# 使用 AWS CLI 的 Directory Service 数据示例
以下代码示例演示如何通过将 AWS Command Line Interface 与 Directory Service 数据结合使用,来执行操作和实现常见场景。
*操作是大型程序的代码摘录*,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [操作](#actions)
## 操作
### `add-group-member`
以下代码示例演示了如何使用 `add-group-member`。
**AWS CLI**
**向目录中添加组成员**
以下 `add-group-member` 示例向指定目录中的指定组添加指定用户。
```
aws ds-data add-group-member \
--directory-id d-1234567890 \
--group-name 'sales' \
--member-name 'john.doe'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Adding or removing AWS Managed Microsoft AD members to groups and groups to groups](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_add_remove_user_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AddGroupMember](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/add-group-member.html)。
### `create-group`
以下代码示例演示了如何使用 `create-group`。
**AWS CLI**
**列出可用的小部件**
以下 `create-group` 示例在指定的目录中创建组。
```
aws ds-data create-group \
--directory-id d-1234567890 \
--sam-account-name "sales"
```
输出:
```
{
"DirectoryId": "d-1234567890",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5567891234-5678912345-67891234567-8912"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Creating an AWS Managed Microsoft AD group](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/create-group.html)。
### `create-user`
以下代码示例演示了如何使用 `create-user`。
**AWS CLI**
**创建用户**
以下 `create-user` 示例在指定目录中创建用户。
```
aws ds-data create-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
输出:
```
{
"DirectoryId": "d-1234567890",
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5567891234-5678912345-67891234567-8912"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Creating an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/create-user.html)。
### `delete-group`
以下代码示例演示了如何使用 `delete-group`。
**AWS CLI**
**删除组**
以下 `delete-group` 示例从指定目录中删除指定组。
```
aws ds-data delete-group \
--directory-id d-1234567890 \
--sam-account-name 'sales'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Deleting an AWS Managed Microsoft AD group](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_delete_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/delete-group.html)。
### `delete-user`
以下代码示例演示了如何使用 `delete-user`。
**AWS CLI**
**删除用户**
以下 `delete-user` 示例从指定目录中删除指定用户。
```
aws ds-data delete-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Deleting an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_delete_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考**》中的 [DeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/delete-user.html)。
### `describe-group`
以下代码示例演示了如何使用 `describe-group`。
**AWS CLI**
**列出组的详细信息**
以下 `describe-group` 示例获取指定目录中的指定组的信息。
```
aws ds-data describe-group \
--directory-id d-1234567890 \
--sam-account-name 'sales'
```
输出:
```
{
"DirectoryId": "d-1234567890",
"DistinguishedName": "CN=sales,OU=Users,OU=CORP,DC=corp,DC=example,DC=com",
"GroupScope": "Global",
"GroupType": "Security",
"Realm": "corp.example.com",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5567891234-5678912345-67891234567-8912"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD group's details](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/describe-group.html)。
### `describe-user`
以下代码示例演示了如何使用 `describe-user`。
**AWS CLI**
**列出用户的信息**
以下 `describe-user` 示例获取指定目录中的指定用户的信息。
```
aws ds-data describe-user command-name \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
输出:
```
{
"DirectoryId": "d-1234567890",
"DistinguishedName": "CN=john.doe,OU=Users,OU=CORP,DC=corp,DC=example,DC=com",
"Enabled": false,
"Realm": "corp.example.com",
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567",
"UserPrincipalName": "john.doe@CORP.EXAMPLE.COM"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DescribeUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/describe-user.html)。
### `disable-directory-data-access`
以下代码示例演示了如何使用 `disable-directory-data-access`。
**AWS CLI**
**禁用目录的 Directory Service Data API**
以下 `disable-directory-data-access` 示例禁用指定目录的 Directory Service Data API。
```
aws ds disable-directory-data-access \
--directory-id d-1234567890
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Enabling or disabling user and group management or AWS Directory Service Data](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_users_groups_mgmt_enable_disable.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DisableDirectoryDataAccess](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/disable-directory-data-access.html)。
### `disable-user`
以下代码示例演示了如何使用 `disable-user`。
**AWS CLI**
**禁用用户**
以下 `disable-user` 示例禁用指定目录中的指定用户。
```
aws ds-data disable-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Disabling an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_disable_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DisableUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/disable-user.html)。
### `enable-directory-data-access`
以下代码示例演示了如何使用 `enable-directory-data-access`。
**AWS CLI**
**启用目录的 Directory Service Data API**
以下 `enable-directory-data-access` 示例启用指定目录的 Directory Service Data API。
```
aws ds enable-directory-data-access \
--directory-id d-1234567890
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Enabling or disabling user and group management or AWS Directory Service Data](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_users_groups_mgmt_enable_disable.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [EnableDirectoryDataAccess](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/enable-directory-data-access.html)。
### `list-group-members`
以下代码示例演示了如何使用 `list-group-members`。
**AWS CLI**
**列出目录的组成员**
以下 `list-group-members` 示例列出指定目录中的指定组的组成员。
```
aws ds-data list-group-members \
--directory-id d-1234567890 \
--sam-account-name 'sales'
```
输出:
```
{
"Members": [
{
"MemberType": "USER",
"SAMAccountName": "Jane Doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4568"
},
{
"MemberType": "USER",
"SAMAccountName": "John Doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4569"
}
],
"DirectoryId": "d-1234567890",
"MemberRealm": "corp.example.com",
"Realm": "corp.example.com"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD group's details](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListGroupMembers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-group-members.html)。
### `list-groups-for-member`
以下代码示例演示了如何使用 `list-groups-for-member`。
**AWS CLI**
**列出目录的组成员资格**
以下 `list-groups-for-member` 示例列出指定目录中的指定用户的组成员资格。
```
aws ds-data list-groups-for-member \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
输出:
```
{
"Groups": [
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Users",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"MemberRealm": "corp.example.com",
"Realm": "corp.example.com"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListGroupsForMember](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-groups-for-member.html)。
### `list-groups`
以下代码示例演示了如何使用 `list-groups`。
