A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.

Identifier of the Managed Microsoft AD directory that you want to share with other Amazon Web Services accounts.

Identifier for the directory consumer account with whom the directory is to be shared.

The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization (ORGANIZATIONS) or with any Amazon Web Services account by sending a directory sharing request (HANDSHAKE).

Identifier of the directory that is stored in the directory consumer account that is shared from the specified directory (DirectoryId).

The response's http status code.

Identifier of the directory to which the domain controllers will be added or removed.

The number of domain controllers desired in the directory.

The response's http status code.

The fully qualified domain names (FQDN) of the remote domains for which to get the list of associated conditional forwarders. If this member is null, all conditional forwarders are returned.

The directory ID for which to get the list of associated conditional forwarders.

The list of conditional forwarders that have been created.

The response's http status code.

Contains the identifier of the directory to obtain the limits for.

A SnapshotLimits object that contains the manual snapshot limits for the specified directory.

The response's http status code.

The Directory ID that will publish status messages to the Amazon SNS topic.

The Amazon SNS topic name to which the directory will publish status messages. This Amazon SNS topic must be in the same region as the specified Directory ID.

The response's http status code.

A ClientCertAuthSettings object that contains client certificate authentication settings.

The function that the registered certificate performs. Valid values include ClientLDAPS or ClientCertAuth. The default value is ClientLDAPS.

The identifier of the directory.

The certificate PEM string that needs to be registered.

The identifier of the certificate.

The response's http status code.

The NetBIOS name of your self-managed directory, such as CORP.

A description for the directory.

The tags to be assigned to AD Connector.

The fully qualified name of your self-managed directory, such as corp.example.com.

The password for your self-managed user account.

The size of the directory.

A DirectoryConnectSettings object that contains additional information for the operation.

The identifier of the new directory.

The response's http status code.

The type of next token used for pagination.

Specifies the number of items that should be displayed on one page.

The type of LDAP security to enable. Currently only the value Client is supported.

The identifier of the directory.

Information about LDAP security for the specified directory, including status of enablement, state last updated date time, and the reason for the state.

The next token used to retrieve the LDAPS settings if the number of setting types exceeds page limit and there is another page.

The response's http status code.

The identifier of the directory for which to create the alias.

The requested alias.

The alias must be unique amongst all aliases in Amazon Web Services. This operation throws an EntityAlreadyExistsException error if the alias already exists.

The identifier of the directory.

The alias for the directory.

The response's http status code.

The DescribeDirectoriesResult.NextToken value from a previous call to DescribeDirectories. Pass null if this is the first call.

A list of identifiers of the directories for which to obtain the information. If this member is null, all directories that belong to the current account are returned.

An empty list results in an InvalidParameterException being thrown.

The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.

The list of DirectoryDescription objects that were retrieved.

It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeDirectories to retrieve the next set of items.

The response's http status code.

If set to true, updates the inbound and outbound rules of the security group that has the description: "Amazon Web Services created security group for directory ID directory controllers." Following are the new rules:

Inbound:

• Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: 0.0.0.0/0
• Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: 0.0.0.0/0
• Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: 0.0.0.0/0
• Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: 0.0.0.0/0
• Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: 0.0.0.0/0
• Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: 0.0.0.0/0
• Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: 0.0.0.0/0
• Type: DNS (UDP), Protocol: UDP, Range: 53, Source: 0.0.0.0/0
• Type: DNS (TCP), Protocol: TCP, Range: 53, Source: 0.0.0.0/0
• Type: LDAP, Protocol: TCP, Range: 389, Source: 0.0.0.0/0
• Type: All ICMP, Protocol: All, Range: N/A, Source: 0.0.0.0/0

Outbound:

• Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0

These security rules impact an internal network interface that is not exposed publicly.

Identifier (ID) of the directory to which to add the address block.

IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your self-managed domain.

The response's http status code.

Reserved for future use.

Reserved for future use.

Identifier (ID) of the directory for which you want to retrieve tags.

Reserved for future use.

List of tags returned by the ListTagsForResource operation.

The response's http status code.

The Directory ID of the Amazon Web Services directory that is a part of the requested trust relationship.

The DescribeTrustsResult.NextToken value from a previous call to DescribeTrusts. Pass null if this is the first call.

A list of identifiers of the trust relationships for which to obtain the information. If this member is null, all trust relationships that belong to the current account are returned.

An empty list results in an InvalidParameterException being thrown.

The maximum number of objects to return.

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeTrusts to retrieve the next set of items.

The list of Trust objects that were retrieved.

It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.

The response's http status code.

Delete a conditional forwarder as part of a DeleteTrustRequest.

The Trust ID of the trust relationship to be deleted.

The Trust ID of the trust relationship that was deleted.

The response's http status code.

Updates selective authentication for the trust.

Identifier of the trust relationship.

Undocumented member.

Identifier of the trust relationship.

The response's http status code.

Managed Microsoft AD is available in two editions: Standard and Enterprise. Enterprise is the default.

The NetBIOS name for your domain, such as CORP. If you don't specify a NetBIOS name, it will default to the first part of your directory DNS. For example, CORP for the directory DNS corp.example.com.

A description for the directory. This label will appear on the Amazon Web Services console Directory Details page after the directory is created.

The tags to be assigned to the Managed Microsoft AD directory.

The fully qualified domain name for the Managed Microsoft AD directory, such as corp.example.com. This name will resolve inside your VPC only. It does not need to be publicly resolvable.

The password for the default administrative user named Admin.

If you need to change the password for the administrator account, you can use the ResetUserPassword API call.

Contains VPC information for the CreateDirectory or CreateMicrosoftAD operation.

The identifier of the directory that was created.

The response's http status code.

The identifier of the directory

The type of client authentication to disable. Currently, only the parameter, SmartCard is supported.

The response's http status code.

The Directory ID to remove as a publisher. This directory will no longer send messages to the specified Amazon SNS topic.

The name of the Amazon SNS topic from which to remove the directory as a publisher.

The response's http status code.

The NetBIOS name of the directory, such as CORP.

A DirectoryVpcSettings object that contains additional information for the operation.

A description for the directory.

The tags to be assigned to the Simple AD directory.

The fully qualified name for the directory, such as corp.example.com.

The password for the directory administrator. The directory creation process creates a directory administrator account with the user name Administrator and this password.

If you need to change the password for the administrator account, you can use the ResetUserPassword API call.

The regex pattern for this string is made up of the following conditions:

• Length (?=^.{8,64}$) – Must be between 8 and 64 characters

AND any 3 of the following password complexity rules required by Active Directory:

• Numbers and upper case and lowercase (?=.*\d)(?=.*[A-Z])(?=.*[a-z])
• Numbers and special characters and lower case (?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])
• Special characters and upper case and lower case (?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])
• Numbers and upper case and special characters (?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s])

For additional information about how Active Directory passwords are enforced, see Password must meet complexity requirements on the Microsoft website.

The size of the directory.

The identifier of the directory that was created.

The response's http status code.

Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.

The shared directory in the directory consumer account.

The response's http status code.

Identifier of the directory to which you want to subscribe and receive real-time logs to your specified CloudWatch log group.

The name of the CloudWatch log group where the real-time domain controller logs are forwarded.

The response's http status code.

Identifier (ID) of the directory from which to remove the tag.

The tag key (name) of the tag to be removed.

The response's http status code.

The Directory ID for which to get the list of associated Amazon SNS topics. If this member is null, associations for all Directory IDs are returned.

A list of Amazon SNS topic names for which to obtain the information. If this member is null, all associations for the specified Directory ID are returned.

An empty list results in an InvalidParameterException being thrown.

A list of Amazon SNS topic names that receive status messages from the specified Directory ID.

The response's http status code.

Identifier of the Managed Microsoft AD or Simple AD directory in which the user resides.

The user name of the user whose password will be reset.

The new password that will be reset.

The response's http status code.

The directory ID of the Amazon Web Services directory for which to update the conditional forwarder.

The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.

The updated IP addresses of the remote DNS server associated with the conditional forwarder.

The response's http status code.

The directory ID for which you are deleting the conditional forwarder.

The fully qualified domain name (FQDN) of the remote domain with which you are deleting the conditional forwarder.

The response's http status code.

The identifier of the directory.

The type of LDAP security to enable. Currently only the value Client is supported.

The response's http status code.

Identifier of the directory whose log subscription you want to delete.

The response's http status code.

The username of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. This account must have privileges to add a service principal name.

If the AD Connector service account does not have privileges to add a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to enable single sign-on and are not stored by the service. The AD Connector service account is not changed.

The password of an alternate account to use to enable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.

The identifier of the directory for which to enable single-sign on.

The response's http status code.

The identifier of the directory whose schema extension will be canceled.

The identifier of the schema extension that will be canceled.

The response's http status code.

If a DirectoryID is provided, lists only the log subscription associated with that directory. If no DirectoryId is provided, lists all log subscriptions associated with your Amazon Web Services account. If there are no log subscriptions for the Amazon Web Services account or the directory, an empty list will be returned.

The token for the next set of items to return.

The maximum number of items returned.

The token for the next set of items to return.

A list of active LogSubscription objects for calling the Amazon Web Services account.

The response's http status code.

The identifier of the directory for which to enable MFA.

A RadiusSettings object that contains information about the RADIUS server.

The response's http status code.

The ListIpRoutes.NextToken value from a previous call to ListIpRoutes. Pass null if this is the first call.

Maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.

Identifier (ID) of the directory for which you want to retrieve the IP addresses.

A list of IpRoutes.

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to ListIpRoutes to retrieve the next set of items.

The response's http status code.

Identifier (ID) for the directory to which to add the tag.

The tags to be assigned to the directory.

The response's http status code.

The DescribeClientAuthenticationSettingsResult.NextToken value from a previous call to DescribeClientAuthenticationSettings. Pass null if this is the first call.

The maximum number of items to return. If this value is zero, the maximum number of items is specified by the limitations of the operation.

The type of client authentication for which to retrieve information. If no type is specified, a list of all client authentication types that are supported for the specified directory is retrieved.

The identifier of the directory for which to retrieve information.

The next token used to retrieve the client authentication settings if the number of setting types exceeds page limit and there is another page.

Information about the type of client authentication for the specified directory. The following information is retrieved: The date and time when the status of the client authentication type was last updated, whether the client authentication type is enabled or disabled, and the type of client authentication.

The response's http status code.

The ListSchemaExtensions.NextToken value from a previous call to ListSchemaExtensions. Pass null if this is the first call.

The maximum number of items to return.

The identifier of the directory from which to retrieve the schema extension information.

Information about the schema extensions applied to the directory.

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to ListSchemaExtensions to retrieve the next set of items.

The response's http status code.

The identifier of the directory for which to disable MFA.

The response's http status code.

A token for requesting another page of certificates if the NextToken response element indicates that more certificates are available. Use the value of the returned NextToken element in your request until the token comes back as null. Pass null if this is the first call.

The number of items that should show up on one page

The identifier of the directory.

Indicates whether another page of certificates is available when the number of available certificates exceeds the page limit.

A list of certificates with basic details including certificate ID, certificate common name, certificate state.

The response's http status code.

Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.

Identifier of the shared directory in the directory consumer account.

The response's http status code.

The identifier of the Managed Microsoft AD directory that you want to stop sharing.

Identifier for the directory consumer account with whom the directory has to be unshared.

Identifier of the directory stored in the directory consumer account that is to be unshared from the specified directory (DirectoryId).

The response's http status code.

The identifier of the snapshot to restore from.

The response's http status code.

The DescribeDomainControllers.NextToken value from a previous call to DescribeDomainControllers. Pass null if this is the first call.

A list of identifiers for the domain controllers whose information will be provided.

The maximum number of items to return.

Identifier of the directory for which to retrieve the domain controller information.

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeDomainControllers retrieve the next set of items.

List of the DomainController objects that were retrieved.

The response's http status code.

The identifier of the directory for which to retrieve snapshot information.

The DescribeSnapshotsResult.NextToken value from a previous call to DescribeSnapshots. Pass null if this is the first call.

A list of identifiers of the snapshots to obtain the information for. If this member is null or empty, all snapshots are returned using the Limit and NextToken members.

The maximum number of objects to return.

If not null, more results are available. Pass this value in the NextToken member of a subsequent call to DescribeSnapshots.

The list of Snapshot objects that were retrieved.

It is possible that this list contains less than the number of items specified in the Limit member of the request. This occurs if there are less than the requested number of items left to retrieve, or if the limitations of the operation have been exceeded.

The response's http status code.

Identifier (ID) of the directory from which you want to remove the IP addresses.

IP address blocks that you want to remove.

The response's http status code.

The identifier of the directory snapshot to be deleted.

The identifier of the directory snapshot that was deleted.

The response's http status code.

The identifier of the directory.

The identifier of the certificate.

The response's http status code.

The identifier of the directory for which the schema extension will be applied to.

If true, creates a snapshot of the directory before applying the schema extension.

The LDIF file represented as a string. To construct the LdifContent string, precede each line as it would be formatted in an ldif file with \n. See the example request below for more details. The file size can be no larger than 1MB.

A description of the schema extension.

The identifier of the schema extension that will be applied.

The response's http status code.

The IP addresses of the remote DNS server associated with RemoteDomainName.

The trust relationship type. Forest is the default.

Optional parameter to enable selective authentication for the trust.

The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship.

The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.

The trust password. The must be the same password that was used when creating the trust relationship on the external domain.

The direction of the trust relationship.

A unique identifier for the trust relationship that was created.

The response's http status code.

The identifier of the directory to delete.

The directory identifier.

The response's http status code.

The descriptive name to apply to the snapshot.

The identifier of the directory of which to take a snapshot.

The identifier of the snapshot that was created.

The response's http status code.

The identifier of the directory.

The identifier of the certificate.

Information about the certificate, including registered date time, certificate state, the reason for the state, expiration date time, and certificate common name.

The response's http status code.

The identifier of the specified directory.

The type of client authentication to enable. Currently only the value SmartCard is supported. Smart card authentication in AD Connector requires that you enable Kerberos Constrained Delegation for the Service User to the LDAP service in your self-managed AD.

The response's http status code.

An array of Attribute objects that contain any LDAP attributes to apply to the computer account.

The fully-qualified distinguished name of the organizational unit to place the computer account in.

The identifier of the directory in which to create the computer account.

The name of the computer account.

A one-time password that is used to join the computer to the directory. You should generate a random, strong password to use for this parameter.

A Computer object that represents the computer account.

The response's http status code.

A list of identifiers of all shared directories in your account.

The DescribeSharedDirectoriesResult.NextToken value from a previous call to DescribeSharedDirectories. Pass null if this is the first call.

The number of shared directories to return in the response object.

Returns the identifier of the directory in the directory owner account.

A list of all shared directories in your account.

If not null, token that indicates that more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeSharedDirectories to retrieve the next set of items.

The response's http status code.

The identifier of the directory.

The type of LDAP security to enable. Currently only the value Client is supported.

The response's http status code.

The username of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. This account must have privileges to remove a service principal name.

If the AD Connector service account does not have privileges to remove a service principal name, you can specify an alternate account with the UserName and Password parameters. These credentials are only used to disable single sign-on and are not stored by the service. The AD Connector service account is not changed.

The password of an alternate account to use to disable single-sign on. This is only used for AD Connector directories. For more information, see the UserName parameter.

The identifier of the directory for which to disable single-sign on.

The response's http status code.

The unique Trust ID of the trust relationship to verify.

The unique Trust ID of the trust relationship that was verified.

The response's http status code.

The identifier of the directory for which you want to remove Region replication.

The response's http status code.

The directory ID of the Amazon Web Services directory for which you are creating the conditional forwarder.

The fully qualified domain name (FQDN) of the remote domain with which you will set up a trust relationship.

The IP addresses of the remote DNS server associated with RemoteDomainName.

The response's http status code.

The name of the Region. For example, us-east-1.

The DescribeRegionsResult.NextToken value from a previous call to DescribeRegions. Pass null if this is the first call.

The identifier of the directory.

If not null, more results are available. Pass this value for the NextToken parameter in a subsequent call to DescribeRegions to retrieve the next set of items.

List of Region information related to the directory for each replicated Region.

The response's http status code.

The identifier of the directory to which you want to add Region replication.

The name of the Region where you want to add domain controllers for replication. For example, us-east-1.

Undocumented member.

The response's http status code.

A DirectoryLimits object that contains the directory limits for the current Region.

The response's http status code.

The identifier of the directory for which to update the RADIUS server information.

A RadiusSettings object that contains information about the RADIUS server.

The response's http status code.

The value of the attribute.

The name of the attribute.

A ClientCertAuthSettings object that contains client certificate authentication settings.

The state of the certificate.

The common name for the certificate.

The identifier of the certificate.

The date and time when the certificate will expire.

The date and time that the certificate was registered.

The function that the registered certificate performs. Valid values include ClientLDAPS or ClientCertAuth. The default value is ClientLDAPS.

Describes a state change for the certificate.

The state of the certificate.

The common name for the certificate.

The identifier of the certificate.

The date and time when the certificate will expire.

The function that the registered certificate performs. Valid values include ClientLDAPS or ClientCertAuth. The default value is ClientLDAPS.

