Forum Discussion

Cirrostratus

Apr 16, 2013

Can't change AD password through APM

Hi! I'm having some problems with password change for expired AD passwords through APM. Running on APM+LTM 11.2.1 build 797. Using "AD Auth" in the access policies to authentica...

config

design

Kevin_Stewart

Employee

Aug 14, 2013

AD auth\query use Kerberos on the back side. I have observed that the AD AAA uses DC pool members like a SNAT pool, where one address is exhausted before moving to the next one. If this causes a problem on the DC, the AAA will mark the IP as offline for several minutes. A "best practice" solution is to select Direct in the AD AAA configuration, add the Domain Name in uppercase, and the admin account/password. AD will natively load balance itself and return the best DC for the job in an SRV query response.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Can't change AD password through APM

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

[ASM] - How to disable the SQL injection attack signatures

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

APM Customization: Password Change Validation

Password Safety & Security: Passwords vs. Passphrases

F5 App Study Tool with passwords stored in Vault

Automate scp transfers using password

Authentication issue when changing password

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS