AWS Directory Service Data 2023-05-31
- Client: Aws\DirectoryServiceData\DirectoryServiceDataClient
- Service ID: directory-service-data
- Version: 2023-05-31
This page describes the parameters and results for the operations of the AWS Directory Service Data (2023-05-31), and shows how to use the Aws\DirectoryServiceData\DirectoryServiceDataClient object to call the described operations. This documentation is specific to the 2023-05-31 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- AddGroupMember ( array $params = [] )
- Adds an existing user, group, or computer as a group member.
- CreateGroup ( array $params = [] )
- Creates a new group.
- CreateUser ( array $params = [] )
- Creates a new user.
- DeleteGroup ( array $params = [] )
- Deletes a group.
- DeleteUser ( array $params = [] )
- Deletes a user.
- DescribeGroup ( array $params = [] )
- Returns information about a specific group.
- DescribeUser ( array $params = [] )
- Returns information about a specific user.
- DisableUser ( array $params = [] )
- Deactivates an active user account.
- ListGroupMembers ( array $params = [] )
- Returns member information for the specified group.
- ListGroups ( array $params = [] )
- Returns group information for the specified directory.
- ListGroupsForMember ( array $params = [] )
- Returns group information for the specified member.
- ListUsers ( array $params = [] )
- Returns user information for the specified directory.
- RemoveGroupMember ( array $params = [] )
- Removes a member from a group.
- SearchGroups ( array $params = [] )
- Searches the specified directory for a group.
- SearchUsers ( array $params = [] )
- Searches the specified directory for a user.
- UpdateGroup ( array $params = [] )
- Updates group information.
- UpdateUser ( array $params = [] )
- Updates user information.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
AddGroupMember
$result = $client->addGroupMember
([/* ... */]); $promise = $client->addGroupMemberAsync
([/* ... */]);
Adds an existing user, group, or computer as a group member.
Parameter Syntax
$result = $client->addGroupMember([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'GroupName' => '<string>', // REQUIRED 'MemberName' => '<string>', // REQUIRED 'MemberRealm' => '<string>', ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the group.
- GroupName
-
- Required: Yes
- Type: string
The name of the group.
- MemberName
-
- Required: Yes
- Type: string
The
SAMAccountName
of the user, group, or computer to add as a group member. - MemberRealm
-
- Type: string
The domain name that's associated with the group member. This parameter is required only when adding a member outside of your Managed Microsoft AD domain to a group inside of your Managed Microsoft AD domain. This parameter defaults to the Managed Microsoft AD domain.
This parameter is case insensitive.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
CreateGroup
$result = $client->createGroup
([/* ... */]); $promise = $client->createGroupAsync
([/* ... */]);
Creates a new group.
Parameter Syntax
$result = $client->createGroup([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'GroupScope' => 'DomainLocal|Global|Universal|BuiltinLocal', 'GroupType' => 'Distribution|Security', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the group.
- GroupScope
-
- Type: string
The scope of the AD group. For details, see Active Directory security group scope.
- GroupType
-
- Type: string
The AD group type. For details, see Active Directory security group type.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
An expression that defines one or more attributes with the data type and value of each attribute.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group.
Result Syntax
[ 'DirectoryId' => '<string>', 'SAMAccountName' => '<string>', 'SID' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory that's associated with the group.
- SAMAccountName
-
- Type: string
The name of the group.
- SID
-
- Type: string
The unique security identifier (SID) of the group.
Errors
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
CreateUser
$result = $client->createUser
([/* ... */]); $promise = $client->createUserAsync
([/* ... */]);
Creates a new user.
Parameter Syntax
$result = $client->createUser([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'EmailAddress' => '<string>', 'GivenName' => '<string>', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'SAMAccountName' => '<string>', // REQUIRED 'Surname' => '<string>', ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that’s associated with the user.
- EmailAddress
-
- Type: string
The email address of the user.
- GivenName
-
- Type: string
The first name of the user.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.
Attribute names are case insensitive.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the user.
- Surname
-
- Type: string
The last name of the user.
Result Syntax
[ 'DirectoryId' => '<string>', 'SAMAccountName' => '<string>', 'SID' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory where the address block is added.
- SAMAccountName
-
- Type: string
The name of the user.
- SID
-
- Type: string
The unique security identifier (SID) of the user.
