:doc:`DirectoryServiceData <../../ds-data>` / Client / search_users

************
search_users
************



.. py:method:: DirectoryServiceData.Client.search_users(**kwargs)

  

  Searches the specified directory for a user. You can find users that match the ``SearchString`` parameter with the value of their attributes included in the ``SearchString`` parameter.

   

  This operation supports pagination with the use of the ``NextToken`` request and response parameters. If more results are available, the ``SearchUsers.NextToken`` member contains a token that you pass in the next call to ``SearchUsers``. This retrieves the next set of items.

   

  You can also specify a maximum number of return results with the ``MaxResults`` parameter.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/directory-service-data-2023-05-31/SearchUsers>`_  


  **Request Syntax**
  ::

    response = client.search_users(
        DirectoryId='string',
        MaxResults=123,
        NextToken='string',
        Realm='string',
        SearchAttributes=[
            'string',
        ],
        SearchString='string'
    )
    
  :type DirectoryId: string
  :param DirectoryId: **[REQUIRED]** 

    The identifier (ID) of the directory that's associated with the user.

    

  
  :type MaxResults: integer
  :param MaxResults: 

    The maximum number of results to be returned per request.

    

  
  :type NextToken: string
  :param NextToken: 

    An encoded paging token for paginated calls that can be passed back to retrieve the next page.

    

  
  :type Realm: string
  :param Realm: 

    The domain name that's associated with the user.

     

    .. note::

      

      This parameter is optional, so you can return users outside of your Managed Microsoft AD domain. When no value is defined, only your Managed Microsoft AD users are returned.

       

      This value is case insensitive.

      

    

  
  :type SearchAttributes: list
  :param SearchAttributes: **[REQUIRED]** 

    One or more data attributes that are used to search for a user. For a list of supported attributes, see `Directory Service Data Attributes <https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html>`__.

    

  
    - *(string) --* 

    

  :type SearchString: string
  :param SearchString: **[REQUIRED]** 

    The attribute value that you want to search for.

     

    .. note::

      

      Wildcard ``(*)`` searches aren't supported. For a list of supported attributes, see `Directory Service Data Attributes <https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html>`__.

      

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'DirectoryId': 'string',
          'NextToken': 'string',
          'Realm': 'string',
          'Users': [
              {
                  'DistinguishedName': 'string',
                  'EmailAddress': 'string',
                  'Enabled': True|False,
                  'GivenName': 'string',
                  'OtherAttributes': {
                      'string': {
                          'BOOL': True|False,
                          'N': 123,
                          'S': 'string',
                          'SS': [
                              'string',
                          ]
                      }
                  },
                  'SAMAccountName': 'string',
                  'SID': 'string',
                  'Surname': 'string',
                  'UserPrincipalName': 'string'
              },
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **DirectoryId** *(string) --* 

        The identifier (ID) of the directory where the address block is added.

        
      

      - **NextToken** *(string) --* 

        An encoded paging token for paginated calls that can be passed back to retrieve the next page.

        
      

      - **Realm** *(string) --* 

        The domain that's associated with the user.

        
      

      - **Users** *(list) --* 

        The user information that the request returns.

        
        

        - *(dict) --* 

          A user object that contains identifying information and attributes for a specified user.

          
          

          - **DistinguishedName** *(string) --* 

            The `distinguished name <https://learn.microsoft.com/en-us/windows/win32/ad/object-names-and-identities#distinguished-name>`__ of the object.

            
          

          - **EmailAddress** *(string) --* 

            The email address of the user.

            
          

          - **Enabled** *(boolean) --* 

            Indicates whether the user account is active.

            
          

          - **GivenName** *(string) --* 

            The first name of the user.

            
          

          - **OtherAttributes** *(dict) --* 

            An expression that includes one or more attributes, data types, and values of a user.

            
            

            - *(string) --* 
              

              - *(dict) --* 

                The data type for an attribute. Each attribute value is described as a name-value pair. The name is the AD schema name, and the value is the data itself. For a list of supported attributes, see `Directory Service Data Attributes <https://docs.aws.amazon.com/directoryservice/latest/admin-guide/ad_data_attributes.html>`__.

                .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``BOOL``, ``N``, ``S``, ``SS``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


              
                

                - **BOOL** *(boolean) --* 

                  Indicates that the attribute type value is a boolean. For example:

                   

                  ``"BOOL": true``

                  
                

                - **N** *(integer) --* 

                  Indicates that the attribute type value is a number. For example:

                   

                  ``"N": "16"``

                  
                

                - **S** *(string) --* 

                  Indicates that the attribute type value is a string. For example:

                   

                  ``"S": "S Group"``

                  
                

                - **SS** *(list) --* 

                  Indicates that the attribute type value is a string set. For example:

                   

                  ``"SS": ["sample_service_class/host.sample.com:1234/sample_service_name_1", "sample_service_class/host.sample.com:1234/sample_service_name_2"]``

                  
                  

                  - *(string) --* 
              
            
        
      
          

          - **SAMAccountName** *(string) --* 

            The name of the user.

            
          

          - **SID** *(string) --* 

            The unique security identifier (SID) of the user.

            
          

          - **Surname** *(string) --* 

            The last name of the user.

            
          

          - **UserPrincipalName** *(string) --* 

            The UPN that is an internet-style login name for a user and based on the internet standard `RFC 822 <https://datatracker.ietf.org/doc/html/rfc822>`__. The UPN is shorter than the distinguished name and easier to remember.

            
      
    
  
  **Exceptions**
  
  *   :py:class:`DirectoryServiceData.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`DirectoryServiceData.Client.exceptions.InternalServerException`

  
  *   :py:class:`DirectoryServiceData.Client.exceptions.ValidationException`

  
  *   :py:class:`DirectoryServiceData.Client.exceptions.DirectoryUnavailableException`

  
  *   :py:class:`DirectoryServiceData.Client.exceptions.ThrottlingException`

  