APM AD Query Branch Rules

Question

Hi,&nbsp;
We're attempting to setup APM AD query branch rules using OU.&nbsp;
Our details looks like this (sanitized a little): 
CN=username,OU=IT,OU=Departments,OU=Office,DC=domain,DC=com&nbsp;
The default string provided is: CN=MY_GROUP, CN=Users, DC=MY_DOMAIN&nbsp;
Is there an issue with using OUs? As we can't seem to get it to work. Also we've created the AAA AD server object and supplied it with credentials. However, is there anyway to actually verify this piece is working standalone? &nbsp;

michael_jenkins · Answer

A couple things to check
In your AD Query, are you specifying which attributes you want, or leaving it default (which gets all of them).I'd open AD Users and computers and open the group object and copy the DN from there to paste into the branch rule just to make sure there's no typos or anything.you show CN=username. This is for checking group membership for a user right?

amit_karnik · Answer

I had a similar issue with AD query. I switched to LDAP query object and it worked. I never ended up investigating why AD query did not work.&nbsp;
If you do want to test AD independently you could use the adtest tool. See the following solution article:
https://support.f5.com/kb/en-us/solutions/public/11000/300/sol11308.html?sr=43691247&nbsp;
In many cases I have relied on Wireshark traces to solve what is not working. &nbsp;
Best.&nbsp;

Forum Discussion

APM AD Query Branch Rules

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Landing URI Branch Rule

F5 Distributed Cloud Origin Server Subset Rules

Query All Rules

Pool downtime query

iRule Processing query

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS