
Contains information about an AD Connector directory.
Members
- AvailabilityZones
-
- Type: Array of strings
A list of the Availability Zones that the directory is in.
- ConnectIps
-
- Type: Array of strings
The IP addresses of the AD Connector servers.
- CustomerUserName
-
- Type: string
The user name of the service account in your self-managed directory.
- SecurityGroupId
-
- Type: string
The security group identifier for the AD Connector directory.
- SubnetIds
-
- Type: Array of strings
A list of subnet identifiers in the VPC that the AD Connector is in.
- VpcId
-
- Type: string
The identifier of the VPC that the AD Connector is in.
DirectoryDescription
Description
Contains information about an Directory Service directory.
Members
- AccessUrl
-
- Type: string
The access URL for the directory, such as
http://<alias>.awsapps.com. If no alias has been created for the directory,<alias>is the directory identifier, such asd-XXXXXXXXXX. - Alias
-
- Type: string
The alias for the directory. If no alias has been created for the directory, the alias is the directory identifier, such as
d-XXXXXXXXXX. - ConnectSettings
-
- Type: DirectoryConnectSettingsDescription structure
A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. This member is only present if the directory is an AD Connector directory.
- Description
-
- Type: string
The description for the directory.
- DesiredNumberOfDomainControllers
-
- Type: int
The desired number of domain controllers in the directory if the directory is Microsoft AD.
- DirectoryId
-
- Type: string
The directory identifier.
- DnsIpAddrs
-
- Type: Array of strings
The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected.
- Edition
-
- Type: string
The edition associated with this directory.
- LaunchTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the directory was created.
- Name
-
- Type: string
The fully qualified name of the directory.
- OsVersion
-
- Type: string
The operating system (OS) version of the directory.
- OwnerDirectoryDescription
-
- Type: OwnerDirectoryDescription structure
Describes the Managed Microsoft AD directory in the directory owner account.
- RadiusSettings
-
- Type: RadiusSettings structure
A RadiusSettings object that contains information about the RADIUS server configured for this directory.
- RadiusStatus
-
- Type: string
The status of the RADIUS MFA server connection.
- RegionsInfo
-
- Type: RegionsInfo structure
Lists the Regions where the directory has replicated.
- ShareMethod
-
- Type: string
The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization (
ORGANIZATIONS) or with any Amazon Web Services account by sending a shared directory request (HANDSHAKE). - ShareNotes
-
- Type: string
A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.
- ShareStatus
-
- Type: string
Current directory status of the shared Managed Microsoft AD directory.
- ShortName
-
- Type: string
The short name of the directory.
- Size
-
- Type: string
The directory size.
- SsoEnabled
-
- Type: boolean
Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.
- Stage
-
- Type: string
The current stage of the directory.
- StageLastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the stage was last updated.
- StageReason
-
- Type: string
Additional information about the directory stage.
- Type
-
- Type: string
The directory size.
- VpcSettings
-
- Type: DirectoryVpcSettingsDescription structure
A DirectoryVpcSettingsDescription object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed Microsoft AD directory.
DirectoryDoesNotExistException
Description
The specified directory does not exist in the system.
Members
DirectoryInDesiredStateException
Description
The directory is already updated to desired update type settings.
Members
DirectoryLimitExceededException
Description
The maximum number of directories in the region has been reached. You can use the GetDirectoryLimits operation to determine your directory limits in the region.
Members
DirectoryLimits
Description
Contains directory limit information for a Region.
Members
- CloudOnlyDirectoriesCurrentCount
-
- Type: int
The current number of cloud directories in the Region.
- CloudOnlyDirectoriesLimit
-
- Type: int
The maximum number of cloud directories allowed in the Region.
- CloudOnlyDirectoriesLimitReached
-
- Type: boolean
Indicates if the cloud directory limit has been reached.
- CloudOnlyMicrosoftADCurrentCount
-
- Type: int
The current number of Managed Microsoft AD directories in the region.
- CloudOnlyMicrosoftADLimit
-
- Type: int
The maximum number of Managed Microsoft AD directories allowed in the region.
- CloudOnlyMicrosoftADLimitReached
-
- Type: boolean
Indicates if the Managed Microsoft AD directory limit has been reached.
- ConnectedDirectoriesCurrentCount
-
- Type: int
The current number of connected directories in the Region.
- ConnectedDirectoriesLimit
-
- Type: int
The maximum number of connected directories allowed in the Region.
