Load balancing / proxying AD itself?

Question

I see iApp templates for ADFS but am having trouble figuring out if we can load balance / proxy AD itself.&nbsp;
A little background: We have a web-based application that authenticates users against AD, and its config screen requires you to specify a single AD server. If that AD server goes down then nobody can log in.&nbsp;
What we'd like to do is improve reliability by having a virtual server on our BIG-IP that points to a pool of AD servers instead.&nbsp;

kevin_stewart · Answer

Does the iApp also allow you to specify the domain name? Active Directory is pretty good at load balancing itself (and is recommended). If you can specify an AD domain instead of a DC server address, the system should perform a SRV DNS lookup to find the active/preferred DC.&nbsp;
Otherwise, if you know the ports you'll be using to talk to the AD (ex. 389, 636, etc.), you could create a VIP on that port, create a pool of AD servers and use an appropriate monitor, and point your iApp at that VIP. That said, you're relying on the (external) monitor to tell you the health of a domain controller - something that is usually better left the AD itself.&nbsp;

Forum Discussion

Load balancing / proxying AD itself?

1 Reply

ICYMI - Steve Wozniak at AppWorld 2026

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Partially reachabilty issues with VS in F5OS tenant

Forward proxy with SSL passthrough - SWG license required?

Need step-by-step guidance for migrating BIG-IP i2800 WAF to rSeries (UCS restore vs clean build)

Use F5 APM as Forward Proxy

LB Connection Limit Detection Method

Related Content

The State Of HTTP/2 Full Proxy With F5 LTM

Transparent Load Balancing in Azure

Proxy Protocol v2 Initiator

Secure and Harden Forward Proxies in NGINX Plus

Four Active/Active load balancing examples with F5 BIG-IP and Azure Load Balancer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS