本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# Directory Service 使用 的資料範例 AWS CLI
下列程式碼範例示範如何使用 AWS Command Line Interface 搭配 Directory Service 資料來執行動作和實作常見案例。
*Actions* 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境中查看內容中的動作。
每個範例均包含完整原始碼的連結,您可在連結中找到如何設定和執行內容中程式碼的相關指示。
**Topics**
+ [動作](#actions)
## 動作
### `add-group-member`
以下程式碼範例顯示如何使用 `add-group-member`。
**AWS CLI**
**將群組成員新增至目錄**
下列 `add-group-member` 範例會將指定的使用者,新增至指定目錄中的指定群組。
```
aws ds-data add-group-member \
--directory-id d-1234567890 \
--group-name 'sales' \
--member-name 'john.doe'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[將 AWS Managed Microsoft AD 成員新增至群組或將群組新增至群組](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_add_remove_user_group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [AddGroupMember](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/add-group-member.html)。
### `create-group`
以下程式碼範例顯示如何使用 `create-group`。
**AWS CLI**
**列出可用的小工具**
下列 `create-group` 範例會在指定的目錄中建立群組。
```
aws ds-data create-group \
--directory-id d-1234567890 \
--sam-account-name "sales"
```
輸出:
```
{
"DirectoryId": "d-1234567890",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5567891234-5678912345-67891234567-8912"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[建立 AWS Managed Microsoft AD 群組](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/create-group.html)。
### `create-user`
以下程式碼範例顯示如何使用 `create-user`。
**AWS CLI**
**建立使用者**
下列 `create-user` 範例會在指定的目錄中建立使用者。
```
aws ds-data create-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
輸出:
```
{
"DirectoryId": "d-1234567890",
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5567891234-5678912345-67891234567-8912"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[建立 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_create_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/create-user.html)。
### `delete-group`
以下程式碼範例顯示如何使用 `delete-group`。
**AWS CLI**
**刪除群組**
下列 `delete-group` 範例會從指定的目錄刪除指定的群組。
```
aws ds-data delete-group \
--directory-id d-1234567890 \
--sam-account-name 'sales'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[刪除 AWS Managed Microsoft AD 群組](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_delete_group.html)。
+ 如需 API 詳細資訊,請參閱**《AWS CLI 命令參考》中的 [DeleteGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/delete-group.html)。
### `delete-user`
以下程式碼範例顯示如何使用 `delete-user`。
**AWS CLI**
**若要刪除使用者**
下列 `delete-user` 範例會從指定的目錄刪除指定的使用者。
```
aws ds-data delete-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[刪除 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_delete_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DeleteUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/delete-user.html)。
### `describe-group`
以下程式碼範例顯示如何使用 `describe-group`。
**AWS CLI**
**列出群組的詳細資訊**
下列 `describe-group` 範例會取得指定目錄中指定群組的資訊。
```
aws ds-data describe-group \
--directory-id d-1234567890 \
--sam-account-name 'sales'
```
輸出:
```
{
"DirectoryId": "d-1234567890",
"DistinguishedName": "CN=sales,OU=Users,OU=CORP,DC=corp,DC=example,DC=com",
"GroupScope": "Global",
"GroupType": "Security",
"Realm": "corp.example.com",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5567891234-5678912345-67891234567-8912"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 群組的詳細資訊](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/describe-group.html)。
### `describe-user`
以下程式碼範例顯示如何使用 `describe-user`。
**AWS CLI**
**列出使用者的資訊**
下列 `describe-user` 範例會取得指定目錄中指定使用者的資訊。
```
aws ds-data describe-user command-name \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
輸出:
```
{
"DirectoryId": "d-1234567890",
"DistinguishedName": "CN=john.doe,OU=Users,OU=CORP,DC=corp,DC=example,DC=com",
"Enabled": false,
"Realm": "corp.example.com",
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567",
"UserPrincipalName": "john.doe@CORP.EXAMPLE.COM"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DescribeUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/describe-user.html)。
### `disable-directory-data-access`
以下程式碼範例顯示如何使用 `disable-directory-data-access`。
**AWS CLI**
**停用目錄的 Directory Service Data API**
下列 `disable-directory-data-access` 範例會停用指定目錄的 Directory Service Data API。
```
aws ds disable-directory-data-access \
--directory-id d-1234567890
```
此命令不會產生輸出。
如需詳細資訊,請參閱[AWS 《 Directory Service 管理指南》中的啟用或停用使用者和群組管理或 Directory Service Data](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_users_groups_mgmt_enable_disable.html)。 *AWS *
+ 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [DisableDirectoryDataAccess](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/disable-directory-data-access.html)。
### `disable-user`
以下程式碼範例顯示如何使用 `disable-user`。
**AWS CLI**
**停用使用者**
下列 `disable-user` 範例停用指定目錄中的指定使用者。
```
aws ds-data disable-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[停用 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_disable_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [DisableUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/disable-user.html)。
### `enable-directory-data-access`
以下程式碼範例顯示如何使用 `enable-directory-data-access`。
**AWS CLI**
**啟用目錄的 Directory Service Data API**
下列 `enable-directory-data-access` 範例會啟用指定目錄的 Directory Service Data API。
```
aws ds enable-directory-data-access \
--directory-id d-1234567890
```
此命令不會產生輸出。