Errors
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
DeleteGroup
$result = $client->deleteGroup
([/* ... */]); $promise = $client->deleteGroupAsync
([/* ... */]);
Deletes a group.
Parameter Syntax
$result = $client->deleteGroup([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the group.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
DeleteUser
$result = $client->deleteUser
([/* ... */]); $promise = $client->deleteUserAsync
([/* ... */]);
Deletes a user.
Parameter Syntax
$result = $client->deleteUser([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the user.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the user.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
DescribeGroup
$result = $client->describeGroup
([/* ... */]); $promise = $client->describeGroupAsync
([/* ... */]);
Returns information about a specific group.
Parameter Syntax
$result = $client->describeGroup([ 'DirectoryId' => '<string>', // REQUIRED 'OtherAttributes' => ['<string>', ...], 'Realm' => '<string>', 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The Identifier (ID) of the directory associated with the group.
- OtherAttributes
-
- Type: Array of strings
One or more attributes to be returned for the group. For a list of supported attributes, see Directory Service Data Attributes.
- Realm
-
- Type: string
The domain name that's associated with the group.
This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.
This value is case insensitive.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group.
Result Syntax
[ 'DirectoryId' => '<string>', 'DistinguishedName' => '<string>', 'GroupScope' => 'DomainLocal|Global|Universal|BuiltinLocal', 'GroupType' => 'Distribution|Security', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'Realm' => '<string>', 'SAMAccountName' => '<string>', 'SID' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory that's associated with the group.
- DistinguishedName
-
- Type: string
The distinguished name of the object.
- GroupScope
-
- Type: string
The scope of the AD group. For details, see Active Directory security groups.
- GroupType
-
- Type: string
The AD group type. For details, see Active Directory security group type.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
The attribute values that are returned for the attribute names that are included in the request.
- Realm
-
- Type: string
The domain name that's associated with the group.
- SAMAccountName
-
- Type: string
The name of the group.
- SID
-
- Type: string
The unique security identifier (SID) of the group.
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
DescribeUser
$result = $client->describeUser
([/* ... */]); $promise = $client->describeUserAsync
([/* ... */]);
Returns information about a specific user.
Parameter Syntax
$result = $client->describeUser([ 'DirectoryId' => '<string>', // REQUIRED 'OtherAttributes' => ['<string>', ...], 'Realm' => '<string>', 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the user.
- OtherAttributes
-
- Type: Array of strings
One or more attribute names to be returned for the user. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.
- Realm
-
- Type: string
The domain name that's associated with the user.
This parameter is optional, so you can return users outside your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.
This value is case insensitive.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the user.
Result Syntax
[ 'DirectoryId' => '<string>', 'DistinguishedName' => '<string>', 'EmailAddress' => '<string>', 'Enabled' => true || false, 'GivenName' => '<string>', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'Realm' => '<string>', 'SAMAccountName' => '<string>', 'SID' => '<string>', 'Surname' => '<string>', 'UserPrincipalName' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory that's associated with the user.
- DistinguishedName
-
- Type: string
The distinguished name of the object.
- EmailAddress
-
- Type: string
The email address of the user.
- Enabled
-
- Type: boolean
Indicates whether the user account is active.
- GivenName
-
- Type: string
The first name of the user.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
The attribute values that are returned for the attribute names that are included in the request.
Attribute names are case insensitive.
- Realm
-
- Type: string
The domain name that's associated with the user.
- SAMAccountName
-
- Type: string
The name of the user.
- SID
-
- Type: string
The unique security identifier (SID) of the user.
- Surname
-
- Type: string
The last name of the user.
- UserPrincipalName
-
- Type: string
The UPN that is an Internet-style login name for a user and is based on the Internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
DisableUser
$result = $client->disableUser
([/* ... */]); $promise = $client->disableUserAsync
([/* ... */]);
Deactivates an active user account. For information about how to enable an inactive user account, see ResetUserPassword in the Directory Service API Reference.
Parameter Syntax
$result = $client->disableUser([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the user.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the user.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
ListGroupMembers
$result = $client->listGroupMembers
([/* ... */]); $promise = $client->listGroupMembersAsync
([/* ... */]);
Returns member information for the specified group.
This operation supports pagination with the use of the NextToken
request and response parameters. If more results are available, the ListGroupMembers.NextToken
member contains a token that you pass in the next call to ListGroupMembers
. This retrieves the next set of items.
You can also specify a maximum number of return results with the MaxResults
parameter.
Parameter Syntax
$result = $client->listGroupMembers([ 'DirectoryId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'MemberRealm' => '<string>', 'NextToken' => '<string>', 'Realm' => '<string>', 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the group.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request.
- MemberRealm
-
- Type: string
The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain.
This parameter is optional and case insensitive.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name that's associated with the group.
This parameter is optional, so you can return members from a group outside of your Managed Microsoft AD domain. When no value is defined, only members of your Managed Microsoft AD groups are returned.
This value is case insensitive.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group.
Result Syntax
[ 'DirectoryId' => '<string>', 'MemberRealm' => '<string>', 'Members' => [ [ 'MemberType' => 'USER|GROUP|COMPUTER', 'SAMAccountName' => '<string>', 'SID' => '<string>', ], // ... ], 'NextToken' => '<string>', 'Realm' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
Identifier (ID) of the directory associated with the group.
- MemberRealm
-
- Type: string
The domain name that's associated with the member.
- Members
-
- Type: Array of Member structures
The member information that the request returns.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name that's associated with the group.
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
ListGroups
$result = $client->listGroups
([/* ... */]); $promise = $client->listGroupsAsync
([/* ... */]);
Returns group information for the specified directory.
This operation supports pagination with the use of the NextToken
request and response parameters. If more results are available, the ListGroups.NextToken
member contains a token that you pass in the next call to ListGroups
. This retrieves the next set of items.
You can also specify a maximum number of return results with the MaxResults
parameter.
Parameter Syntax
$result = $client->listGroups([ 'DirectoryId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', 'Realm' => '<string>', ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the group.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name associated with the directory.
This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.
This value is case insensitive.
Result Syntax
[ 'DirectoryId' => '<string>', 'Groups' => [ [ 'GroupScope' => 'DomainLocal|Global|Universal|BuiltinLocal', 'GroupType' => 'Distribution|Security', 'SAMAccountName' => '<string>', 'SID' => '<string>', ], // ... ], 'NextToken' => '<string>', 'Realm' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory that's associated with the group.
- Groups
-
- Type: Array of GroupSummary structures
The group information that the request returns.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name associated with the group.
Errors
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
ListGroupsForMember
$result = $client->listGroupsForMember
([/* ... */]); $promise = $client->listGroupsForMemberAsync
([/* ... */]);
Returns group information for the specified member.
This operation supports pagination with the use of the NextToken
request and response parameters. If more results are available, the ListGroupsForMember.NextToken
member contains a token that you pass in the next call to ListGroupsForMember
. This retrieves the next set of items.
You can also specify a maximum number of return results with the MaxResults
parameter.
Parameter Syntax
$result = $client->listGroupsForMember([ 'DirectoryId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'MemberRealm' => '<string>', 'NextToken' => '<string>', 'Realm' => '<string>', 'SAMAccountName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the member.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request.
- MemberRealm
-
- Type: string
The domain name that's associated with the group member.
This parameter is optional, so you can limit your results to the group members in a specific domain.
This parameter is case insensitive and defaults to
Realm
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name that's associated with the group.
This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.
This value is case insensitive and defaults to your Managed Microsoft AD domain.
- SAMAccountName
-
- Required: Yes
- Type: string
The
SAMAccountName
of the user, group, or computer that's a member of the group.
Result Syntax
[ 'DirectoryId' => '<string>', 'Groups' => [ [ 'GroupScope' => 'DomainLocal|Global|Universal|BuiltinLocal', 'GroupType' => 'Distribution|Security', 'SAMAccountName' => '<string>', 'SID' => '<string>', ], // ... ], 'MemberRealm' => '<string>', 'NextToken' => '<string>', 'Realm' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory that's associated with the member.
- Groups
-
- Type: Array of GroupSummary structures
The group information that the request returns.
- MemberRealm
-
- Type: string
The domain that's associated with the member.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain that's associated with the group.
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
ListUsers
$result = $client->listUsers
([/* ... */]); $promise = $client->listUsersAsync
([/* ... */]);
Returns user information for the specified directory.
This operation supports pagination with the use of the NextToken
request and response parameters. If more results are available, the ListUsers.NextToken
member contains a token that you pass in the next call to ListUsers
. This retrieves the next set of items.
