{"files":{"SKILL.md":"---\nname: aws-directory-service\ndescription: \"AWS Directory Service API skill. Use when working with AWS Directory Service for root. Covers 67 endpoints.\"\nversion: 1.0.0\ngenerator: lapsh\n---\n\n# AWS Directory Service\nAPI version: 2015-04-16\n\n## Auth\nAWS SigV4\n\n## Base URL\nNot specified.\n\n## Setup\n1. Configure auth: AWS SigV4\n2. Verify API access with a test request\n3. POST / -- create first resource\n\n## Endpoints\n67 endpoints across 1 group. See references/api-spec.lap for full details.\n\n### Root\n| Method | Path | Description |\n|--------|------|-------------|\n| POST | / | Accepts a directory sharing request that was sent from the directory owner account. |\n| POST | / | If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC.  Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. |\n| POST | / | Adds two domain controllers in the specified Region for the specified directory. |\n| POST | / | Adds or overwrites one or more tags for the specified directory. Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource. |\n| POST | / | Cancels an in-progress schema extension to a Microsoft AD directory. Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; Initializing, CreatingSnapshot, and UpdatingSchema. |\n| POST | / | Creates an AD Connector to connect to a self-managed directory. Before you call ConnectDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the ConnectDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. |\n| POST | / | Creates an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as http://.awsapps.com.  After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary. |\n| POST | / | Creates an Active Directory computer object in the specified directory. |\n| POST | / | Creates a conditional forwarder associated with your Amazon Web Services directory. Conditional forwarders are required in order to set up a trust relationship with another domain. The conditional forwarder points to the trusted domain. |\n| POST | / | Creates a Simple AD directory. For more information, see Simple Active Directory in the Directory Service Admin Guide. Before you call CreateDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. |\n| POST | / | Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account. |\n| POST | / | Creates a Microsoft AD directory in the Amazon Web Services Cloud. For more information, see Managed Microsoft AD in the Directory Service Admin Guide. Before you call CreateMicrosoftAD, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateMicrosoftAD operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. |\n| POST | / | Creates a snapshot of a Simple AD or Microsoft AD directory in the Amazon Web Services cloud.  You cannot take snapshots of AD Connector directories. |\n| POST | / | Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials. This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust. |\n| POST | / | Deletes a conditional forwarder that has been set up for your Amazon Web Services directory. |\n| POST | / | Deletes an Directory Service directory. Before you call DeleteDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the DeleteDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference. |\n| POST | / | Deletes the specified log subscription. |\n| POST | / | Deletes a directory snapshot. |\n| POST | / | Deletes an existing trust relationship between your Managed Microsoft AD directory and an external domain. |\n| POST | / | Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication. |\n| POST | / | Removes the specified directory as a publisher to the specified Amazon SNS topic. |\n| POST | / | Displays information about the certificate registered for secure LDAP or client certificate authentication. |\n| POST | / | Retrieves information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported. |\n| POST | / | Obtains information about the conditional forwarders for this account. If no input parameters are provided for RemoteDomainNames, this request describes all conditional forwarders for the specified directory ID. |\n| POST | / | Obtains information about the directories that belong to this account. You can retrieve information about specific directories by passing the directory identifiers in the DirectoryIds parameter. Otherwise, all directories that belong to the current account are returned. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeDirectoriesResult.NextToken member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items. You can also specify a maximum number of return results with the Limit parameter. |\n| POST | / | Provides information about any domain controllers in your directory. |\n| POST | / | Obtains information about which Amazon SNS topics receive status messages from the specified directory. If no input parameters are provided, such as DirectoryId or TopicName, this request describes all of the associations in the account. |\n| POST | / | Describes the status of LDAP security for the specified directory. |\n| POST | / | Provides information about the Regions that are configured for multi-Region replication. |\n| POST | / | Retrieves information about the configurable settings for the specified directory. |\n| POST | / | Returns the shared directories in your account. |\n| POST | / | Obtains information about the directory snapshots that belong to this account. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeSnapshots.NextToken member contains a token that you pass in the next call to DescribeSnapshots to retrieve the next set of items. You can also specify a maximum number of return results with the Limit parameter. |\n| POST | / | Obtains information about the trust relationships for this account. If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account. |\n| POST | / | Describes the updates of a directory for a particular update type. |\n| POST | / | Disables alternative client authentication methods for the specified directory. |\n| POST | / | Deactivates LDAP secure calls for the specified directory. |\n| POST | / | Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory. |\n| POST | / | Disables single-sign on for a directory. |\n| POST | / | Enables alternative client authentication methods for the specified directory. |\n| POST | / | Activates the switch for the specific directory to always use LDAP secure calls. |\n| POST | / | Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory. |\n| POST | / | Enables single sign-on for a directory. Single sign-on allows users in your directory to access certain Amazon Web Services services from a computer joined to the directory without having to enter their credentials separately. |\n| POST | / | Obtains directory limit information for the current Region. |\n| POST | / | Obtains the manual snapshot limits for a directory. |\n| POST | / | For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication. |\n| POST | / | Lists the address blocks that you have added to a directory. |\n| POST | / | Lists the active log subscriptions for the Amazon Web Services account. |\n| POST | / | Lists all schema extensions applied to a Microsoft AD Directory. |\n| POST | / | Lists all tags on a directory. |\n| POST | / | Registers a certificate for a secure LDAP or client certificate authentication. |\n| POST | / | Associates a directory with an Amazon SNS topic. This establishes the directory as a publisher to the specified Amazon SNS topic. You can then receive email or text (SMS) messages when the status of your directory changes. You get notified if your directory goes from an Active status to an Impaired or Inoperable status. You also receive a notification when the directory returns to an Active status. |\n| POST | / | Rejects a directory sharing request that was sent from the directory owner account. |\n| POST | / | Removes IP address blocks from a directory. |\n| POST | / | Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation. Instead, use the DeleteDirectory API. |\n| POST | / | Removes tags from a directory. |\n| POST | / | Resets the password for any user in your Managed Microsoft AD or Simple AD directory. You can reset the password for any user in your directory with the following exceptions:   For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user.   For Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the Amazon Web Services Reserved OU. For more information about the OU structure for an Managed Microsoft AD directory, see What Gets Created in the Directory Service Administration Guide. |\n| POST | / | Restores a directory using an existing directory snapshot. When you restore a directory from a snapshot, any changes made to the directory after the snapshot date are overwritten. This action returns as soon as the restore operation is initiated. You can monitor the progress of the restore operation by calling the DescribeDirectories operation with the directory identifier. When the DirectoryDescription.Stage value changes to Active, the restore operation is complete. |\n| POST | / | Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer). With this operation you can use your directory from any Amazon Web Services account and from any Amazon VPC