:doc:`AppStream <../../appstream>` / Client / create_directory_config

***********************
create_directory_config
***********************



.. py:method:: AppStream.Client.create_directory_config(**kwargs)

  

  Creates a Directory Config object in WorkSpaces Applications. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/appstream-2016-12-01/CreateDirectoryConfig>`_  


  **Request Syntax**
  ::

    response = client.create_directory_config(
        DirectoryName='string',
        OrganizationalUnitDistinguishedNames=[
            'string',
        ],
        ServiceAccountCredentials={
            'AccountName': 'string',
            'AccountPassword': 'string'
        },
        CertificateBasedAuthProperties={
            'Status': 'DISABLED'|'ENABLED'|'ENABLED_NO_DIRECTORY_LOGIN_FALLBACK',
            'CertificateAuthorityArn': 'string'
        }
    )
    
  :type DirectoryName: string
  :param DirectoryName: **[REQUIRED]** 

    The fully qualified name of the directory (for example, corp.example.com).

    

  
  :type OrganizationalUnitDistinguishedNames: list
  :param OrganizationalUnitDistinguishedNames: **[REQUIRED]** 

    The distinguished names of the organizational units for computer accounts.

    

  
    - *(string) --* 

    

  :type ServiceAccountCredentials: dict
  :param ServiceAccountCredentials: 

    The credentials for the service account used by the fleet or image builder to connect to the directory.

    

  
    - **AccountName** *(string) --* **[REQUIRED]** 

      The user name of the account. This account must have the following privileges: create computer objects, join computers to the domain, and change/reset the password on descendant computer objects for the organizational units specified.

      

    
    - **AccountPassword** *(string) --* **[REQUIRED]** 

      The password for the account.

      

    
  
  :type CertificateBasedAuthProperties: dict
  :param CertificateBasedAuthProperties: 

    The certificate-based authentication properties used to authenticate SAML 2.0 Identity Provider (IdP) user identities to Active Directory domain-joined streaming instances. Fallback is turned on by default when certificate-based authentication is **Enabled** . Fallback allows users to log in using their AD domain password if certificate-based authentication is unsuccessful, or to unlock a desktop lock screen. **Enabled_no_directory_login_fallback** enables certificate-based authentication, but does not allow users to log in using their AD domain password. Users will be disconnected to re-authenticate using certificates.

    

  
    - **Status** *(string) --* 

      The status of the certificate-based authentication properties.

      

    
    - **CertificateAuthorityArn** *(string) --* 

      The ARN of the AWS Certificate Manager Private CA resource.

      

    
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'DirectoryConfig': {
              'DirectoryName': 'string',
              'OrganizationalUnitDistinguishedNames': [
                  'string',
              ],
              'ServiceAccountCredentials': {
                  'AccountName': 'string',
                  'AccountPassword': 'string'
              },
              'CreatedTime': datetime(2015, 1, 1),
              'CertificateBasedAuthProperties': {
                  'Status': 'DISABLED'|'ENABLED'|'ENABLED_NO_DIRECTORY_LOGIN_FALLBACK',
                  'CertificateAuthorityArn': 'string'
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **DirectoryConfig** *(dict) --* 

        Information about the directory configuration.

        
        

        - **DirectoryName** *(string) --* 

          The fully qualified name of the directory (for example, corp.example.com).

          
        

        - **OrganizationalUnitDistinguishedNames** *(list) --* 

          The distinguished names of the organizational units for computer accounts.

          
          

          - *(string) --* 
      
        

        - **ServiceAccountCredentials** *(dict) --* 

          The credentials for the service account used by the fleet or image builder to connect to the directory.

          
          

          - **AccountName** *(string) --* 

            The user name of the account. This account must have the following privileges: create computer objects, join computers to the domain, and change/reset the password on descendant computer objects for the organizational units specified.

            
          

          - **AccountPassword** *(string) --* 

            The password for the account.

            
      
        

        - **CreatedTime** *(datetime) --* 

          The time the directory configuration was created.

          
        

        - **CertificateBasedAuthProperties** *(dict) --* 

          The certificate-based authentication properties used to authenticate SAML 2.0 Identity Provider (IdP) user identities to Active Directory domain-joined streaming instances. Fallback is turned on by default when certificate-based authentication is **Enabled** . Fallback allows users to log in using their AD domain password if certificate-based authentication is unsuccessful, or to unlock a desktop lock screen. **Enabled_no_directory_login_fallback** enables certificate-based authentication, but does not allow users to log in using their AD domain password. Users will be disconnected to re-authenticate using certificates.

          
          

          - **Status** *(string) --* 

            The status of the certificate-based authentication properties.

            
          

          - **CertificateAuthorityArn** *(string) --* 

            The ARN of the AWS Certificate Manager Private CA resource.

            
      
    
  
  **Exceptions**
  
  *   :py:class:`AppStream.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`AppStream.Client.exceptions.ResourceAlreadyExistsException`

  
  *   :py:class:`AppStream.Client.exceptions.LimitExceededException`

  
  *   :py:class:`AppStream.Client.exceptions.InvalidAccountStatusException`

  
  *   :py:class:`AppStream.Client.exceptions.OperationNotPermittedException`

  
  *   :py:class:`AppStream.Client.exceptions.InvalidRoleException`

  