You can also specify a maximum number of return results with the MaxResults
parameter.
Parameter Syntax
$result = $client->listUsers([ 'DirectoryId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', 'Realm' => '<string>', ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the user.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name that's associated with the user.
This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.
This value is case insensitive.
Result Syntax
[ 'DirectoryId' => '<string>', 'NextToken' => '<string>', 'Realm' => '<string>', 'Users' => [ [ 'Enabled' => true || false, 'GivenName' => '<string>', 'SAMAccountName' => '<string>', 'SID' => '<string>', 'Surname' => '<string>', ], // ... ], ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory that's associated with the user.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain that's associated with the user.
- Users
-
- Type: Array of UserSummary structures
The user information that the request returns.
Errors
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
RemoveGroupMember
$result = $client->removeGroupMember
([/* ... */]); $promise = $client->removeGroupMemberAsync
([/* ... */]);
Removes a member from a group.
Parameter Syntax
$result = $client->removeGroupMember([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'GroupName' => '<string>', // REQUIRED 'MemberName' => '<string>', // REQUIRED 'MemberRealm' => '<string>', ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the member.
- GroupName
-
- Required: Yes
- Type: string
The name of the group.
- MemberName
-
- Required: Yes
- Type: string
The
SAMAccountName
of the user, group, or computer to remove from the group. - MemberRealm
-
- Type: string
The domain name that's associated with the group member. This parameter defaults to the Managed Microsoft AD domain.
This parameter is optional and case insensitive.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
SearchGroups
$result = $client->searchGroups
([/* ... */]); $promise = $client->searchGroupsAsync
([/* ... */]);
Searches the specified directory for a group. You can find groups that match the SearchString
parameter with the value of their attributes included in the SearchString
parameter.
This operation supports pagination with the use of the NextToken
request and response parameters. If more results are available, the SearchGroups.NextToken
member contains a token that you pass in the next call to SearchGroups
. This retrieves the next set of items.
You can also specify a maximum number of return results with the MaxResults
parameter.
Parameter Syntax
$result = $client->searchGroups([ 'DirectoryId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', 'Realm' => '<string>', 'SearchAttributes' => ['<string>', ...], // REQUIRED 'SearchString' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the group.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name that's associated with the group.
This parameter is optional, so you can return groups outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD groups are returned.
This value is case insensitive.
- SearchAttributes
-
- Required: Yes
- Type: Array of strings
One or more data attributes that are used to search for a group. For a list of supported attributes, see Directory Service Data Attributes.
- SearchString
-
- Required: Yes
- Type: string
The attribute value that you want to search for.
Wildcard
(*)
searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes.
Result Syntax
[ 'DirectoryId' => '<string>', 'Groups' => [ [ 'DistinguishedName' => '<string>', 'GroupScope' => 'DomainLocal|Global|Universal|BuiltinLocal', 'GroupType' => 'Distribution|Security', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'SAMAccountName' => '<string>', 'SID' => '<string>', ], // ... ], 'NextToken' => '<string>', 'Realm' => '<string>', ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory that's associated with the group.
- Groups
-
- Type: Array of Group structures
The group information that the request returns.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain that's associated with the group.
Errors
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
SearchUsers
$result = $client->searchUsers
([/* ... */]); $promise = $client->searchUsersAsync
([/* ... */]);
Searches the specified directory for a user. You can find users that match the SearchString
parameter with the value of their attributes included in the SearchString
parameter.
This operation supports pagination with the use of the NextToken
request and response parameters. If more results are available, the SearchUsers.NextToken
member contains a token that you pass in the next call to SearchUsers
. This retrieves the next set of items.
You can also specify a maximum number of return results with the MaxResults
parameter.
Parameter Syntax
$result = $client->searchUsers([ 'DirectoryId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', 'Realm' => '<string>', 'SearchAttributes' => ['<string>', ...], // REQUIRED 'SearchString' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the user.
- MaxResults
-
- Type: int
The maximum number of results to be returned per request.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain name that's associated with the user.
This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.
This value is case insensitive.
- SearchAttributes
-
- Required: Yes
- Type: Array of strings
One or more data attributes that are used to search for a user. For a list of supported attributes, see Directory Service Data Attributes.
- SearchString
-
- Required: Yes
- Type: string
The attribute value that you want to search for.
