Module Awso_ds_syncSource

OS version that the directory needs to be updated to.

Contains the configuration values for a hybrid directory update, including Amazon Web Services System Manager managed node and DNS information.

Contains information about the directory.

Contains information about a Remote Authentication Dial In User Service (RADIUS) server.

Contains information about a specific validation test performed during a directory assessment.

The value for a given type of UpdateSettings.

Contains VPC information for the CreateDirectory, CreateMicrosoftAD, or CreateHybridAD operation.

Contains detailed information about a specific update activity for a hybrid directory component.

Contains information about an AD Connector directory.

Describes the current hybrid directory configuration settings for a directory.

Contains the directory owner account details shared with the directory consumer account.

Provides information about the Regions that are configured for multi-Region replication.

Represents a named directory attribute.

The descriptive message for the exception.

The Amazon Web Services request identifier.

Contains information about the configurable settings for a directory.

Metadata assigned to a directory consisting of a key-value pair.

Information about a schema extension.

Represents a log subscription, which tracks real-time data from a chosen log group to a specified destination.

Information about one or more IP address blocks.

Contains general information about a certificate.

Contains summary information about a directory assessment, providing a high-level overview without detailed validation results.

An entry of update information related to a requested update type.

Describes a trust relationship between an Managed Microsoft AD directory and an external domain.

Describes a directory snapshot.

Details about the shared directory in the directory owner account for which the share request in the directory consumer account has been accepted.

Contains information about the specified configurable setting for a directory.

The replicated Region information for a directory.

Contains general information about the LDAPS settings.

Information about Amazon SNS topic and Directory Service directory associations.

Contains information about the domain controllers for a specified directory.

Contains information about an Directory Service directory.

Points to a remote domain with which you are setting up a trust relationship. Conditional forwarders are required in order to set up a trust relationship with another domain.

Contains information about a client authentication method for a directory.

Contains information about the client certificate authentication settings for the RegisterCertificate and DescribeCertificate operations.

Contains the results of validation tests performed against a specific domain controller during a directory assessment.

Contains the IP address block. This is often the address block of the DNS server used for your self-managed domain.

A client exception has occurred.

The specified entity could not be found.

One or more parameters are not valid.

An exception has occurred in Directory Service.

The operation is not supported.

The specified directory does not exist in the system.

The specified directory is unavailable.

The specified directory setting is not compatible with other settings.

The specified directory setting is not supported.

The maximum allowed number of domain controllers per directory was exceeded. The default limit per directory is 20 domain controllers.

A directory assessment is automatically created when you create a hybrid directory. There are two types of assessments: CUSTOMER and SYSTEM. Your Amazon Web Services account has a limit of 100 CUSTOMER directory assessments. If you attempt to create a hybrid directory; and you already have 100 CUSTOMER directory assessments;, you will encounter an error. Delete assessments to free up capacity before trying again. You can request an increase to your CUSTOMER directory assessment quota by contacting customer support or delete existing CUSTOMER directory assessments; to free up capacity.

Use to recover to the hybrid directory administrator account credentials.

Contains configuration settings for self-managed instances with SSM used in hybrid directory operations.

You do not have sufficient access to perform this action.

The directory is already updated to desired update type settings.

The maximum number of manual snapshots for the directory has been reached. You can use the GetSnapshotLimits operation to determine the snapshot limits for a directory.

Contains the directory size configuration for update operations.

Contains the network configuration for directory update operations.

The specified directory has not been shared with this Amazon Web Services account.

The specified shared target is not valid.

Identifier that contains details about the directory consumer account with whom the directory is being unshared.

Contains configuration parameters required to perform a directory assessment.

The specified directory has already been shared with this Amazon Web Services account.

Exception encountered while trying to access your Amazon Web Services organization.

The maximum number of Amazon Web Services accounts that you can share with this directory has been reached.

Identifier that contains details about the directory consumer account.

The new password provided by the user does not meet the password complexity requirements defined in your directory.

The user provided a username that does not exist in your directory.

The certificate has already been registered into the system.

The certificate could not be added because the certificate limit has been reached.

The certificate PEM that was provided has incorrect encoding.

The NextToken value is not valid.

Contains manual snapshot limit information for a directory.

Contains directory limit information for a Region.

An authentication error occurred.

The account does not have sufficient permission to perform the operation.

The specified entity already exists.

The LDAP activities could not be performed because they are limited by the LDAPS status.

Client authentication setup could not be completed because at least one valid certificate must be registered in the system.

Client authentication is already enabled.

An enable operation for CA enrollment policy is already in progress for this directory.

A disable operation for CA enrollment policy is already in progress for this directory.

Contains information about update activities for different components of a hybrid directory.

Information about the certificate.

The certificate is not present in the system for describe or deregister activities.

Contains detailed information about a directory assessment, including configuration parameters, status, and validation results.

The certificate is being used for the LDAP security connection and cannot be removed without disabling LDAP security.

The maximum number of directories in the region has been reached. You can use the GetDirectoryLimits operation to determine your directory limits in the region.

Contains information about a computer account in a directory.

Contains connection settings for creating an AD Connector with the ConnectDirectory action.

The maximum allowed number of tags was exceeded.

The Region you specified is the same Region where the Managed Microsoft AD directory was created. Specify a different Region and try again.

You have reached the limit for maximum number of simultaneous Region replications per directory.

The maximum allowed number of IP addresses was exceeded. The default limit is 100 IP address blocks.

Result of a VerifyTrust request.

Initiates the verification of an existing trust relationship between an Managed Microsoft AD directory and an external domain.

Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory.

Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory.

Updates the configurable settings for the specified directory.

Updates the configurable settings for the specified directory.

Contains the results of the UpdateRadius operation.

Contains the inputs for the UpdateRadius operation.

Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.

Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.

Updates the configuration of an existing hybrid directory. You can recover hybrid directory administrator account or modify self-managed instance settings. Updates are applied asynchronously. Use DescribeHybridADUpdate to monitor the progress of configuration changes. The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410]. You must provide at least one update to UpdateHybridADRequest$HybridAdministratorAccountUpdate or UpdateHybridADRequest$SelfManagedInstancesSettings.

Updates the configuration of an existing hybrid directory. You can recover hybrid directory administrator account or modify self-managed instance settings. Updates are applied asynchronously. Use DescribeHybridADUpdate to monitor the progress of configuration changes. The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410]. You must provide at least one update to UpdateHybridADRequest$HybridAdministratorAccountUpdate or UpdateHybridADRequest$SelfManagedInstancesSettings.

Updates directory configuration for the specified update type.

Updates directory configuration for the specified update type.

The result of an UpdateConditionalForwarder request.

Updates a conditional forwarder.

Stops the directory sharing between the directory owner and consumer accounts.

Stops the directory sharing between the directory owner and consumer accounts.

Applies a schema extension to a Microsoft AD directory.

Applies a schema extension to a Microsoft AD directory.

Initiates a directory assessment to validate your self-managed AD environment for hybrid domain join. The assessment checks compatibility and connectivity of the self-managed AD environment. A directory assessment is automatically created when you create a hybrid directory. There are two types of assessments: CUSTOMER and SYSTEM. Your Amazon Web Services account has a limit of 100 CUSTOMER directory assessments. The assessment process typically takes 30 minutes or more to complete. The assessment process is asynchronous and you can monitor it with DescribeADAssessment. The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410]. Note: You must provide exactly one DirectoryId or AssessmentConfiguration.

Initiates a directory assessment to validate your self-managed AD environment for hybrid domain join. The assessment checks compatibility and connectivity of the self-managed AD environment. A directory assessment is automatically created when you create a hybrid directory. There are two types of assessments: CUSTOMER and SYSTEM. Your Amazon Web Services account has a limit of 100 CUSTOMER directory assessments. The assessment process typically takes 30 minutes or more to complete. The assessment process is asynchronous and you can monitor it with DescribeADAssessment. The InstanceIds must have a one-to-one correspondence with CustomerDnsIps, meaning that if the IP address for instance i-10243410 is 10.24.34.100 and the IP address for instance i-10243420 is 10.24.34.200, then the input arrays must maintain the same order relationship, either [10.24.34.100, 10.24.34.200] paired with [i-10243410, i-10243420] or [10.24.34.200, 10.24.34.100] paired with [i-10243420, i-10243410]. Note: You must provide exactly one DirectoryId or AssessmentConfiguration.

Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer). With this operation you can use your directory from any Amazon Web Services account and from any Amazon VPC within an Amazon Web Services Region. When you share your Managed Microsoft AD directory, Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account. The ShareMethod parameter determines whether the specified directory can be shared between Amazon Web Services accounts inside the same Amazon Web Services organization (ORGANIZATIONS). It also determines whether you can share the directory with any other Amazon Web Services account either inside or outside of the organization (HANDSHAKE). The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer.

Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer). With this operation you can use your directory from any Amazon Web Services account and from any Amazon VPC within an Amazon Web Services Region. When you share your Managed Microsoft AD directory, Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account. The ShareMethod parameter determines whether the specified directory can be shared between Amazon Web Services accounts inside the same Amazon Web Services organization (ORGANIZATIONS). It also determines whether you can share the directory with any other Amazon Web Services account either inside or outside of the organization (HANDSHAKE). The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer.

Contains the results of the RestoreFromSnapshot operation.

An object representing the inputs for the RestoreFromSnapshot operation.

Resets the password for any user in your Managed Microsoft AD or Simple AD directory. Disabled users will become enabled and can be authenticated following the API call. You can reset the password for any user in your directory with the following exceptions: For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user. For Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the Amazon Web Services Reserved OU. For more information about the OU structure for an Managed Microsoft AD directory, see What Gets Created in the Directory Service Administration Guide.

Resets the password for any user in your Managed Microsoft AD or Simple AD directory. Disabled users will become enabled and can be authenticated following the API call. You can reset the password for any user in your directory with the following exceptions: For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user. For Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the Amazon Web Services Reserved OU. For more information about the OU structure for an Managed Microsoft AD directory, see What Gets Created in the Directory Service Administration Guide.

Removes tags from a directory.

Removes tags from a directory.

Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation. Instead, use the DeleteDirectory API.

Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation. Instead, use the DeleteDirectory API.

Removes IP address blocks from a directory.

Removes IP address blocks from a directory.

Rejects a directory sharing request that was sent from the directory owner account.

Rejects a directory sharing request that was sent from the directory owner account.

The result of a RegisterEventTopic request.

Registers a new event topic.

Registers a certificate for a secure LDAP or client certificate authentication.

Registers a certificate for a secure LDAP or client certificate authentication.

Lists all tags on a directory.

Lists all tags on a directory.

Lists all schema extensions applied to a Microsoft AD Directory.

Lists all schema extensions applied to a Microsoft AD Directory.

Lists the active log subscriptions for the Amazon Web Services account.

Lists the active log subscriptions for the Amazon Web Services account.

Lists the address blocks that you have added to a directory.

Lists the address blocks that you have added to a directory.

For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication.

For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication.

Retrieves a list of directory assessments for the specified directory or all assessments in your account. Use this operation to monitor assessment status and manage multiple assessments.

Retrieves a list of directory assessments for the specified directory or all assessments in your account. Use this operation to monitor assessment status and manage multiple assessments.

Contains the results of the GetSnapshotLimits operation.

Contains the inputs for the GetSnapshotLimits operation.

Contains the results of the GetDirectoryLimits operation.

Contains the inputs for the GetDirectoryLimits operation.

Contains the results of the EnableSso operation.

Contains the inputs for the EnableSso operation.

Contains the results of the EnableRadius operation.

Contains the inputs for the EnableRadius operation.

Activates the switch for the specific directory to always use LDAP secure calls.

Activates the switch for the specific directory to always use LDAP secure calls.

Enables access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference.

Enables access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference.

Enables alternative client authentication methods for the specified directory.

Enables alternative client authentication methods for the specified directory.

Contains the results of the EnableCAEnrollmentPolicy operation.

Contains the inputs for the EnableCAEnrollmentPolicy operation.

Contains the results of the DisableSso operation.

Contains the inputs for the DisableSso operation.

Contains the results of the DisableRadius operation.

Contains the inputs for the DisableRadius operation.

Deactivates LDAP secure calls for the specified directory.

Deactivates LDAP secure calls for the specified directory.

Deactivates access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference.

Deactivates access to directory data via the Directory Service Data API for the specified directory. For more information, see Directory Service Data API Reference.

Disables alternative client authentication methods for the specified directory.

Disables alternative client authentication methods for the specified directory.

Contains the results of the DisableCAEnrollmentPolicy operation.

Contains the inputs for the DisableCAEnrollmentPolicy operation.

Describes the updates of a directory for a particular update type.

Describes the updates of a directory for a particular update type.

The result of a DescribeTrust request.

Describes the trust relationships for a particular Managed Microsoft AD directory. If no input parameters are provided, such as directory ID or trust ID, this request describes all the trust relationships.

Contains the results of the DescribeSnapshots operation.

Contains the inputs for the DescribeSnapshots operation.

Returns the shared directories in your account.

Returns the shared directories in your account.

Retrieves information about the configurable settings for the specified directory.

Retrieves information about the configurable settings for the specified directory.

Provides information about the Regions that are configured for multi-Region replication.

Provides information about the Regions that are configured for multi-Region replication.

Describes the status of LDAP security for the specified directory.

Describes the status of LDAP security for the specified directory.

Retrieves information about update activities for a hybrid directory. This operation provides details about configuration changes, administrator account updates, and self-managed instance settings (IDs and DNS IPs).

Retrieves information about update activities for a hybrid directory. This operation provides details about configuration changes, administrator account updates, and self-managed instance settings (IDs and DNS IPs).

The result of a DescribeEventTopic request.

Describes event topics.

Provides information about any domain controllers in your directory.

Provides information about any domain controllers in your directory.

Obtains status of directory data access enablement through the Directory Service Data API for the specified directory.

Obtains status of directory data access enablement through the Directory Service Data API for the specified directory.

Contains the results of the DescribeDirectories operation.

Contains the inputs for the DescribeDirectories operation.

The result of a DescribeConditionalForwarder request.

Describes a conditional forwarder.

Retrieves information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported.

Retrieves information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported.

Displays information about the certificate registered for secure LDAP or client certificate authentication.

Displays information about the certificate registered for secure LDAP or client certificate authentication.

Contains the results of the DescribeCAEnrollmentPolicy operation.

Contains the inputs for the DescribeCAEnrollmentPolicy operation.

Retrieves detailed information about a directory assessment, including its current status, validation results, and configuration details. Use this operation to monitor assessment progress and review results.

Retrieves detailed information about a directory assessment, including its current status, validation results, and configuration details. Use this operation to monitor assessment progress and review results.

The result of a DeregisterEventTopic request.

Removes the specified directory as a publisher to the specified Amazon SNS topic.

Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication.

Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication.

The result of a DeleteTrust request.

Deletes the local side of an existing trust relationship between the Managed Microsoft AD directory and the external domain.

Contains the results of the DeleteSnapshot operation.

Contains the inputs for the DeleteSnapshot operation.

Deletes the specified log subscription.

Deletes the specified log subscription.

Contains the results of the DeleteDirectory operation.

Contains the inputs for the DeleteDirectory operation.

The result of a DeleteConditionalForwarder request.

Deletes a conditional forwarder.

Deletes a directory assessment and all associated data. This operation permanently removes the assessment results, validation reports, and configuration information. You cannot delete system-initiated assessments. You can delete customer-created assessments even if they are in progress.

Deletes a directory assessment and all associated data. This operation permanently removes the assessment results, validation reports, and configuration information. You cannot delete system-initiated assessments. You can delete customer-created assessments even if they are in progress.

The result of a CreateTrust request.

Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials. This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain.

Contains the results of the CreateSnapshot operation.

Contains the inputs for the CreateSnapshot operation.

Result of a CreateMicrosoftAD request.

Creates an Managed Microsoft AD directory.

Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account.

Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account.

Creates a hybrid directory that connects your self-managed Active Directory (AD) infrastructure and Amazon Web Services. You must have a successful directory assessment using StartADAssessment to validate your environment compatibility before you use this operation. Updates are applied asynchronously. Use DescribeDirectories to monitor the progress of directory creation.

Creates a hybrid directory that connects your self-managed Active Directory (AD) infrastructure and Amazon Web Services. You must have a successful directory assessment using StartADAssessment to validate your environment compatibility before you use this operation. Updates are applied asynchronously. Use DescribeDirectories to monitor the progress of directory creation.

Contains the results of the CreateDirectory operation.

Contains the inputs for the CreateDirectory operation.

The result of a CreateConditinalForwarder request.

Initiates the creation of a conditional forwarder for your Directory Service for Microsoft Active Directory. Conditional forwarders are required in order to set up a trust relationship with another domain.

Contains the results for the CreateComputer operation.

Contains the inputs for the CreateComputer operation.

Contains the results of the CreateAlias operation.

Contains the inputs for the CreateAlias operation.

Contains the results of the ConnectDirectory operation.

Contains the inputs for the ConnectDirectory operation.

Cancels an in-progress schema extension to a Microsoft AD directory. Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; Initializing, CreatingSnapshot, and UpdatingSchema.

Cancels an in-progress schema extension to a Microsoft AD directory. Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; Initializing, CreatingSnapshot, and UpdatingSchema.

Adds or overwrites one or more tags for the specified directory. Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource.

Adds or overwrites one or more tags for the specified directory. Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource.

Adds two domain controllers in the specified Region for the specified directory.

Adds two domain controllers in the specified Region for the specified directory.

If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC. Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.

If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC. Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.

Accepts a directory sharing request that was sent from the directory owner account.

Accepts a directory sharing request that was sent from the directory owner account.