within an Amazon Web Services Region. When you share your Managed Microsoft AD directory, Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account. The ShareMethod parameter determines whether the specified directory can be shared between Amazon Web Services accounts inside the same Amazon Web Services organization (ORGANIZATIONS). It also determines whether you can share the directory with any other Amazon Web Services account either inside or outside of the organization (HANDSHAKE). The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer. |\n| POST | / | Applies a schema extension to a Microsoft AD directory. |\n| POST | / | Stops the directory sharing between the directory owner and consumer accounts. |\n| POST | / | Updates a conditional forwarder that has been set up for your Amazon Web Services directory. |\n| POST | / | Updates the directory for a particular update type. |\n| POST | / | Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request. |\n| POST | / | Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory. |\n| POST | / | Updates the configurable settings for the specified directory. |\n| POST | / | Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory. |\n| POST | / | Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships. This action verifies a trust relationship between your Managed Microsoft AD directory and an external domain. |\n\n## Common Questions\nMatch user requests to endpoints in references/api-spec.lap. Key patterns:\n- \"Create a resource?\" -> POST /\n- \"How to authenticate?\" -> See Auth section above\n\n## Response Tips\n- Check response schemas in references/api-spec.lap for field details\n- Paginated endpoints accept limit/offset or cursor parameters\n- Create/update endpoints return the modified resource on success\n\n## References\n- Full spec: See references/api-spec.lap for complete endpoint details, parameter tables, and response schemas\n\n> Generated from the official API spec by [LAP](https://lap.sh)\n","references/api-spec.lap":"@lap v0.3\n# Machine-readable API spec. Each @endpoint block is one API call.\n@api AWS Directory Service\n@version 2015-04-16\n@auth AWS SigV4\n@endpoints 67\n@hint download_for_search\n@toc root(67)\n\n@endpoint POST /\n@desc Accepts a directory sharing request that was sent from the directory owner account.\n@required {SharedDirectoryId: str}\n@returns(200) {SharedDirectory: SharedDirectory?{OwnerAccountId: str?, OwnerDirectoryId: str?, ShareMethod: str?, SharedAccountId: str?, SharedDirectoryId: str?, ShareStatus: str?, ShareNotes: str?, CreatedDateTime: str(timestamp)?, LastUpdatedDateTime: str(timestamp)?}}\n\n@endpoint POST /\n@desc If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. AddIpRoutes adds this address block. You can also use AddIpRoutes to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC.  Before you call AddIpRoutes, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the AddIpRoutes operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.\n@required {DirectoryId: str, IpRoutes: [IpRoute]}\n@optional {UpdateSecurityGroupForDirectoryControllers: bool}\n\n@endpoint POST /\n@desc Adds two domain controllers in the specified Region for the specified directory.\n@required {DirectoryId: str, RegionName: str, VPCSettings: DirectoryVpcSettings}\n\n@endpoint POST /\n@desc Adds or overwrites one or more tags for the specified directory. Each directory can have a maximum of 50 tags. Each tag consists of a key and optional value. Tag keys must be unique to each resource.\n@required {ResourceId: str, Tags: [Tag]}\n\n@endpoint POST /\n@desc Cancels an in-progress schema extension to a Microsoft AD directory. Once a schema extension has started replicating to all domain controllers, the task can no longer be canceled. A schema extension can be canceled during any of the following states; Initializing, CreatingSnapshot, and UpdatingSchema.\n@required {DirectoryId: str, SchemaExtensionId: str}\n\n@endpoint POST /\n@desc Creates an AD Connector to connect to a self-managed directory. Before you call ConnectDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the ConnectDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.\n@required {Name: str, Password: str, Size: str, ConnectSettings: DirectoryConnectSettings}\n@optional {ShortName: str, Description: str, Tags: [Tag]}\n@returns(200) {DirectoryId: str?}\n\n@endpoint POST /\n@desc Creates an alias for a directory and assigns the alias to the directory. The alias is used to construct the access URL for the directory, such as http://.awsapps.com.  