DirectoryService / Client / create_trust

create_trust#

DirectoryService.Client.create_trust(**kwargs)#

Directory Service for Microsoft Active Directory allows you to configure trust relationships. For example, you can establish a trust between your Managed Microsoft AD directory, and your existing self-managed Microsoft Active Directory. This would allow you to provide users and groups access to resources in either domain, with a single set of credentials.

This action initiates the creation of the Amazon Web Services side of a trust relationship between an Managed Microsoft AD directory and an external domain. You can create either a forest trust or an external trust.

See also: AWS API Documentation

Request Syntax

response = client.create_trust(
    DirectoryId='string',
    RemoteDomainName='string',
    TrustPassword='string',
    TrustDirection='One-Way: Outgoing'|'One-Way: Incoming'|'Two-Way',
    TrustType='Forest'|'External',
    ConditionalForwarderIpAddrs=[
        'string',
    ],
    SelectiveAuth='Enabled'|'Disabled'
)
Parameters:
  • DirectoryId (string) –

    [REQUIRED]

    The Directory ID of the Managed Microsoft AD directory for which to establish the trust relationship.

  • RemoteDomainName (string) –

    [REQUIRED]

    The Fully Qualified Domain Name (FQDN) of the external domain for which to create the trust relationship.

  • TrustPassword (string) –

    [REQUIRED]

    The trust password. The trust password must be the same password that was used when creating the trust relationship on the external domain.

  • TrustDirection (string) –

    [REQUIRED]

    The direction of the trust relationship.

  • TrustType (string) – The trust relationship type. Forest is the default.

  • ConditionalForwarderIpAddrs (list) –

    The IP addresses of the remote DNS server associated with RemoteDomainName.

    • (string) –

  • SelectiveAuth (string) – Optional parameter to enable selective authentication for the trust.

Return type:

dict

Returns:

Response Syntax

{
    'TrustId': 'string'
}

Response Structure

  • (dict) –

    The result of a CreateTrust request.

    • TrustId (string) –

      A unique identifier for the trust relationship that was created.

Exceptions

  • DirectoryService.Client.exceptions.EntityAlreadyExistsException

  • DirectoryService.Client.exceptions.EntityDoesNotExistException

  • DirectoryService.Client.exceptions.InvalidParameterException

  • DirectoryService.Client.exceptions.ClientException

  • DirectoryService.Client.exceptions.ServiceException

  • DirectoryService.Client.exceptions.UnsupportedOperationException