Whether the client authentication type is enabled or disabled for the specified directory.

The date and time when the status of the client authentication type was last updated.

The type of client authentication for the specified directory. If no type is specified, a list of all client authentication types that are supported for the directory is retrieved.

Specifies the URL of the default OCSP server used to check for revocation status. A secondary value to any OCSP address found in the AIA extension of the user certificate.

The identifier of the computer.

An array of Attribute objects containing the LDAP attributes that belong to the computer account.

The computer name.

The IP addresses of the remote DNS server associated with RemoteDomainName. This is the IP address of the DNS server that your conditional forwarder points to.

The fully qualified domain name (FQDN) of the remote domains pointed to by the conditional forwarder.

The replication scope of the conditional forwarder. The only allowed value is Domain, which will replicate the conditional forwarder to all of the domain controllers for your Amazon Web Services directory.

The identifier of the VPC in which the AD Connector is created.

A list of subnet identifiers in the VPC in which the AD Connector is created.

A list of one or more IP addresses of DNS servers or domain controllers in your self-managed directory.

The user name of an account in your self-managed directory that is used to connect to the directory. This account must have the following permissions:

• Read users and groups
• Create computer objects
• Join computers to the domain

The user name of the service account in your self-managed directory.

A list of subnet identifiers in the VPC that the AD Connector is in.

The identifier of the VPC that the AD Connector is in.

The security group identifier for the AD Connector directory.

The IP addresses of the AD Connector servers.

A list of the Availability Zones that the directory is in.

The edition associated with this directory.

The status of the RADIUS MFA server connection.

The current stage of the directory.

The directory identifier.

The access URL for the directory, such as http://<alias>.awsapps.com. If no alias has been created for the directory, <alias> is the directory identifier, such as d-XXXXXXXXXX.

The short name of the directory.

Lists the Regions where the directory has replicated.

The directory size.

The desired number of domain controllers in the directory if the directory is Microsoft AD.

A RadiusSettings object that contains information about the RADIUS server configured for this directory.

Specifies when the directory was created.

The alias for the directory. If no alias has been created for the directory, the alias is the directory identifier, such as d-XXXXXXXXXX.

Current directory status of the shared Managed Microsoft AD directory.

The fully qualified name of the directory.

The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization (ORGANIZATIONS) or with any Amazon Web Services account by sending a shared directory request (HANDSHAKE).

The date and time that the stage was last updated.

Indicates if single sign-on is enabled for the directory. For more information, see EnableSso and DisableSso.

The IP addresses of the DNS servers for the directory. For a Simple AD or Microsoft AD directory, these are the IP addresses of the Simple AD or Microsoft AD directory servers. For an AD Connector directory, these are the IP addresses of the DNS servers or domain controllers in your self-managed directory to which the AD Connector is connected.

A DirectoryVpcSettingsDescription object that contains additional information about a directory. This member is only present if the directory is a Simple AD or Managed Microsoft AD directory.

The directory size.

Additional information about the directory stage.

A DirectoryConnectSettingsDescription object that contains additional information about an AD Connector directory. This member is only present if the directory is an AD Connector directory.

Describes the Managed Microsoft AD directory in the directory owner account.

The description for the directory.

A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.

The current number of connected directories in the Region.

Indicates if the Managed Microsoft AD directory limit has been reached.

The maximum number of connected directories allowed in the Region.

Indicates if the connected directory limit has been reached.

The maximum number of Managed Microsoft AD directories allowed in the region.

The maximum number of cloud directories allowed in the Region.

The current number of cloud directories in the Region.

Indicates if the cloud directory limit has been reached.

The current number of Managed Microsoft AD directories in the region.

The identifier of the VPC in which to create the directory.

The identifiers of the subnets for the directory servers. The two subnets must be in different Availability Zones. Directory Service creates a directory server and a DNS server in each of these subnets.

The identifiers of the subnets for the directory servers.

The identifier of the VPC that the directory is in.

The domain controller security group identifier for the directory.

The list of Availability Zones that the directory is in.

The status of the domain controller.

Identifier of the directory where the domain controller resides.

The identifier of the VPC that contains the domain controller.

Specifies when the domain controller was created.

Identifier of the subnet in the VPC that contains the domain controller.

The Availability Zone where the domain controller is located.

The date and time that the status was last updated.

A description of the domain controller state.

The IP address of the domain controller.

Identifies a specific domain controller in the directory.

The topic registration status.

