Active Directory API Endpoints¶
The IIS server currently hosts a REST service that can used for dynamic configuration of the Microsoft Environment for use in solution and lab deployment
HTTP Listener 10.1.20.6:81
HTTPS Listener 10.1.20.6:8443
user accounts¶
The user accounts API allows you to interact with Active Directory user accounts.
ENDPOINT - /user¶
METHOD - GET
Returns the following user attributes
sAMAccountName
DistinguishedName
Name
GivenName
Surname
UserPrincipalName
EmployeeNumber
mail
UserAccountControl
memberOf
Example Request
http://10.1.20.6:81/user?username=user2
Example Response
{
"sAMAccountName": "user2",
"DistinguishedName": "CN=user2,OU=Product Development,DC=f5lab,DC=local",
"Name": "user2",
"GivenName": "Road",
"Surname": "Runner",
"UserPrincipalName": "user2@f5lab.local",
"employeeNumber": null,
"mail": "runner@acme.com",
"userAccountControl": 66048,
"memberOf": [
"CN=CreateUser,OU=IT,DC=f5lab,DC=local",
"CN=Product Management,CN=Users,DC=f5lab,DC=local",
"CN=Domain Admins,CN=Users,DC=f5lab,DC=local"
]
}
METHOD - POST
The following attributes can used when creating a user account
username(sAMAccountName)
DistinguishedName
Name
Surname
Givenname
UserPrincipalName
EmployeeNumber
UserAccountControl
memberOf
password
email
app_spn(For use with kerberos delegation accounts)
Example Request
http://10.1.20.6:81/user
Request Body
{
"Username":"POST_API",
"employeeNumber":"100",
"GivenName":"post",
"Surname": "api",
"UserPrincipalName":"12890@f5lab.local",
"OU":"IT",
"Password":"letmein",
"email":"postapi@acme.com"
"app_spn": "HTTP/testapp.acme.com"
}
Example Response
{
"sAMAccountName": "POST_API",
"employeeNumber": "100",
"userAccountControl": 66048
}
METHOD - DELETE
Removed the user account from Active Directory.
useridentity(saMAccountName)
Example Request
http://10.1.20.6:81/user
Example Body
{
"Username":"POST_API"
}
Example Response
{
"status": "Success",
"username": "POST_API"
}
METHOD - PATCH
Allows modification of a user account with a single request.
This request requires a rtype key to identity the type of request the API is receiving.
The rtype key supports the following values
attribute
password
unlock
Attribute Modification
The attribute key supports the following attributes to be modified
employeeNumber
Example Request
http://10.1.20.6:81/user
Request Body
{
"rtype": "attribute",
"username": "POST_API",
"employeeNumber": "123456789"
}
Example Response
{
"sAMAccountName": "POST_API",
"employeeNumber": "123456"
}
Password Change
Example Request
http://10.1.20.6:81/user
Request Body
{
"rtype": "password",
"username": "POST_API",
"password": "123"
}
Example Response
{
"sAMAccountName": "POST_API"
}
Account Unlock
Example Request
http://10.1.20.6:81/user
Request Body
{
"rtype": "unlock",
"username": "POST_API"
}
Example Response
{
"sAMAccountName": "POST_API",
"Enabled": true
}
certificates¶
The certificates API retrieves the certificate associated with the specified user account
IP Addresses¶
ENDPOINT - /addr/scope-status¶
METHOD - GET
The scope status endpoint returns all IP address assignment associated with scope specified in the request.
The following scopes are supported
10.1.10.96 (BIGIP1_SCOPE)
10.1.10.192 (BIGIP2_SCOPE)
10.1.20.32 (IIS_SCOPE)
Example Request
http://10.1.20.6:81/addr/scope-status?scope=10.1.10.96
ENDPOINT - /addr/available¶
METHOD - GET
The available endpoint returns the next available address for the scope specified in the request
Example Request
http://10.1.20.6:81/addr/available?scope=10.1.10.96
Example Response
{
"address": "10.1.10.102"
}
ENDPOINT - /addr/checkout¶
METHOD - POST
Example Request
http://10.1.20.6:81/addr/checkout
Example Request
{
"scope":"10.1.10.96",
"address":"10.1.10.103",
"name":"testvs"
}
Example Response
{
"status": "Success",
"address": "10.1.10.103",
"name": "testvs"
}
ENDPOINT - /addr/checkin¶
METHOD - DELETE
Example Request
https://10.1.20.6:81/addr/checkin?address=10.1.10.103
Example Response
{
"status": "Success",
"address": "10.1.10.103"
}
DNS¶
ENDPOINT - /dns¶
The DNS endpoint allows the creation and deletion of A and PTR records
METHOD - POST
Example Request
https://10.1.20.6:81/dns
Example Body
{
"record_type":"a",
"fqdn":"app.acme.com",
"computer_ip":"10.1.10.35"
}
Example Rsopnose
{
"status": "Success",
"record_type": "A",
"hostname": "testapp",
"zone": "acme.com",
"computer_ip": "10.1.20.35"
}
METHOD - DELETE
Example Request
https://10.1.20.6:81/dns
Example Body
{
"record_type":"a",
"fqdn":"{{DNS1_NAME}}",
"computer_ip":"{{IIS_ADDRESS1}}"
}
Example Response
{
"status": "Success",
"record_type": "A",
"hostname": "testapp",
"zone": "acme.com",
"computer_ip": "10.1.20.35"
}
Websites¶
The websites API allows dynamic creation and deletion of websites.
ENDPOINT - /websites¶
METHOD - POST
The POST method creates websites on the IIS server based on templates located in the access-infra repo. To view examples of those site click the link below. The following authentication methods are supported
none
Basic
kerberos
saml (template 1 only)
Template 2 supports the customization of background colors using a customization key. The following colors are supported.
red
green
blue
white
Example Request
https://10.1.20.6:81/websites
Example Body
{
"site_name":"site.acme.com",
"http_port":"80",
"https_port":"443",
"computer_ip":"10.1.20.33",
"template_number": "2",
"authentication": "none",
"customization": {
"background": "green"
}
}
METHOD - DELETE
Example Request
https://10.1.20.6:81/websites
Example Body
{
"site_name":"site.acme.com"
}
Example Resonse
{
"status": "Success",
"site_name": "testapp.acme.com"
}
Desktop¶
ENDPOINT - /desktop¶
The Desktop API copied files from the student_files folder located in specified lab or solution folder to the users desktop
METHOD - POST
Example Request
https://10.1.20.6:81/desktop
Example Body
{
"repo":"labs",
"number":"3",
"user": "user1"
}
Example Response
{
"status": "Success",
"repo": "labs",
"number": "3",
"user": "user1"
}
METHOD - DELETE
Example Request
https://10.1.20.6:81/desktop
Example Body
{
"repo":"labs",
"number":"3",
"user": "user1"
}
Example Response
{
"status": "Success",
"repo": "labs",
"number": "3",
"user": "user1"
}
COMPUTER¶
ENDPOINT - /computer¶
The computer endpoint assigned Service Principal names to the Active Directory computer account
METHOD - POST
Example Request
https://10.1.20.6:81/computer
Example Body
{
"computer":"IIS",
"spn":"HTTP/app.acme.com"
}
Example Response
{
"status": "Success",
"computer": "IIS",
"spn": "HTTP/app.acme.com"
}
METHOD - DELETE
Example Request
https://10.1.20.6:81/computer
Example Body
{
"computer":"IIS",
"spn":"HTTP/app.acme.com"
}
Example Response
{
"status": "Success",
"computer": "IIS",
"spn": "HTTP/app.acme.com"
}