You can manage users and groups in AWS Managed Microsoft AD. You create a user to represent a person or entity that can access your directory. You can also create a group to grant and deny permissions to more than one user at a time. You can add not only users to a group, but also groups to a group. When you add a user to a group, the user inherits the roles and permissions assigned to the group. When you add a group to a group, the groups share a parent-child relationship, where the child group inherits the roles and permissions assigned to the parent group. You can also copy a user's group memberships into another user.
You can manage users and groups with AWS Directory Service Data using the following methods:
For a demonstration of the AWS Directory Service Data CLI, see the following YouTube video.
Alternatively, you can use a domain-joined instance.
Manage users and groups with the AWS Management ConsoleYou can manage users and groups with the AWS Management Console with AWS Directory Service Data. Directory Service Data is an extension of AWS Directory Service that provides you with the ability to perform built-in object management tasks. Some of these tasks include creating users and groups and adding users to groups as well as groups to a group.
For more information, see Manage AWS Managed Microsoft AD users and groups with the AWS Management Console.
Manage users and groups with the AWS CLIYou can manage users and groups with the AWS CLI through the AWS Directory Service Data API. Directory Service Data is an extension of AWS Directory Service that provides you with the ability to perform built-in object management tasks using the ds-data namespace. Some of these tasks include creating users and groups and adding users to groups as well as groups to a group.
The following is an example AWS CLI command that uses the ds-data namespace to create a user.
aws ds-data create-user --directory-id d-1234567890 --sam-account-name "jane.doe" --region your-Primary-Region-nameFor more information, see Manage AWS Managed Microsoft AD users and groups with the AWS CLI.
Manage users and groups with AWS Tools for PowerShellThe AWS Tools for PowerShell provides two separate modules for managing AWS Directory Service: AWS.Tools.DirectoryService (DS) and AWS.Tools.DirectoryServiceData (DSD). When working with AWS Directory Service, ensure you're using the appropriate module for your intended operation.
The DirectoryService module contains cmdlets for managing directory service configuration and administration, including cmdlets like Enable-DSDirectoryDataAccess, Disable-DSDirectoryDataAccess, and Reset-DSUserPassword.
The DirectoryServiceData module contains cmdlets for performing operations within a directory, specifically focused on user and group management. These DSD cmdlets include user management operations (New-DSDUser, Get-DSDUser, Update-DSDUser, and Remove-DSDUser), group management operations (New-DSDGroup, Get-DSDGroup, and Update-DSDGroup, Remove-DSDGroup), group membership management (Add-DSDGroupMember, and Remove-DSDGroupMember), and search functionality (Search-DSDUser and Search-DSDGroup).
If the AWS Directory Service Data doesn't support your use case, we recommend managing users and groups with an on-premise or EC2 instance.
To create users and groups in an AWS Managed Microsoft AD, you can use any instance (from either on-premises or EC2) that has been joined to your AWS Managed Microsoft AD. You need to be logged in as a user that has privileges to create users and groups. You will also need to install the Active Directory Tools on your instance so you can add your users and groups with the Active Directory Users and Computers tool.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4