The Directory ID of an Directory Service directory that will publish status messages to an Amazon SNS topic.

The name of an Amazon SNS topic the receives status messages from the directory.

The Amazon SNS topic ARN (Amazon Resource Name).

The date and time of when you associated your directory with the Amazon SNS topic.

IP address block using CIDR format, for example 10.0.0.0/24. This is often the address block of the DNS server used for your self-managed domain. For a single IP address use a CIDR address block with /32. For example 10.0.0.0/32.

Description of the address block.

Identifier (ID) of the directory associated with the IP addresses.

The reason for the IpRouteStatusMsg.

The date and time the address block was added to the directory.

IP address block in the IpRoute.

The status of the IP address block.

Description of the IpRouteInfo.

The date and time when the LDAPS settings were last updated.

Describes a state change for LDAPS.

The state of the LDAPS settings.

Identifier (ID) of the directory that you want to associate with the log subscription.

The name of the log group.

The date and time that the log subscription was created.

Information about the status of the RADIUS server.

Identifier of the Managed Microsoft AD directory in the directory owner account.

A RadiusSettings object that contains information about the RADIUS server.

Identifier of the directory owner account.

IP address of the directory’s domain controllers.

Information about the VPC settings for the directory.

Not currently used.

The maximum number of times that communication with the RADIUS server is attempted.

The protocol specified for your RADIUS endpoints.

An array of strings that contains the fully qualified domain name (FQDN) or IP addresses of the RADIUS server endpoints, or the FQDN or IP addresses of your RADIUS server load balancer.

Not currently used.

Required for enabling RADIUS on the directory.

The amount of time, in seconds, to wait for the RADIUS server to respond.

The port that your RADIUS server is using for communications. Your self-managed network must allow inbound traffic over this port from the Directory Service servers.

The status of the replication process for the specified Region.

The identifier of the directory.

The name of the Region. For example, us-east-1.

The desired number of domain controllers in the specified Region for the specified directory.

Specifies whether the Region is the primary Region or an additional Region.

Specifies when the Region replication began.

The date and time that the Region description was last updated.

The date and time that the Region status was last updated.

Undocumented member.

The Region where the Managed Microsoft AD directory was originally created.

Lists the Regions where the directory has been replicated, excluding the primary Region.

The identifier of the directory to which the schema extension is applied.

The identifier of the schema extension.

The reason for the SchemaExtensionStatus.

The current status of the schema extension.

A description of the schema extension.

The date and time that the schema extension was completed.

The date and time that the schema extension started being applied to the directory.

Identifier of the directory consumer account.

Type of identifier to be used in the Id field.

Identifier of the directory consumer account that has access to the shared directory (OwnerDirectoryId) in the directory owner account.

Identifier of the directory owner account, which contains the directory that has been shared to the consumer account.

The date and time that the shared directory was last updated.

Current directory status of the shared Managed Microsoft AD directory.

The method used when sharing a directory to determine whether the directory should be shared within your Amazon Web Services organization (ORGANIZATIONS) or with any Amazon Web Services account by sending a shared directory request (HANDSHAKE).

Identifier of the directory in the directory owner account.

Identifier of the shared directory in the directory consumer account. This identifier is different for each directory owner account.

A directory share request that is sent by the directory owner to the directory consumer. The request includes a typed message to help the directory consumer administrator determine whether to approve or reject the share invitation.

The date and time that the shared directory was created.

The snapshot status.

The directory identifier.

The date and time that the snapshot was taken.

The descriptive name of the snapshot.

The snapshot type.

The snapshot identifier.

Indicates if the manual snapshot limit has been reached.

The current number of manual snapshots of the directory.

The maximum number of manual snapshots allowed.

Required name of the tag. The string value can be Unicode characters and cannot be prefixed with "aws:". The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$").

The optional value of the tag. The string value can be Unicode characters. The string can contain only the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-]*)$").

The Directory ID of the Amazon Web Services directory involved in the trust relationship.

The trust relationship state.

The date and time that the trust relationship was last updated.

The trust relationship direction.

The date and time that the TrustState was last updated.

The trust relationship type. Forest is the default.

The reason for the TrustState.

Current state of selective authentication for the trust.

The Fully Qualified Domain Name (FQDN) of the external domain involved in the trust relationship.

The unique ID of the trust relationship.

The date and time that the trust relationship was created.

Identifier of the directory consumer account.

Type of identifier to be used in the Id field.