AD DC's behind F5....

Just to bolt on here...we use the LTM to load-balance AD LDAP queries and haven't had any problems - and there shouldn't be, as AD LDAP is just another service from the LTM's perspective, just like HTTP, or anything else. We have no special settings - just a VIP, Pool, and a LDAP monitor applied to the pool. We have configured the Monitor to bind with AD. This is all standard stuff. Whether or not you need SNAT depends on where the DCs reside in your IP network space relative to the LTM. Although this is not technically accurate (I'm not a network guy), they way I like to describe this is if the DC's are in an IP network which is routed by the LTM, you do not need SNAT. The LTM maintains a connection table in memory with each client TCP connection - it's this connection table in memory that ensures data is sent back to the right client connection. You can view the connection table using the "bigpipe connection", or "b conn" for short (also see "b conn help").