Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Viewing and updating an Amazon Managed Microsoft AD user
Use the following procedure to view or update an Amazon Managed Microsoft AD user's details with
Amazon Directory Service Data in the Amazon Web Services Management Console, Amazon CLI, or Amazon Tools for PowerShell.
Viewing an Amazon Managed Microsoft AD user's details
You can view a user's details in the Amazon Web Services Management Console or Amazon CLI. The user's details
include profile and account information and group membership.
Before you begin, complete the following:
- Amazon Web Services Management Console
-
You can view an Amazon Managed Microsoft AD user's details in the Amazon Web Services Management Console.
To view an Amazon Managed Microsoft AD user's details and account details with the Amazon Web Services Management Console
-
Open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.
-
From the navigation pane, choose Active Directory, and then choose
Directories. You're directed to the
Directories screen where you can view a list of directories
in your Amazon Web Services Region.
-
Choose a directory. You're directed to the Directory
details screen.
-
Choose Users. The tab shows a list of users in your
directory.
-
Select a user. You're directed to the User details
screen. The User details screen shows the following
information:
-
Groups the user is a member of (group memberships)
-
Profile details (such as primary information like user logon name, first
name, last name, etc.)
-
Account settings (such as account information like user principal name,
service principal name, distinguished name, etc.)
-
Account status
For more information on user attributes, see Amazon Directory Service Data attributes
and Microsoft documentation.
- Amazon CLI
-
With the Amazon CLI, you can view a user's details, which includes profile and account
information and group memberships.
To view an Amazon Managed Microsoft AD user's profile and account details with the Amazon CLI
The following describes how to view an Amazon Managed Microsoft AD user's details with the
Amazon Directory Service Data CLI.
aws ds-data describe-user --directory-id d-1234567890 --sam-account-name "jane.doe"
For more information, see describe-user.
To view a user's group memberships
The following describes how to view an Amazon Managed Microsoft AD user's group membership
with the Amazon Directory Service Data CLI.
aws ds-data list-groups-for-member --directory-id d-1234567890 --sam-account-name "jane.doe"
For more information, see list-groups-for-member.
For more information on user attributes, see Amazon Directory Service Data attributes
and Microsoft documentation.
- PowerShell
-
With Tools for PowerShell, you can view a user's details, which includes profile and account
information and group memberships.
To view an Amazon Managed Microsoft AD user's profile and account details with Tools for PowerShell
The following describes how to view an Amazon Managed Microsoft AD user's details with the
Tools for PowerShell.
Get-DSDUser -DirectoryId d-1234567890 -SAMAccountName "jane.doe"
For more information, see Get-DSDUser.
To view a user's group memberships
The following describes how to view an Amazon Managed Microsoft AD user's group membership
with the Tools for PowerShell.
(Get-DSDGroupsForMemberList -DirectoryId d-1234567890 -SAMAccountName "jane.doe").Groups
For more information, see Get-DSDGroupsForMemberList.
For more information on user attributes, see Amazon Directory Service Data attributes
and Microsoft documentation.
Updating an Amazon Managed Microsoft AD user's details
Use the following procedure to update an Amazon Managed Microsoft AD user with Amazon Directory Service Data in the Amazon Web Services Management Console, Amazon CLI,
or Amazon Tools for PowerShell.
The minimum attribute length is 1.
- Amazon Web Services Management Console
-
You can update an Amazon Managed Microsoft AD user's details in the Amazon Web Services Management Console.
To update an Amazon Managed Microsoft AD user's details with the Amazon Web Services Management Console
-
Open the Amazon Directory Service console at https://console.amazonaws.cn/directoryservicev2/.
-
From the navigation pane, choose Active Directory, and then choose
Directories. You're directed to the
Directories screen where you can view a list of directories
in your Amazon Web Services Region.
-
Choose a directory. You're directed to the Directory
details screen.
-
Choose Users. The tab shows a list of users in your
directory.
-
Select a user. To find a user, enter the user logon name in the search box
under the Users section. You're directed to the
User details screen.
-
To edit groups the user is a member of, choose Groups.
From this tab, you can add and remove the user from groups. For more information,
see Add an Amazon Managed Microsoft AD member to a
group.
-
To edit the user's profile details, choose Profile, and
then choose Edit. Or choose Actions, and
then choose Edit user. Make and review your updates, and then
choose Save.
The user logon name cannot be changed after the user is created.
-
To edit the user's account settings, choose User account
settings. Or choose Actions, and then choose
Edit user. Make and review your updates, and then choose
Save.
For more information on user attributes, see Amazon Directory Service Data attributes
and Microsoft documentation.
- Amazon CLI
-
The following describes how to format a request that updates an Amazon Managed Microsoft AD
user's details with Amazon Directory Service Data CLI.
When you update a user's account, you must include your directory ID number and
user logon name. You also must include the update type and attribute you want to
update in your request, such as a user last name with the Surname
parameter. For more information, see Amazon Directory Service Data
attributes.
-
To update a user's details, open the Amazon CLI, and run the following command
with your Directory ID, username, update type, and attribute value:
aws ds-data update-user \
--directory-id d-1234567890 \
--sam-account-name "jane.doe" \
--update-type "REPLACE" \
--surname "Doe"
For more information, see update-user.
When removing user attributes with update-user CLI command, you must specify the attribute and the exact
value to be removed. To determine user attributes, use describe-user command.
For more information on user attributes, see Amazon Directory Service Data attributes
and Microsoft documentation.
- PowerShell
-
The following describes how to format a request that updates an Amazon Managed Microsoft AD
user's details with Amazon Tools for PowerShell.
When you update a user's account, you must include your directory ID number and
user logon name. You also must include the update type and attribute you want to
update in your request, such as a user last name with the Surname
parameter. For more information, see Amazon Directory Service Data
attributes.
-
To update a user's details, open PowerShell, and run the
following command with your Directory ID, username, update type, and attribute
value:
Update-DSDUser `
-DirectoryId d-1234567890 `
-SAMAccountName "jane.doe" `
-UpdateType "REPLACE" `
-Surname "Doe"
For more information, see Update-DSDUser.
For more information on user attributes, see Amazon Directory Service Data attributes
and Microsoft documentation.