- ConnectedDirectoriesLimitReached
-
- Type: boolean
Indicates if the connected directory limit has been reached.
DirectoryNotSharedException
Description
The specified directory has not been shared with this Amazon Web Services account.
Members
DirectoryUnavailableException
Description
The specified directory is unavailable or could not be found.
Members
DirectoryVpcSettings
Description
Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.
Members
- SubnetIds
-
- Required: Yes
- Type: Array of strings
The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets.
- VpcId
-
- Required: Yes
- Type: string
The identifier of the VPC in which to create the directory.
DirectoryVpcSettingsDescription
Description
Contains information about the directory.
Members
- AvailabilityZones
-
- Type: Array of strings
The list of Availability Zones that the directory is in.
- SecurityGroupId
-
- Type: string
The domain controller security group identifier for the directory.
- SubnetIds
-
- Type: Array of strings
The identifiers of the subnets for the directory servers.
- VpcId
-
- Type: string
The identifier of the VPC that the directory is in.
DomainController
Description
Contains information about the domain controllers for a specified directory.
Members
- AvailabilityZone
-
- Type: string
The Availability Zone where the domain controller is located.
- DirectoryId
-
- Type: string
Identifier of the directory where the domain controller resides.
- DnsIpAddr
-
- Type: string
The IP address of the domain controller.
- DomainControllerId
-
- Type: string
Identifies a specific domain controller in the directory.
- LaunchTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the domain controller was created.
- Status
-
- Type: string
The status of the domain controller.
- StatusLastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the status was last updated.
- StatusReason
-
- Type: string
A description of the domain controller state.
- SubnetId
-
- Type: string
Identifier of the subnet in the VPC that contains the domain controller.
- VpcId
-
- Type: string
The identifier of the VPC that contains the domain controller.
DomainControllerLimitExceededException
Description
The maximum allowed number of domain controllers per directory was exceeded. The default limit per directory is 20 domain controllers.
Members
EntityAlreadyExistsException
Description
The specified entity already exists.
Members
EntityDoesNotExistException
Description
The specified entity could not be found.
Members
EventTopic
Description
Information about Amazon SNS topic and Directory Service directory associations.
Members
- CreatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time of when you associated your directory with the Amazon SNS topic.
- DirectoryId
-
- Type: string
The Directory ID of an Directory Service directory that will publish status messages to an Amazon SNS topic.
- Status
-
- Type: string
The topic registration status.
- TopicArn
-
- Type: string
The Amazon SNS topic ARN (Amazon Resource Name).
- TopicName
-
- Type: string
The name of an Amazon SNS topic the receives status messages from the directory.
IncompatibleSettingsException
Description
The specified directory setting is not compatible with other settings.
Members
InsufficientPermissionsException
Description
The account does not have sufficient permission to perform the operation.
Members
InvalidCertificateException
Description
The certificate PEM that was provided has incorrect encoding.
Members
InvalidClientAuthStatusException
Description
Client authentication is already enabled.
Members
InvalidLDAPSStatusException
Description
The LDAP activities could not be performed because they are limited by the LDAPS status.
Members
InvalidNextTokenException
Description
The NextToken value is not valid.
Members
InvalidParameterException
Description
One or more parameters are not valid.
Members
InvalidPasswordException
Description
The new password provided by the user does not meet the password complexity requirements defined in your directory.
Members
InvalidTargetException
Description
The specified shared target is not valid.
Members
IpRoute
Description
IP address block. This is often the address block of the DNS server used for your self-managed domain.
Members
- CidrIp
-
- Type: string
IP address block using CIDR format, for example 10.0.0.0/24. This is often the address block of the DNS server used for your self-managed domain. For a single IP address use a CIDR address block with /32. For example 10.0.0.0/32.
- Description
-
- Type: string
Description of the address block.
IpRouteInfo
Description
Information about one or more IP address blocks.
Members
- AddedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the address block was added to the directory.
- CidrIp
-
- Type: string
IP address block in the IpRoute.
- Description
-
- Type: string
Description of the IpRouteInfo.
- DirectoryId
-
- Type: string
Identifier (ID) of the directory associated with the IP addresses.
- IpRouteStatusMsg
-
- Type: string
The status of the IP address block.
- IpRouteStatusReason
-
- Type: string
The reason for the IpRouteStatusMsg.
IpRouteLimitExceededException
Description
The maximum allowed number of IP addresses was exceeded. The default limit is 100 IP address blocks.
