System Administration > Configuration > Directory Service

Associated URIs:

API Description API Path

Scan the size of a directory domain


This call scans the size of a directory domain. It may be very | expensive to run this call in some AD domain deployments. Please | use it with caution.
POST /api/v1/directory/domain-size (Deprecated)

List all configured domains


GET /api/v1/directory/domains (Deprecated)

Create a directory domain


POST /api/v1/directory/domains (Deprecated)

Delete a specific domain with given identifier


DELETE /api/v1/directory/domains/{domain-id} (Deprecated)

Get a specific domain with given identifier


GET /api/v1/directory/domains/{domain-id} (Deprecated)

Invoke full sync or delta sync for a specific domain, with additional delay in seconds if needed. Stop sync will try to stop any pending sync if any to return to idle state.


POST /api/v1/directory/domains/{domain-id} (Deprecated)

Update a directory domain


Update to any field in the directory domain will trigger a full sync
PUT /api/v1/directory/domains/{domain-id} (Deprecated)

Search for directory groups within a domain based on the substring of a distinguished name. (e.g. CN=User,DC=acme,DC=com) The search filter pattern can optionally support multiple (up to 100 maximum) search pattern separated by '|' (url encoded %7C). In this case, the search results will be returned as the union of all matching criteria. (e.g. CN=Ann,CN=Users,DC=acme,DC=com|CN=Bob,CN=Users,DC=acme,DC=com)


GET /api/v1/directory/domains/{domain-id}/groups (Deprecated)

List members of a directory group


A member group could be either direct member of the group specified by group_id or nested member of it. Both direct member groups and nested member groups are returned.
GET /api/v1/directory/domains/{domain-id}/groups/{group-id}/member-groups (Deprecated)

List all configured domain LDAP servers


GET /api/v1/directory/domains/{domain-id}/ldap-servers (Deprecated)

Create a LDAP server for directory domain


More than one LDAP server can be created and only one LDAP server is used to synchronize directory objects. If more than one LDAP server is configured, NSX will try all the servers until it is able to successfully connect to one.
POST /api/v1/directory/domains/{domain-id}/ldap-servers (Deprecated)

Delete a LDAP server for directory domain


DELETE /api/v1/directory/domains/{domain-id}/ldap-servers/{server-id} (Deprecated)

Get a specific LDAP server for a given directory domain


GET /api/v1/directory/domains/{domain-id}/ldap-servers/{server-id} (Deprecated)

Test a LDAP server connection for directory domain


The API tests a LDAP server connection for an already configured domain. If the connection is successful, the response will be HTTP status 200. Otherwise the response will be HTTP status 500 and corresponding error message will be returned.
POST /api/v1/directory/domains/{domain-id}/ldap-servers/{server-id} (Deprecated)

Update a LDAP server for directory domain


PUT /api/v1/directory/domains/{domain-id}/ldap-servers/{server-id} (Deprecated)

Fetch all organization units for a Directory domain.


POST /api/v1/directory/domains/{domain-id}/org-units (Deprecated)

Get domain sync statistics for the given identifier


GET /api/v1/directory/domains/{domain-id}/sync-stats (Deprecated)

Test a directory domain LDAP server connectivity


This API tests a LDAP server connectivity before the actual domain or LDAP server is configured. If the connectivity is good, the response will be HTTP status 200. Otherwise the response will be HTTP status 500 and corresponding error message will be returned.
POST /api/v1/directory/ldap-server (Deprecated)

Fetch all organization units for a LDAP server.


POST /api/v1/directory/org-units (Deprecated)

Create a Event Log server for Firewall Identity store


More than one Event Log server can be created and only one event log
server is used to synchronize directory objects. If more
than one Event Log server is configured, NSX will try all the
servers until it is able to successfully connect to one.
PATCH /policy/api/v1/infra/firewall-identity-stores/{firewall-identity-store-id}/event-log-servers/{event-log-server-id}

Create a Event Log server for Firewall Identity store


More than one Event Log server can be created and only one event log
server is used to synchronize directory objects. If more
than one Event Log server is configured, NSX will try all the
servers until it is able to successfully connect to one.
PATCH /policy/api/v1/infra/identity-firewall-stores/{identity-firewall-store-id}/event-log-servers/{event-log-server-id}