**AWS CLI**
**列出目录的组**
以下 `list-groups` 示例列出指定目录中的组。
```
aws ds-data list-groups \
--directory-id d-1234567890
```
输出:
```
{
"Groups": [
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Administrators",
"SID": "S-1-2-33-441"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Users",
"SID": "S-1-2-33-442"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Guests",
"SID": "S-1-2-33-443"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Print Operators",
"SID": "S-1-2-33-444"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Backup Operators",
"SID": "S-1-2-33-445"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Replicator",
"SID": "S-1-2-33-446"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Remote Desktop Users",
"SID": "S-1-2-33-447"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Network Configuration Operators",
"SID": "S-1-2-33-448"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Performance Monitor Users",
"SID": "S-1-2-33-449"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Performance Log Users",
"SID": "S-1-2-33-450"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Distributed COM Users",
"SID": "S-1-2-33-451"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "IIS_IUSRS",
"SID": "S-1-2-33-452"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Cryptographic Operators",
"SID": "S-1-2-33-453"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Event Log Readers",
"SID": "S-1-2-33-454"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Certificate Service DCOM Access",
"SID": "S-1-2-33-456"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "RDS Remote Access Servers",
"SID": "S-1-2-33-457"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "RDS Endpoint Servers",
"SID": "S-1-2-33-458"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "RDS Management Servers",
"SID": "S-1-2-33-459"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Hyper-V Administrators",
"SID": "S-1-2-33-460"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Access Control Assistance Operators",
"SID": "S-1-2-33-461"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Remote Management Users",
"SID": "S-1-2-33-462"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Storage Replica Administrators",
"SID": "S-1-2-33-463"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Computers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-789"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-790"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Schema Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-791"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Enterprise Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-792"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Cert Publishers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-793"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-794"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Users",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-795"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Guests",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-796"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Group Policy Creator Owners",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-797"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "RAS and IAS Servers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-798"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Server Operators",
"SID": "S-1-2-33-464"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Account Operators",
"SID": "S-1-2-33-465"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Pre-Windows 2000 Compatible Access",
"SID": "S-1-2-33-466"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Incoming Forest Trust Builders",
"SID": "S-1-2-33-467"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Windows Authorization Access Group",
"SID": "S-1-2-33-468"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Terminal Server License Servers",
"SID": "S-1-2-33-469"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Allowed RODC Password Replication Group",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-798"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Denied RODC Password Replication Group",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-799"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Read-only Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-800"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Enterprise Read-only Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-801"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Cloneable Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-802"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Protected Users",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-803"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Key Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-804"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Enterprise Key Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-805"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "DnsAdmins",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "DnsUpdateProxy",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4568"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Admins",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4569"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWSAdministrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4570"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Object Management Service Accounts",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4571"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Private CA Connector for AD Delegated Group",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4572"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Application and Service Delegated Group",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4573"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4574"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated FSx Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4575"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Account Operators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4576"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Active Directory Based Activation Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4577"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Allowed to Authenticate Objects",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4578"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Allowed to Authenticate to Domain Controllers",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4579"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Deleted Object Lifetime Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4580"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Distributed File System Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4581"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Dynamic Host Configuration Protocol Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4582"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Enterprise Certificate Authority Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4583"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Fine Grained Password Policy Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4584"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Group Policy Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4585"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Managed Service Account Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4586"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Read Foreign Security Principals",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4587"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Remote Access Service Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4588"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Replicate Directory Changes Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4588"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Sites and Services Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4589"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated System Management Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4590"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Terminal Server Licensing Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4591"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated User Principal Name Suffix Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4592"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Add Workstations To Domain Users",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4593"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Domain Name System Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4594"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Kerberos Delegation Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4595"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Server Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4596"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated MS-NPRC Non-Compliant Devices",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4597"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Remote Access",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4598"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Accounting",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4599"
},
{
"GroupScope": "Global",
"GroupType": "Distribution",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD group's details](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-groups.html)。
### `list-users`
以下代码示例演示了如何使用 `list-users`。
**AWS CLI**
**列出目录的用户**
以下 `list-users` 示例列出指定目录中的用户。
```
aws ds-data list-users \
--directory-id d-1234567890
```
输出:
```
{
"Users": [
{
"Enabled": true,
"SAMAccountName": "Administrator",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-345"
},
{
"Enabled": false,
"SAMAccountName": "Guest",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-345"
},
{
"Enabled": false,
"SAMAccountName": "krbtgt",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-346"
},
{
"Enabled": true,
"SAMAccountName": "Admin",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-347"
},
{
"Enabled": true,
"SAMAccountName": "Richard Roe",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-348"
},
{
"Enabled": true,
"SAMAccountName": "Jane Doe",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-349"
},
{
"Enabled": true,
"SAMAccountName": "AWS_WGnzYlN6YyY",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
},
{
"Enabled": true,
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4568"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考**》中的 [ListUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-users.html)。
### `remove-group-member`
以下代码示例演示了如何使用 `remove-group-member`。
**AWS CLI**
**从目录中移除组成员**
以下 `remove-group-member` 示例从指定目录中的指定组中移除指定的组成员。
```
aws ds-data remove-group-member \
--directory-id d-1234567890 \
--group-name 'sales' \
--member-name 'john.doe'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Adding and removing AWS Managed Microsoft AD members to groups and groups to groups](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_add_remove_user_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [RemoveGroupMember](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/remove-group-member.html)。
### `reset-user-password`
以下代码示例演示了如何使用 `reset-user-password`。
**AWS CLI**
**重置目录中的用户密码**
以下 `reset-user-password` 示例重置和启用指定目录中的指定用户的密码。
```
aws ds reset-user-password \
--directory-id d-1234567890 \
--user-name 'john.doe' \
--new-password 'password'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Resetting and enabling an AWS Managed Microsoft AD user's password](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_reset_user_pswd.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ResetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/reset-user-password.html)。
### `search-groups`
以下代码示例演示了如何使用 `search-groups`。
**AWS CLI**
**在目录中搜索组**
以下 `search-groups` 示例在指定目录中搜索指定组。
```
aws ds-data search-groups \
--directory-id d-1234567890 \
--search-attributes 'SamAccountName' \
--search-string 'sales'
```
输出:
```
{
"Groups": [
{
"GroupScope": "Global",
"GroupType": "Distribution",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD group's details](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [SearchGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/search-groups.html)。
### `search-users`
以下代码示例演示了如何使用 `search-users`。
**AWS CLI**
**在目录中搜索用户**
以下 `search-users` 示例在指定目录中搜索指定用户。
```
aws ds-data search-users \
--directory-id d-1234567890 \
--search-attributes 'SamAccountName' \
--Search-string 'john.doe'
```
输出:
```
{
"Users": [
{
"Enabled": true,
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [SearchUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/search-users.html)。
### `update-group`
以下代码示例演示了如何使用 `update-group`。
**AWS CLI**
**更新目录中的组的属性**
以下 `update-group` 示例更新指定目录中的指定组的指定属性。
```
aws ds-data update-group \
--directory-id d-1234567890 \
--sam-account-name 'sales' \
--update-type 'REPLACE' \
--group-type 'Distribution'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD group's details](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/update-group.html)。
### `update-user`
以下代码示例演示了如何使用 `update-user`。
**AWS CLI**
**更新目录中的用户的属性**
以下 `update-user` 示例更新指定目录中的指定用户的指定属性。
```
aws ds-data update-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe' \
--update-type 'ADD' \
--email-address 'example.corp.com'
```
此命令不生成任何输出。
有关更多信息,请参阅《AWS Directory Service Administration Guide》**中的 [Viewing and updating an AWS Managed Microsoft AD user](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/update-user.html)。