Members
LDAPSSettingInfo
Description
Contains general information about the LDAPS settings.
Members
LogSubscription
Description
Represents a log subscription, which tracks real-time data from a chosen log group to a specified destination.
Members
- DirectoryId
-
- Type: string
Identifier (ID) of the directory that you want to associate with the log subscription.
- LogGroupName
-
- Type: string
The name of the log group.
- SubscriptionCreatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the log subscription was created.
NoAvailableCertificateException
Description
Client authentication setup could not be completed because at least one valid certificate must be registered in the system.
Members
OSUpdateSettings
Description
OS version that the directory needs to be updated to.
Members
OrganizationsException
Description
Exception encountered while trying to access your Amazon Web Services organization.
Members
OwnerDirectoryDescription
Description
Describes the directory owner account details that have been shared to the directory consumer account.
Members
- AccountId
-
- Type: string
Identifier of the directory owner account.
- DirectoryId
-
- Type: string
Identifier of the Managed Microsoft AD directory in the directory owner account.
- DnsIpAddrs
-
- Type: Array of strings
IP address of the directory’s domain controllers.
- RadiusSettings
-
- Type: RadiusSettings structure
A RadiusSettings object that contains information about the RADIUS server.
- RadiusStatus
-
- Type: string
Information about the status of the RADIUS server.
- VpcSettings
-
- Type: DirectoryVpcSettingsDescription structure
Information about the VPC settings for the directory.
RadiusSettings
Description
Contains information about a Remote Authentication Dial In User Service (RADIUS) server.
Members
- AuthenticationProtocol
-
- Type: string
The protocol specified for your RADIUS endpoints.
- DisplayLabel
-
- Type: string
Not currently used.
- RadiusPort
-
- Type: int
The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.
- RadiusRetries
-
- Type: int
The maximum number of times that communication with the RADIUS server is attempted.
- RadiusServers
-
- Type: Array of strings
An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.
- RadiusTimeout
-
- Type: int
The amount of time, in seconds, to wait for the RADIUS server to respond.
- SharedSecret
-
- Type: string
Required for enabling RADIUS on the directory.
- UseSameUsername
-
- Type: boolean
Not currently used.
RegionDescription
Description
The replicated Region information for a directory.
Members
- DesiredNumberOfDomainControllers
-
- Type: int
The desired number of domain controllers in the specified Region for the specified directory.
- DirectoryId
-
- Type: string
The identifier of the directory.
- LastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Region description was last updated.
- LaunchTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Specifies when the Region replication began.
- RegionName
-
- Type: string
The name of the Region. For example,
us-east-1. - RegionType
-
- Type: string
Specifies whether the Region is the primary Region or an additional Region.
- Status
-
- Type: string
The status of the replication process for the specified Region.
- StatusLastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the Region status was last updated.
- VpcSettings
-
- Type: DirectoryVpcSettings structure
Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.
RegionLimitExceededException
Description
You have reached the limit for maximum number of simultaneous Region replications per directory.
Members
RegionsInfo
Description
Provides information about the Regions that are configured for multi-Region replication.
Members
SchemaExtensionInfo
Description
Information about a schema extension.
Members
- Description
-
- Type: string
A description of the schema extension.
- DirectoryId
-
- Type: string
The identifier of the directory to which the schema extension is applied.
- EndDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the schema extension was completed.
- SchemaExtensionId
-
- Type: string
The identifier of the schema extension.
- SchemaExtensionStatus
-
- Type: string
The current status of the schema extension.
- SchemaExtensionStatusReason
-
- Type: string
The reason for the
SchemaExtensionStatus. - StartDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the schema extension started being applied to the directory.
ServiceException
Description
An exception has occurred in Directory Service.
Members
Setting
Description
Contains information about the configurable settings for a directory.
Members
SettingEntry
Description
Contains information about the specified configurable setting for a directory.
Members
- AllowedValues
-
- Type: string
The valid range of values for the directory setting.
- AppliedValue
-
- Type: string
The value of the directory setting that is applied to the directory.
- LastRequestedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the request to update a directory setting was last submitted.
- LastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the directory setting was last updated.
- Name
-
- Type: string
The name of the directory setting. For example:
TLS_1_0 - RequestDetailedStatus
-
- Type: Associative array of custom strings keys (RegionName) to strings
Details about the status of the request to update the directory setting. If the directory setting is deployed in more than one region, status is returned for the request in each region where the setting is deployed.
- RequestStatus
-
- Type: string
The overall status of the request to update the directory setting request. If the directory setting is deployed in more than one region, and the request fails in any region, the overall status is
Failed. - RequestStatusMessage
-
- Type: string
The last status message for the directory status request.
- RequestedValue
-
- Type: string
The value that was last requested for the directory setting.
- Type
-
- Type: string
The type of directory setting. For example,
ProtocolorCipher.
ShareLimitExceededException
Description
The maximum number of Amazon Web Services accounts that you can share with this directory has been reached.
Members
ShareTarget
Description
Identifier that contains details about the directory consumer account.
Members
SharedDirectory
Description
Details about the shared directory in the directory owner account for which the share request in the directory consumer account has been accepted.
Members
- CreatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the shared directory was created.
- LastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the shared directory was last updated.
- OwnerAccountId
-
- Type: string
Identifier of the directory owner account, which contains the directory that has been shared to the consumer account.
- OwnerDirectoryId
-
- Type: string
Identifier of the directory in the directory owner account.
- ShareMethod
-
- Type: string
The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization (
ORGANIZATIONS) or with any Amazon Web Services account by sending a shared directory request (HANDSHAKE). - ShareNotes
-
- Type: string
A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.
- ShareStatus
-
- Type: string
Current directory status of the shared Managed Microsoft AD directory.
- SharedAccountId
-
- Type: string
Identifier of the directory consumer account that has access to the shared directory (
OwnerDirectoryId) in the directory owner account. - SharedDirectoryId
-
- Type: string
Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.
Snapshot
Description
Describes a directory snapshot.
Members
- DirectoryId
-
- Type: string
The directory identifier.
- Name
-
- Type: string
The descriptive name of the snapshot.
- SnapshotId
-
- Type: string
The snapshot identifier.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the snapshot was taken.
- Status
-
- Type: string
The snapshot status.
- Type
-
- Type: string
The snapshot type.
SnapshotLimitExceededException
Description
The maximum number of manual snapshots for the directory has been reached. You can use the GetSnapshotLimits operation to determine the snapshot limits for a directory.
Members
SnapshotLimits
Description
Contains manual snapshot limit information for a directory.
Members
Tag
Description
Metadata assigned to a directory consisting of a key-value pair.
Members
- Key
-
- Required: Yes
- Type: string
Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$").
- Value
-
- Required: Yes
- Type: string
The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$").
TagLimitExceededException
Description
The maximum allowed number of tags was exceeded.
Members
Trust
Description
Describes a trust relationship between an Managed Microsoft AD directory and an external domain.
Members
- CreatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the trust relationship was created.
- DirectoryId
-
- Type: string
The Directory ID of the Amazon Web Services directory involved in the trust relationship.
- LastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the trust relationship was last updated.
- RemoteDomainName
-
- Type: string
The Fully Qualified Domain Name (FQDN) of the external domain involved in the trust relationship.
- SelectiveAuth
-
- Type: string
Current state of selective authentication for the trust.
- StateLastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the TrustState was last updated.
- TrustDirection
-
- Type: string
The trust relationship direction.
- TrustId
-
- Type: string
The unique ID of the trust relationship.
- TrustState
-
- Type: string
The trust relationship state.
- TrustStateReason
-
- Type: string
The reason for the TrustState.
- TrustType
-
- Type: string
The trust relationship type.
Forestis the default.
UnshareTarget
Description
Identifier that contains details about the directory consumer account with whom the directory is being unshared.
Members
UnsupportedOperationException
Description
The operation is not supported.
Members
UnsupportedSettingsException
Description
The specified directory setting is not supported.
Members
UpdateInfoEntry
Description
An entry of update information related to a requested update type.
Members
- InitiatedBy
-
- Type: string
This specifies if the update was initiated by the customer or by the service team.
- LastUpdatedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last updated date and time of a particular directory setting.
- NewValue
-
- Type: UpdateValue structure
The new value of the target setting.
- PreviousValue
-
- Type: UpdateValue structure
The old value of the target setting.
- Region
-
- Type: string
The name of the Region.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The start time of the
UpdateDirectorySetupfor the particular type. - Status
-
- Type: string
The status of the update performed on the directory.
- StatusReason
-
- Type: string
The reason for the current status of the update type activity.
UpdateValue
Description
The value for a given type of UpdateSettings.
Members
- OSUpdateSettings
-
- Type: OSUpdateSettings structure
The OS update related settings.