Wildcard
(*)
searches aren't supported. For a list of supported attributes, see Directory Service Data Attributes.
Result Syntax
[ 'DirectoryId' => '<string>', 'NextToken' => '<string>', 'Realm' => '<string>', 'Users' => [ [ 'DistinguishedName' => '<string>', 'EmailAddress' => '<string>', 'Enabled' => true || false, 'GivenName' => '<string>', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'SAMAccountName' => '<string>', 'SID' => '<string>', 'Surname' => '<string>', 'UserPrincipalName' => '<string>', ], // ... ], ]
Result Details
Members
- DirectoryId
-
- Type: string
The identifier (ID) of the directory where the address block is added.
- NextToken
-
- Type: string
An encoded paging token for paginated calls that can be passed back to retrieve the next page.
- Realm
-
- Type: string
The domain that's associated with the user.
- Users
-
- Type: Array of User structures
The user information that the request returns.
Errors
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
UpdateGroup
$result = $client->updateGroup
([/* ... */]); $promise = $client->updateGroupAsync
([/* ... */]);
Updates group information.
Parameter Syntax
$result = $client->updateGroup([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'GroupScope' => 'DomainLocal|Global|Universal|BuiltinLocal', 'GroupType' => 'Distribution|Security', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'SAMAccountName' => '<string>', // REQUIRED 'UpdateType' => 'ADD|REPLACE|REMOVE', ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the group.
- GroupScope
-
- Type: string
The scope of the AD group. For details, see Active Directory security groups.
- GroupType
-
- Type: string
The AD group type. For details, see Active Directory security group type.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
An expression that defines one or more attributes with the data type and the value of each attribute.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group.
- UpdateType
-
- Type: string
The type of update to be performed. If no value exists for the attribute, use
ADD
. Otherwise, useREPLACE
to change an attribute value orREMOVE
to clear the attribute value.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
UpdateUser
$result = $client->updateUser
([/* ... */]); $promise = $client->updateUserAsync
([/* ... */]);
Updates user information.
Parameter Syntax
$result = $client->updateUser([ 'ClientToken' => '<string>', 'DirectoryId' => '<string>', // REQUIRED 'EmailAddress' => '<string>', 'GivenName' => '<string>', 'OtherAttributes' => [ '<LdapDisplayName>' => [ 'BOOL' => true || false, 'N' => <integer>, 'S' => '<string>', 'SS' => ['<string>', ...], ], // ... ], 'SAMAccountName' => '<string>', // REQUIRED 'Surname' => '<string>', 'UpdateType' => 'ADD|REPLACE|REMOVE', ]);
Parameter Details
Members
- ClientToken
-
- Type: string
A unique and case-sensitive identifier that you provide to make sure the idempotency of the request, so multiple identical calls have the same effect as one single call.
A client token is valid for 8 hours after the first request that uses it completes. After 8 hours, any request with the same client token is treated as a new request. If the request succeeds, any future uses of that token will be idempotent for another 8 hours.
If you submit a request with the same client token but change one of the other parameters within the 8-hour idempotency window, Directory Service Data returns an
ConflictException
.This parameter is optional when using the CLI or SDK.
- DirectoryId
-
- Required: Yes
- Type: string
The identifier (ID) of the directory that's associated with the user.
- EmailAddress
-
- Type: string
The email address of the user.
- GivenName
-
- Type: string
The first name of the user.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
An expression that defines one or more attribute names with the data type and value of each attribute. A key is an attribute name, and the value is a list of maps. For a list of supported attributes, see Directory Service Data Attributes.
Attribute names are case insensitive.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the user.
- Surname
-
- Type: string
The last name of the user.
- UpdateType
-
- Type: string
The type of update to be performed. If no value exists for the attribute, use
ADD
. Otherwise, useREPLACE
to change an attribute value orREMOVE
to clear the attribute value.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The resource couldn't be found.
- AccessDeniedException:
You don't have permission to perform the request or access the directory. It can also occur when the
DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
- InternalServerException:
The operation didn't succeed because an internal error occurred. Try again later.
- ValidationException:
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
- DirectoryUnavailableException:
The request could not be completed due to a problem in the configuration or current state of the specified directory.
- ConflictException:
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
- ThrottlingException:
The limit on the number of requests per second has been exceeded.
