Active Directory Server

Overview

This document describes the API to configure AAA Active Directory servers and their properties in BIG-IQ.

REST Endpoint: /mgmt/cm/access/working-config/apm/aaa/active-directory

Requests

GET /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
usePool string The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string Name of the Windows Domain.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string Administrator password that is associated with the administrator name.
groupCacheTtl number Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number Number of days to cache password security resources. The default lifetime is 30 days.
timeout number Timeout interval (in seconds) for connecting to the AAA server.
name string The name of the object.
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference Reference to the device.
     name string Device name. Typically, it is device’s hostname.
     machineId string Machine ID of the device.
     link string URI link for the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group.
     link string URI link for the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Trust_Discovery_Import Yes
Access_View Yes
Access_Edit Yes
Access_Manager Yes
Access_Deploy Yes

POST /mgmt/cm/access/working-config/apm/aaa/active-directory

Request Parameters

Name Type Required Description
usePool string False The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string True Name of the Windows Domain.
pool string   For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string False IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects True List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string True Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string True Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string False Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string False Administrator password that is associated with the administrator name.
groupCacheTtl number True Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string False Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number False Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number True Number of days to cache password security resources. The default lifetime is 30 days.
timeout number True Timeout interval (in seconds) for connecting to the AAA server.
name string True The name of the object.
partition string True The BIG-IP partition where the object should be placed.
subPath string False The BIG-IP partition where the object should be placed.
lsoDeviceReference reference False Reference to the device.
     link string False URI link for the reference.
isLsoShared boolean True Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference False Reference to the device group.
     link string False URI link for the reference.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
usePool string The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string Name of the Windows Domain.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string Administrator password that is associated with the administrator name.
groupCacheTtl number Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number Number of days to cache password security resources. The default lifetime is 30 days.
timeout number Timeout interval (in seconds) for connecting to the AAA server.
name string The name of the object.
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference Reference to the device.
     name string Device name. Typically, it is device’s hostname.
     machineId string Machine ID of the device.
     link string URI link for the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group.
     link string URI link for the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Trust_Discovery_Import No
Access_View No
Access_Edit No
Access_Manager No
Access_Deploy No

PUT /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>

Request Parameters

Name Type Required Description
usePool string False The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string False Name of the Windows Domain.
pool string   For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string False IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects False List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string False Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string False Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string False Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string False Administrator password that is associated with the administrator name.
groupCacheTtl number False Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string False Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number False Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number False Number of days to cache password security resources. The default lifetime is 30 days.
timeout number False Timeout interval (in seconds) for connecting to the AAA server.
name string False The name of the object.
partition string False The BIG-IP partition where the object should be placed.
subPath string False The BIG-IP partition where the object should be placed.
lsoDeviceReference reference False Reference to the device.
     name string False Device name. Typically, it is device’s hostname.
     machineId string False Machine ID of the device.
     link string False URI link for the reference.
isLsoShared boolean False Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference False Reference to the device group.
     name string False Name of the device group.
     link string False URI link for the reference.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
usePool string The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string Name of the Windows Domain.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string Administrator password that is associated with the administrator name.
groupCacheTtl number Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number Number of days to cache password security resources. The default lifetime is 30 days.
timeout number Timeout interval (in seconds) for connecting to the AAA server.
name string The name of the object.
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference Reference to the device.
     name string Device name. Typically, it is device’s hostname.
     machineId string Machine ID of the device.
     link string URI link for the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group.
     link string URI link for the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Trust_Discovery_Import No
Access_View No
Access_Edit No
Access_Manager No
Access_Deploy No

PATCH /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>

Request Parameters

Name Type Required Description
usePool string False The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string False Name of the Windows Domain.
pool string   For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string False IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects False List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string False Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string False Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string False Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string False Administrator password that is associated with the administrator name.
groupCacheTtl number False Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string False Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number False Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number False Number of days to cache password security resources. The default lifetime is 30 days.
timeout number False Timeout interval (in seconds) for connecting to the AAA server.
isLsoShared boolean False Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
usePool string The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string Name of the Windows Domain.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string Administrator password that is associated with the administrator name.
groupCacheTtl number Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number Number of days to cache password security resources. The default lifetime is 30 days.
timeout number Timeout interval (in seconds) for connecting to the AAA server.
name string The name of the object.
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference Reference to the device.
     name string Device name. Typically, it is device’s hostname.
     machineId string Machine ID of the device.
     link string URI link for the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group.
     link string URI link for the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Trust_Discovery_Import No
Access_View No
Access_Edit No
Access_Manager No
Access_Deploy No

DELETE /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>

Request Parameters

None

Query Parameters

None

Response

HTTP/1.1 200 OK

Name Type Description
usePool string The server connection that specifies the connections to the domain controllers that you want to provide for APM. Use Direct to specify one domain controller for APM to use to authenticate users. Use Pool to create a high availability configuration.
domain string Name of the Windows Domain.
pool string For the pool name, first create the pool and pool members. The LTM pool must be configured with the Active Directory server IPs as its pool members. Then, associate in this property.
domainController string IP Address or a fully qualified domain name (FQDN). Must be entered if Direct mode is selected.
domainControllers array_of_objects List of domain controllers in the pool that are required when UsePool is enabled. To add domain controllers to the pool, you needIP address and the fully qualified domain name. Add, edit, or delete the domain controllers. This needs to be synced with the pool and the pool members in LTM.
     ip string Valid IP address for the domain controllers configuration if UsePool is enabled.
     host string Valid hostname for the domain controllers configuration if UsePool is enabled.
adminName string Case-sensitive name for an administrator who has Active Directory administrative permissions.
adminEncryptedPassword string Administrator password that is associated with the administrator name.
groupCacheTtl number Number of days when the BIG-IP system should cache groups. When the lifetime elapses, APM clears the cache. Periodically clearing the cache prevents invalid groups from being retained. The default lifetime is 30 days.
padata string Select an encryption type. The default is None. If you specify an encryption type, the BIG-IP system includes Kerberos pre-authentication data with the first authentication service request (AS-REQ) packet.
kdcLockoutDuration number Whenever the Active Directory server fails to contact KDC in the BIG-IP device, the server adds the IP address into KDC down cache. The cache remembers the IP address that is unavailable for the amount of minutes that is configured using this attribute. This option should be used with caution and only when the KDC field is empty during the AAA AD server configuration. The default Value is 0.
psoCacheTtl number Number of days to cache password security resources. The default lifetime is 30 days.
timeout number Timeout interval (in seconds) for connecting to the AAA server.
name string The name of the object.
partition string The BIG-IP partition where the object should be placed.
subPath string The BIG-IP partition where the object should be placed.
lsoDeviceReference reference Reference to the device.
     name string Device name. Typically, it is device’s hostname.
     machineId string Machine ID of the device.
     link string URI link for the reference.
isLsoShared boolean Specifies if the location-specific object instance is shared across all devices. Use this only during POST. Warning: Do not flip this flag during PUT/PATCH operations.
deviceGroupReference reference Reference to the device group.
     name string Name of the device group.
     link string URI link for the reference.

Error Response

HTTP/1.1 400 Bad Request

This response status is related to error conditions. A detailed error message displays in the response.

HTTP/1.1 401 Unauthorized

This response happens when access is denied due to invalid credentials (no Permission).

Permissions

Role Allow
Trust_Discovery_Import No
Access_View No
Access_Edit No
Access_Manager No
Access_Deploy No

Examples

Get AAA Active Directory Server

GET /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>

Response

HTTP/1.1 200 OK
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    }
}

Create New AAA Active Directory Server

POST /mgmt/cm/access/working-config/apm/aaa/active-directory
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    }
}

Response

HTTP/1.1 200 OK
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    }
}

Edit AAA Active Directory Server

PUT /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    }
}

Response

HTTP/1.1 200 OK
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    }
}

Edit AAA Active Directory Server

PATCH /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "isLsoShared": false,
}

Response

HTTP/1.1 200 OK
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    }
}

Delete AAA Active Directory Server

DELETE /mgmt/cm/access/working-config/apm/aaa/active-directory/<id>

Response

HTTP/1.1 200 OK
{
    "usePool": "disabled",
    "domain": "something.something.com",
    "domainController": "something.something.com",
    "domainControllers": [{
        "ip": "1.1.1.18",
        "host": "host"
    }],
    "adminName": "admin",
    "adminEncryptedPassword": "admin",
    "groupCacheTtl": 30,
    "padata": "none",
    "kdcLockoutDuration": 0,
    "psoCacheTtl": 30,
    "timeout": 15,
    "name": "foo",
    "partition": "Common",
    "subPath": "/folder",
    "lsoDeviceReference": {
        "name": "bigip.foo.com",
        "machineId": "844cfd8a-4e03-48e9-ba94-bb21a4cb4634",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    },
    "isLsoShared": false,
    "deviceGroupReference": {
        "name": "dg",
        "link": "https://localhost/mgmt/shared/foo/bar/844cfd8a-4e03-48e9-ba94-bb21a4cb4634"
    }
}