After an alias has been created, it cannot be deleted or reused, so this operation should only be used when absolutely necessary.\n@required {DirectoryId: str, Alias: str}\n@returns(200) {DirectoryId: str?, Alias: str?}\n\n@endpoint POST /\n@desc Creates an Active Directory computer object in the specified directory.\n@required {DirectoryId: str, ComputerName: str, Password: str}\n@optional {OrganizationalUnitDistinguishedName: str, ComputerAttributes: [Attribute]}\n@returns(200) {Computer: Computer?{ComputerId: str?, ComputerName: str?, ComputerAttributes: [Attribute]?}}\n\n@endpoint POST /\n@desc Creates a conditional forwarder associated with your Amazon Web Services directory. Conditional forwarders are required in order to set up a trust relationship with another domain. The conditional forwarder points to the trusted domain.\n@required {DirectoryId: str, RemoteDomainName: str, DnsIpAddrs: [str]}\n\n@endpoint POST /\n@desc Creates a Simple AD directory. For more information, see Simple Active Directory in the Directory Service Admin Guide. Before you call CreateDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.\n@required {Name: str, Password: str, Size: str}\n@optional {ShortName: str, Description: str, VpcSettings: DirectoryVpcSettings, Tags: [Tag]}\n@returns(200) {DirectoryId: str?}\n\n@endpoint POST /\n@desc Creates a subscription to forward real-time Directory Service domain controller security logs to the specified Amazon CloudWatch log group in your Amazon Web Services account.\n@required {DirectoryId: str, LogGroupName: str}\n\n@endpoint POST /\n@desc Creates a Microsoft AD directory in the Amazon Web Services Cloud. For more information, see Managed Microsoft AD in the Directory Service Admin Guide. Before you call CreateMicrosoftAD, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the CreateMicrosoftAD operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.\n@required {Name: str, Password: str, VpcSettings: DirectoryVpcSettings}\n@optional {ShortName: str, Description: str, Edition: str, Tags: [Tag]}\n@returns(200) {DirectoryId: str?}\n\n@endpoint POST /\n@desc Creates a snapshot of a Simple AD or Microsoft AD directory in the Amazon Web Services cloud.  You cannot take snapshots of AD Connector directories.\n@required {DirectoryId: str}\n@optional {Name: str}\n@returns(200) {SnapshotId: str?}\n\n@endpoint POST /\n@desc Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials. This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.\n@required {DirectoryId: str, RemoteDomainName: str, TrustPassword: str, TrustDirection: str}\n@optional {TrustType: str, ConditionalForwarderIpAddrs: [str], SelectiveAuth: str}\n@returns(200) {TrustId: str?}\n\n@endpoint POST /\n@desc Deletes a conditional forwarder that has been set up for your Amazon Web Services directory.\n@required {DirectoryId: str, RemoteDomainName: str}\n\n@endpoint POST /\n@desc Deletes an Directory Service directory. Before you call DeleteDirectory, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the DeleteDirectory operation, see Directory Service API Permissions: Actions, Resources, and Conditions Reference.\n@required {DirectoryId: str}\n@returns(200) {DirectoryId: str?}\n\n@endpoint POST /\n@desc Deletes the specified log subscription.\n@required {DirectoryId: str}\n\n@endpoint POST /\n@desc Deletes a directory snapshot.\n@required {SnapshotId: str}\n@returns(200) {SnapshotId: str?}\n\n@endpoint POST /\n@desc Deletes an existing trust relationship between your Managed Microsoft AD directory and an external domain.\n@required {TrustId: str}\n@optional {DeleteAssociatedConditionalForwarder: bool}\n@returns(200) {TrustId: str?}\n\n@endpoint POST /\n@desc Deletes from the system the certificate that was registered for secure LDAP or client certificate authentication.\n@required {DirectoryId: str, CertificateId: str}\n\n@endpoint POST /\n@desc Removes the specified directory as a publisher to the specified Amazon SNS topic.\n@required {DirectoryId: str, TopicName: str}\n\n@endpoint POST /\n@desc Displays information about the certificate registered for secure LDAP or client certificate authentication.\n@required {DirectoryId: str, CertificateId: str}\n@returns(200) {Certificate: Certificate?{CertificateId: str?, State: str?, StateReason: str?, CommonName: str?, RegisteredDateTime: str(timestamp)?, ExpiryDateTime: str(timestamp)?, Type: str?, ClientCertAuthSettings: ClientCertAuthSettings?{OCSPUrl: str?}}}\n\n@endpoint POST /\n@desc Retrieves information about the type of client authentication for the specified directory, if the type is specified. If no type is specified, information about all client authentication types that are supported for the specified directory is retrieved. Currently, only SmartCard is supported.\n@required {DirectoryId: str}\n@optional {Type: str, NextToken: str, Limit: int}\n@returns(200) {ClientAuthenticationSettingsInfo: [ClientAuthenticationSettingInfo]?, NextToken: str?}\n\n@endpoint POST /\n@desc Obtains information about the conditional forwarders for this account. If no input parameters are provided for RemoteDomainNames, this request describes all conditional forwarders for the specified directory ID.\n@required {DirectoryId: str}\n@optional {RemoteDomainNames: [str]}\n@returns(200) {ConditionalForwarders: [ConditionalForwarder]?}\n\n@endpoint POST /\n@desc Obtains information about the directories that belong to this account. You can retrieve information about specific directories by passing the directory identifiers in the DirectoryIds parameter. Otherwise, all directories that belong to the current account are returned. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeDirectoriesResult.NextToken member contains a token that you pass in the next call to DescribeDirectories to retrieve the next set of items. You can also specify a maximum number of return results with the Limit parameter.\n@optional {DirectoryIds: [str], NextToken: str, Limit: int}\n@returns(200) {DirectoryDescriptions: [DirectoryDescription]?, NextToken: str?}\n\n@endpoint POST /\n@desc Provides information about any domain controllers in your directory.\n@required {DirectoryId: str}\n@optional {DomainControllerIds: [str], NextToken: str, Limit: int}\n@returns(200) {DomainControllers: [DomainController]?, NextToken: str?}\n\n@endpoint POST /\n@desc Obtains information about which Amazon SNS topics receive status messages from the specified directory. If no input parameters are provided, such as DirectoryId or TopicName, this request describes all of the associations in the account.\n@optional {DirectoryId: str, TopicNames: [str]}\n@returns(200) {EventTopics: [EventTopic]?}\n\n@endpoint POST /\n@desc Describes the status of LDAP security for the specified directory.\n@required {DirectoryId: str}\n@optional {Type: str, NextToken: str, Limit: int}\n@returns(200) {LDAPSSettingsInfo: [LDAPSSettingInfo]?, NextToken: str?}\n\n@endpoint POST /\n@desc Provides information about the Regions that are configured for multi-Region replication.\n@required {DirectoryId: str}\n@optional {RegionName: str, NextToken: str}\n@returns(200) {RegionsDescription: [RegionDescription]?, NextToken: str?}\n\n@endpoint POST /\n@desc Retrieves information about the configurable settings for the specified directory.\n@required {DirectoryId: str}\n@optional {Status: str, NextToken: str}\n@returns(200) {DirectoryId: str?, SettingEntries: [SettingEntry]?, NextToken: str?}\n\n@endpoint POST /\n@desc Returns the shared directories in your account.\n@required {OwnerDirectoryId: str}\n@optional {SharedDirectoryIds: [str], NextToken: str, Limit: int}\n@returns(200) {SharedDirectories: [SharedDirectory]?, NextToken: str?}\n\n@endpoint POST /\n@desc Obtains information about the directory snapshots that belong to this account. This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the DescribeSnapshots.NextToken member contains a token that you pass in the next call to DescribeSnapshots to retrieve the next set of items. You can also specify a maximum number of return results with the Limit parameter.\n@optional {DirectoryId: str, SnapshotIds: [str], NextToken: str, Limit: int}\n@returns(200) {Snapshots: [Snapshot]?, NextToken: str?}\n\n@endpoint POST /\n@desc Obtains information about the trust relationships for this account. If no input parameters are provided, such as DirectoryId or TrustIds, this request describes all the trust relationships belonging to the account.\n@optional {DirectoryId: str, TrustIds: [str], NextToken: str, Limit: int}\n@returns(200) {Trusts: [Trust]?, NextToken: str?}\n\n@endpoint POST /\n@desc Describes the updates of a directory for a particular update type.\n@required {DirectoryId: str, UpdateType: str}\n@optional {RegionName: str, NextToken: str}\n@returns(200) {UpdateActivities: [UpdateInfoEntry]?, NextToken: str?}\n\n@endpoint POST /\n@desc Disables alternative client authentication methods for the specified directory.\n@required {DirectoryId: str, Type: str}\n\n@endpoint POST /\n@desc Deactivates LDAP secure calls for the specified directory.\n@required {DirectoryId: str, Type: str}\n\n@endpoint POST /\n@desc Disables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.