DirectoryServiceData / Client / search_users

search_users#

DirectoryServiceData.Client.search_users(**kwargs)#

Searches the specified directory for a user. You can find users that match the SearchString parameter with the value of their attributes included in the SearchString parameter.

This operation supports pagination with the use of the NextToken request and response parameters. If more results are available, the SearchUsers.NextToken member contains a token that you pass in the next call to SearchUsers. This retrieves the next set of items.

You can also specify a maximum number of return results with the MaxResults parameter.

See also: AWS API Documentation

Request Syntax

response = client.search_users(
    DirectoryId='string',
    MaxResults=123,
    NextToken='string',
    Realm='string',
    SearchAttributes=[
        'string',
    ],
    SearchString='string'
)
Parameters:

  • DirectoryId (string) –

    [REQUIRED]

    The identifier (ID) of the directory that’s associated with the user.

  • MaxResults (integer) – The maximum number of results to be returned per request.

  • NextToken (string) – An encoded paging token for paginated calls that can be passed back to retrieve the next page.

  • Realm (string) –

    The domain name that’s associated with the user.

    Note

    This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.

    This value is case insensitive.

  • SearchAttributes (list) –

    [REQUIRED]

    One or more data attributes that are used to search for a user. For a list of supported attributes, see Directory Service Data Attributes.

    • (string) –

  • SearchString (string) –

    [REQUIRED]

    The attribute value that you want to search for.

    Note

    Wildcard (*) searches aren’t supported. For a list of supported attributes, see Directory Service Data Attributes.

Return type:

dict

Returns:

Response Syntax

{
    'DirectoryId': 'string',
    'NextToken': 'string',
    'Realm': 'string',
    'Users': [
        {
            'DistinguishedName': 'string',
            'EmailAddress': 'string',
            'Enabled': True|False,
            'GivenName': 'string',
            'OtherAttributes': {
                'string': {
                    'BOOL': True|False,
                    'N': 123,
                    'S': 'string',
                    'SS': [
                        'string',
                    ]
                }
            },
            'SAMAccountName': 'string',
            'SID': 'string',
            'Surname': 'string',
            'UserPrincipalName': 'string'
        },
    ]
}

Response Structure

  • (dict) –

    • DirectoryId (string) –

      The identifier (ID) of the directory where the address block is added.

    • NextToken (string) –

      An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    • Realm (string) –

      The domain that’s associated with the user.

    • Users (list) –

      The user information that the request returns.

      • (dict) –

        A user object that contains identifying information and attributes for a specified user.

        • DistinguishedName (string) –

          The distinguished name of the object.

        • EmailAddress (string) –

          The email address of the user.

        • Enabled (boolean) –

          Indicates whether the user account is active.

        • GivenName (string) –

          The first name of the user.

        • OtherAttributes (dict) –

          An expression that includes one or more attributes, data types, and values of a user.

          • (string) –

            • (dict) –

              The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see Directory Service Data Attributes.

              Note

              This is a Tagged Union structure. Only one of the following top level keys will be set: BOOL, N, S, SS. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

              'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

              • BOOL (boolean) –

                Indicates that the attribute type value is a boolean. For example:

                "BOOL": true

              • N (integer) –

                Indicates that the attribute type value is a number. For example:

                "N": "16"

              • S (string) –

                Indicates that the attribute type value is a string. For example:

                "S": "S Group"

              • SS (list) –

                Indicates that the attribute type value is a string set. For example:

                "SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]

                • (string) –

        • SAMAccountName (string) –

          The name of the user.

        • SID (string) –

          The unique security identifier (SID) of the user.

        • Surname (string) –

          The last name of the user.

        • UserPrincipalName (string) –

          The UPN that is an internet-style login name for a user and based on the internet standard RFC 822. The UPN is shorter than the distinguished name and easier to remember.

Exceptions

  • DirectoryServiceData.Client.exceptions.AccessDeniedException

  • DirectoryServiceData.Client.exceptions.InternalServerException

  • DirectoryServiceData.Client.exceptions.ValidationException

  • DirectoryServiceData.Client.exceptions.DirectoryUnavailableException

  • DirectoryServiceData.Client.exceptions.ThrottlingException