Shapes
AccessDeniedException
Description
You don't have permission to perform the request or access the directory. It can also occur when the DirectoryId
doesn't exist or the user, member, or group might be outside of your organizational unit (OU).
Make sure that you have the authentication and authorization to perform the action. Review the directory information in the request, and make sure that the object isn't outside of your OU.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
Reason the request was unauthorized.
AttributeValue
Description
The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.
Members
- BOOL
-
- Type: boolean
Indicates that the attribute type value is a boolean. For example:
"BOOL": true
- N
-
- Type: long (int|float)
Indicates that the attribute type value is a number. For example:
"N": "16"
- S
-
- Type: string
Indicates that the attribute type value is a string. For example:
"S": "S Group"
- SS
-
- Type: Array of strings
Indicates that the attribute type value is a string set. For example:
"SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]
ConflictException
Description
This error will occur when you try to create a resource that conflicts with an existing object. It can also occur when adding a member to a group that the member is already in.
This error can be caused by a request sent within the 8-hour idempotency window with the same client token but different input parameters. Client tokens should not be re-used across different requests. After 8 hours, any request with the same client token is treated as a new request.
Members
- Message
-
- Type: string
DirectoryUnavailableException
Description
The request could not be completed due to a problem in the configuration or current state of the specified directory.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
Reason the request failed for the specified directory.
Group
Description
A group object that contains identifying information and attributes for a specified group.
Members
- DistinguishedName
-
- Type: string
The distinguished name of the object.
- GroupScope
-
- Type: string
The scope of the AD group. For details, see Active Directory security groups
- GroupType
-
- Type: string
The AD group type. For details, see Active Directory security group type.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
An expression of one or more attributes, data types, and the values of a group.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group.
- SID
-
- Type: string
The unique security identifier (SID) of the group.
GroupSummary
Description
A structure containing a subset of fields of a group object from a directory.
Members
- GroupScope
-
- Required: Yes
- Type: string
The scope of the AD group. For details, see Active Directory security groups.
- GroupType
-
- Required: Yes
- Type: string
The AD group type. For details, see Active Directory security group type.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group.
- SID
-
- Required: Yes
- Type: string
The unique security identifier (SID) of the group.
InternalServerException
Description
The operation didn't succeed because an internal error occurred. Try again later.
Members
- Message
-
- Type: string
Member
Description
A member object that contains identifying information for a specified member.
Members
- MemberType
-
- Required: Yes
- Type: string
The AD type of the member object.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the group member.
- SID
-
- Required: Yes
- Type: string
The unique security identifier (SID) of the group member.
ResourceNotFoundException
Description
The resource couldn't be found.
Members
- Message
-
- Type: string
ThrottlingException
Description
The limit on the number of requests per second has been exceeded.
Members
- Message
-
- Required: Yes
- Type: string
- RetryAfterSeconds
-
- Type: int
The recommended amount of seconds to retry after a throttling exception.
User
Description
A user object that contains identifying information and attributes for a specified user.
Members
- DistinguishedName
-
- Type: string
The distinguished name of the object.
- EmailAddress
-
- Type: string
The email address of the user.
- Enabled
-
- Type: boolean
Indicates whether the user account is active.
- GivenName
-
- Type: string
The first name of the user.
- OtherAttributes
-
- Type: Associative array of custom strings keys (LdapDisplayName) to AttributeValue structures
An expression that includes one or more attributes, data types, and values of a user.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the user.
- SID
-
- Type: string
The unique security identifier (SID) of the user.
- Surname
-
- Type: string
The last name of the user.
- UserPrincipalName
-
- Type: string
The UPN that is an internet-style login name for a user and based on the internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.
UserSummary
Description
A structure containing a subset of the fields of a user object from a directory.
Members
- Enabled
-
- Required: Yes
- Type: boolean
Indicates whether the user account is active.
- GivenName
-
- Type: string
The first name of the user.
- SAMAccountName
-
- Required: Yes
- Type: string
The name of the user.
- SID
-
- Required: Yes
- Type: string
The unique security identifier (SID) of the user.
- Surname
-
- Type: string
The last name of the user.
ValidationException
Description
The request isn't valid. Review the details in the error message to update the invalid parameters or values in your request.
Members
- Message
-
- Type: string
- Reason
-
- Type: string
Reason the request failed validation.