\n@required {DirectoryId: str}\n\n@endpoint POST /\n@desc Disables single-sign on for a directory.\n@required {DirectoryId: str}\n@optional {UserName: str, Password: str}\n\n@endpoint POST /\n@desc Enables alternative client authentication methods for the specified directory.\n@required {DirectoryId: str, Type: str}\n\n@endpoint POST /\n@desc Activates the switch for the specific directory to always use LDAP secure calls.\n@required {DirectoryId: str, Type: str}\n\n@endpoint POST /\n@desc Enables multi-factor authentication (MFA) with the Remote Authentication Dial In User Service (RADIUS) server for an AD Connector or Microsoft AD directory.\n@required {DirectoryId: str, RadiusSettings: RadiusSettings}\n\n@endpoint POST /\n@desc Enables single sign-on for a directory. Single sign-on allows users in your directory to access certain Amazon Web Services services from a computer joined to the directory without having to enter their credentials separately.\n@required {DirectoryId: str}\n@optional {UserName: str, Password: str}\n\n@endpoint POST /\n@desc Obtains directory limit information for the current Region.\n@returns(200) {DirectoryLimits: DirectoryLimits?{CloudOnlyDirectoriesLimit: int?, CloudOnlyDirectoriesCurrentCount: int?, CloudOnlyDirectoriesLimitReached: bool?, CloudOnlyMicrosoftADLimit: int?, CloudOnlyMicrosoftADCurrentCount: int?, CloudOnlyMicrosoftADLimitReached: bool?, ConnectedDirectoriesLimit: int?, ConnectedDirectoriesCurrentCount: int?, ConnectedDirectoriesLimitReached: bool?}}\n\n@endpoint POST /\n@desc Obtains the manual snapshot limits for a directory.\n@required {DirectoryId: str}\n@returns(200) {SnapshotLimits: SnapshotLimits?{ManualSnapshotsLimit: int?, ManualSnapshotsCurrentCount: int?, ManualSnapshotsLimitReached: bool?}}\n\n@endpoint POST /\n@desc For the specified directory, lists all the certificates registered for a secure LDAP or client certificate authentication.\n@required {DirectoryId: str}\n@optional {NextToken: str, Limit: int}\n@returns(200) {NextToken: str?, CertificatesInfo: [CertificateInfo]?}\n\n@endpoint POST /\n@desc Lists the address blocks that you have added to a directory.\n@required {DirectoryId: str}\n@optional {NextToken: str, Limit: int}\n@returns(200) {IpRoutesInfo: [IpRouteInfo]?, NextToken: str?}\n\n@endpoint POST /\n@desc Lists the active log subscriptions for the Amazon Web Services account.\n@optional {DirectoryId: str, NextToken: str, Limit: int}\n@returns(200) {LogSubscriptions: [LogSubscription]?, NextToken: str?}\n\n@endpoint POST /\n@desc Lists all schema extensions applied to a Microsoft AD Directory.\n@required {DirectoryId: str}\n@optional {NextToken: str, Limit: int}\n@returns(200) {SchemaExtensionsInfo: [SchemaExtensionInfo]?, NextToken: str?}\n\n@endpoint POST /\n@desc Lists all tags on a directory.\n@required {ResourceId: str}\n@optional {NextToken: str, Limit: int}\n@returns(200) {Tags: [Tag]?, NextToken: str?}\n\n@endpoint POST /\n@desc Registers a certificate for a secure LDAP or client certificate authentication.\n@required {DirectoryId: str, CertificateData: str}\n@optional {Type: str, ClientCertAuthSettings: ClientCertAuthSettings}\n@returns(200) {CertificateId: str?}\n\n@endpoint POST /\n@desc Associates a directory with an Amazon SNS topic. This establishes the directory as a publisher to the specified Amazon SNS topic. You can then receive email or text (SMS) messages when the status of your directory changes. You get notified if your directory goes from an Active status to an Impaired or Inoperable status. You also receive a notification when the directory returns to an Active status.\n@required {DirectoryId: str, TopicName: str}\n\n@endpoint POST /\n@desc Rejects a directory sharing request that was sent from the directory owner account.\n@required {SharedDirectoryId: str}\n@returns(200) {SharedDirectoryId: str?}\n\n@endpoint POST /\n@desc Removes IP address blocks from a directory.\n@required {DirectoryId: str, CidrIps: [str]}\n\n@endpoint POST /\n@desc Stops all replication and removes the domain controllers from the specified Region. You cannot remove the primary Region with this operation. Instead, use the DeleteDirectory API.\n@required {DirectoryId: str}\n\n@endpoint POST /\n@desc Removes tags from a directory.\n@required {ResourceId: str, TagKeys: [str]}\n\n@endpoint POST /\n@desc Resets the password for any user in your Managed Microsoft AD or Simple AD directory. You can reset the password for any user in your directory with the following exceptions:   For Simple AD, you cannot reset the password for any user that is a member of either the Domain Admins or Enterprise Admins group except for the administrator user.   For Managed Microsoft AD, you can only reset the password for a user that is in an OU based off of the NetBIOS name that you typed when you created your directory. For example, you cannot reset the password for a user in the Amazon Web Services Reserved OU. For more information about the OU structure for an Managed Microsoft AD directory, see What Gets Created in the Directory Service Administration Guide.\n@required {DirectoryId: str, UserName: str, NewPassword: str}\n\n@endpoint POST /\n@desc Restores a directory using an existing directory snapshot. When you restore a directory from a snapshot, any changes made to the directory after the snapshot date are overwritten. This action returns as soon as the restore operation is initiated. You can monitor the progress of the restore operation by calling the DescribeDirectories operation with the directory identifier. When the DirectoryDescription.Stage value changes to Active, the restore operation is complete.\n@required {SnapshotId: str}\n\n@endpoint POST /\n@desc Shares a specified directory (DirectoryId) in your Amazon Web Services account (directory owner) with another Amazon Web Services account (directory consumer). With this operation you can use your directory from any Amazon Web Services account and from any Amazon VPC within an Amazon Web Services Region. When you share your Managed Microsoft AD directory, Directory Service creates a shared directory in the directory consumer account. This shared directory contains the metadata to provide access to the directory within the directory owner account. The shared directory is visible in all VPCs in the directory consumer account. The ShareMethod parameter determines whether the specified directory can be shared between Amazon Web Services accounts inside the same Amazon Web Services organization (ORGANIZATIONS). It also determines whether you can share the directory with any other Amazon Web Services account either inside or outside of the organization (HANDSHAKE). The ShareNotes parameter is only used when HANDSHAKE is called, which sends a directory sharing request to the directory consumer.\n@required {DirectoryId: str, ShareTarget: ShareTarget, ShareMethod: str}\n@optional {ShareNotes: str}\n@returns(200) {SharedDirectoryId: str?}\n\n@endpoint POST /\n@desc Applies a schema extension to a Microsoft AD directory.\n@required {DirectoryId: str, CreateSnapshotBeforeSchemaExtension: bool, LdifContent: str, Description: str}\n@returns(200) {SchemaExtensionId: str?}\n\n@endpoint POST /\n@desc Stops the directory sharing between the directory owner and consumer accounts.\n@required {DirectoryId: str, UnshareTarget: UnshareTarget}\n@returns(200) {SharedDirectoryId: str?}\n\n@endpoint POST /\n@desc Updates a conditional forwarder that has been set up for your Amazon Web Services directory.\n@required {DirectoryId: str, RemoteDomainName: str, DnsIpAddrs: [str]}\n\n@endpoint POST /\n@desc Updates the directory for a particular update type.\n@required {DirectoryId: str, UpdateType: str}\n@optional {OSUpdateSettings: OSUpdateSettings, CreateSnapshotBeforeUpdate: bool}\n\n@endpoint POST /\n@desc Adds or removes domain controllers to or from the directory. Based on the difference between current value and new value (provided through this API call), domain controllers will be added or removed. It may take up to 45 minutes for any new domain controllers to become fully active once the requested number of domain controllers is updated. During this time, you cannot make another update request.\n@required {DirectoryId: str, DesiredNumber: int}\n\n@endpoint POST /\n@desc Updates the Remote Authentication Dial In User Service (RADIUS) server information for an AD Connector or Microsoft AD directory.\n@required {DirectoryId: str, RadiusSettings: RadiusSettings}\n\n@endpoint POST /\n@desc Updates the configurable settings for the specified directory.\n@required {DirectoryId: str, Settings: [Setting]}\n@returns(200) {DirectoryId: str?}\n\n@endpoint POST /\n@desc Updates the trust that has been set up between your Managed Microsoft AD directory and an self-managed Active Directory.\n@required {TrustId: str}\n@optional {SelectiveAuth: str}\n@returns(200) {RequestId: str?, TrustId: str?}\n\n@endpoint POST /\n@desc Directory Service for Microsoft Active Directory allows you to configure and verify trust relationships. This action verifies a trust relationship between your Managed Microsoft AD directory and an external domain.\n@required {TrustId: str}\n@returns(200) {TrustId: str?}\n\n@end\n"}}