如需詳細資訊,請參閱[AWS 《 Directory Service 管理指南》中的啟用或停用使用者和群組管理或 Directory Service Data](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_users_groups_mgmt_enable_disable.html)。 *AWS *
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [EnableDirectoryDataAccess](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/enable-directory-data-access.html)。
### `list-group-members`
以下程式碼範例顯示如何使用 `list-group-members`。
**AWS CLI**
**列出目錄的群組成員**
下列 `list-group-members` 範例列出指定目錄中,指定之群組的群組成員。
```
aws ds-data list-group-members \
--directory-id d-1234567890 \
--sam-account-name 'sales'
```
輸出:
```
{
"Members": [
{
"MemberType": "USER",
"SAMAccountName": "Jane Doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4568"
},
{
"MemberType": "USER",
"SAMAccountName": "John Doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4569"
}
],
"DirectoryId": "d-1234567890",
"MemberRealm": "corp.example.com",
"Realm": "corp.example.com"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 群組的詳細資訊](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListGroupMembers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-group-members.html)。
### `list-groups-for-member`
以下程式碼範例顯示如何使用 `list-groups-for-member`。
**AWS CLI**
**列出目錄的群組成員資格**
下列 `list-groups-for-member` 範例列出指定目錄中,指定之使用者的群組成員資格。
```
aws ds-data list-groups-for-member \
--directory-id d-1234567890 \
--sam-account-name 'john.doe'
```
輸出:
```
{
"Groups": [
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Users",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"MemberRealm": "corp.example.com",
"Realm": "corp.example.com"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListGroupsForMember](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-groups-for-member.html)。
### `list-groups`
以下程式碼範例顯示如何使用 `list-groups`。
**AWS CLI**
**列出目錄的群組**
下列 `list-groups` 範例列出指定目錄中的群組。
```
aws ds-data list-groups \
--directory-id d-1234567890
```
輸出:
```
{
"Groups": [
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Administrators",
"SID": "S-1-2-33-441"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Users",
"SID": "S-1-2-33-442"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Guests",
"SID": "S-1-2-33-443"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Print Operators",
"SID": "S-1-2-33-444"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Backup Operators",
"SID": "S-1-2-33-445"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Replicator",
"SID": "S-1-2-33-446"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Remote Desktop Users",
"SID": "S-1-2-33-447"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Network Configuration Operators",
"SID": "S-1-2-33-448"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Performance Monitor Users",
"SID": "S-1-2-33-449"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Performance Log Users",
"SID": "S-1-2-33-450"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Distributed COM Users",
"SID": "S-1-2-33-451"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "IIS_IUSRS",
"SID": "S-1-2-33-452"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Cryptographic Operators",
"SID": "S-1-2-33-453"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Event Log Readers",
"SID": "S-1-2-33-454"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Certificate Service DCOM Access",
"SID": "S-1-2-33-456"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "RDS Remote Access Servers",
"SID": "S-1-2-33-457"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "RDS Endpoint Servers",
"SID": "S-1-2-33-458"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "RDS Management Servers",
"SID": "S-1-2-33-459"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Hyper-V Administrators",
"SID": "S-1-2-33-460"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Access Control Assistance Operators",
"SID": "S-1-2-33-461"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Remote Management Users",
"SID": "S-1-2-33-462"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Storage Replica Administrators",
"SID": "S-1-2-33-463"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Computers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-789"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-790"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Schema Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-791"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Enterprise Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-792"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Cert Publishers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-793"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-794"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Users",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-795"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Domain Guests",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-796"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Group Policy Creator Owners",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-797"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "RAS and IAS Servers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-798"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Server Operators",
"SID": "S-1-2-33-464"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Account Operators",
"SID": "S-1-2-33-465"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Pre-Windows 2000 Compatible Access",
"SID": "S-1-2-33-466"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Incoming Forest Trust Builders",
"SID": "S-1-2-33-467"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Windows Authorization Access Group",
"SID": "S-1-2-33-468"
},
{
"GroupScope": "BuiltinLocal",
"GroupType": "Security",
"SAMAccountName": "Terminal Server License Servers",
"SID": "S-1-2-33-469"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Allowed RODC Password Replication Group",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-798"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Denied RODC Password Replication Group",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-799"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Read-only Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-800"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Enterprise Read-only Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-801"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Cloneable Domain Controllers",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-802"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Protected Users",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-803"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Key Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-804"
},
{
"GroupScope": "Universal",
"GroupType": "Security",
"SAMAccountName": "Enterprise Key Admins",
"SID": "S-1-2-34-56789123456-7891012345-6789123486-805"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "DnsAdmins",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "DnsUpdateProxy",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4568"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "Admins",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4569"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWSAdministrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4570"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Object Management Service Accounts",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4571"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Private CA Connector for AD Delegated Group",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4572"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Application and Service Delegated Group",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4573"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4574"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated FSx Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4575"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Account Operators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4576"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Active Directory Based Activation Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4577"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Allowed to Authenticate Objects",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4578"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Allowed to Authenticate to Domain Controllers",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4579"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Deleted Object Lifetime Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4580"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Distributed File System Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4581"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Dynamic Host Configuration Protocol Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4582"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Enterprise Certificate Authority Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4583"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Fine Grained Password Policy Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4584"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Group Policy Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4585"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Managed Service Account Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4586"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Read Foreign Security Principals",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4587"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Remote Access Service Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4588"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Replicate Directory Changes Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4588"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Sites and Services Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4589"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated System Management Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4590"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Terminal Server Licensing Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4591"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated User Principal Name Suffix Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4592"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Add Workstations To Domain Users",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4593"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Domain Name System Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4594"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Kerberos Delegation Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4595"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated Server Administrators",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4596"
},
{
"GroupScope": "DomainLocal",
"GroupType": "Security",
"SAMAccountName": "AWS Delegated MS-NPRC Non-Compliant Devices",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4597"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Remote Access",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4598"
},
{
"GroupScope": "Global",
"GroupType": "Security",
"SAMAccountName": "Accounting",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4599"
},
{
"GroupScope": "Global",
"GroupType": "Distribution",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 群組的詳細資訊](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-groups.html)。
### `list-users`
以下程式碼範例顯示如何使用 `list-users`。
**AWS CLI**
**列出目錄的使用者**
下列 `list-users` 範例列出指定目錄中的使用者。
```
aws ds-data list-users \
--directory-id d-1234567890
```
輸出:
```
{
"Users": [
{
"Enabled": true,
"SAMAccountName": "Administrator",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-345"
},
{
"Enabled": false,
"SAMAccountName": "Guest",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-345"
},
{
"Enabled": false,
"SAMAccountName": "krbtgt",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-346"
},
{
"Enabled": true,
"SAMAccountName": "Admin",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-347"
},
{
"Enabled": true,
"SAMAccountName": "Richard Roe",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-348"
},
{
"Enabled": true,
"SAMAccountName": "Jane Doe",
"SID": "S-1-2-34-5678910123-4567895012-3456789012-349"
},
{
"Enabled": true,
"SAMAccountName": "AWS_WGnzYlN6YyY",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
},
{
"Enabled": true,
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4568"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ListUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/list-users.html)。
### `remove-group-member`
以下程式碼範例顯示如何使用 `remove-group-member`。
**AWS CLI**
**從目錄移除群組成員**
下列 `remove-group-member` 範例會從指定目錄中的指定群組,移除指定的群組成員。
```
aws ds-data remove-group-member \
--directory-id d-1234567890 \
--group-name 'sales' \
--member-name 'john.doe'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[將 AWS Managed Microsoft AD 成員新增至群組,並將群組新增至群組](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_add_remove_user_group.html)。
+ 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [RemoveGroupMember](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/remove-group-member.html)。
### `reset-user-password`
以下程式碼範例顯示如何使用 `reset-user-password`。
**AWS CLI**
**在目錄中重設使用者密碼**
下列 `reset-user-password` 範例會重設並啟用指定目錄中的指定使用者。
```
aws ds reset-user-password \
--directory-id d-1234567890 \
--user-name 'john.doe' \
--new-password 'password'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[重設和啟用 AWS Managed Microsoft AD 使用者的密碼](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_reset_user_pswd.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [ResetUserPassword](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/reset-user-password.html)。
### `search-groups`
以下程式碼範例顯示如何使用 `search-groups`。
**AWS CLI**
**在目錄中搜尋群組**
下列 `search-groups` 範例會搜尋指定目錄中的指定群組。
```
aws ds-data search-groups \
--directory-id d-1234567890 \
--search-attributes 'SamAccountName' \
--search-string 'sales'
```
輸出:
```
{
"Groups": [
{
"GroupScope": "Global",
"GroupType": "Distribution",
"SAMAccountName": "sales",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 群組的詳細資訊](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SearchGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/search-groups.html)。
### `search-users`
以下程式碼範例顯示如何使用 `search-users`。
**AWS CLI**
**在目錄中搜尋使用者**
下列 `search-users` 範例會在指定的目錄中搜尋指定的使用者。
```
aws ds-data search-users \
--directory-id d-1234567890 \
--search-attributes 'SamAccountName' \
--Search-string 'john.doe'
```
輸出:
```
{
"Users": [
{
"Enabled": true,
"SAMAccountName": "john.doe",
"SID": "S-1-2-34-5678901234-5678901234-5678910123-4567"
}
],
"DirectoryId": "d-1234567890",
"Realm": "corp.example.com"
}
```
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [SearchUsers](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/search-users.html)。
### `update-group`
以下程式碼範例顯示如何使用 `update-group`。
**AWS CLI**
**在目錄中更新群組的屬性**
下列 `update-group` 範例會更新指定目錄中指定群組的指定屬性。
```
aws ds-data update-group \
--directory-id d-1234567890 \
--sam-account-name 'sales' \
--update-type 'REPLACE' \
--group-type 'Distribution'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 群組的詳細資訊](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_group.html)。
+ 如需 API 詳細資訊,請參閱《*AWS CLI 命令參考*》中的 [UpdateGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/update-group.html)。
### `update-user`
以下程式碼範例顯示如何使用 `update-user`。
**AWS CLI**
**更新在目錄中的使用者屬性**
下列 `update-user` 範例會更新指定目錄中指定使用者的指定屬性。
```
aws ds-data update-user \
--directory-id d-1234567890 \
--sam-account-name 'john.doe' \
--update-type 'ADD' \
--email-address 'example.corp.com'
```
此命令不會產生輸出。
如需詳細資訊,請參閱《 *AWS Directory Service 管理指南*》中的[檢視和更新 AWS Managed Microsoft AD 使用者](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ms_ad_view_update_user.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [UpdateUser](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/directory-service-data/update-user.html)。