Associated URIs:

API Description	API Path
Scan the size of a directory domain This call scans the size of a directory domain. It may be very \| expensive to run this call in some AD domain deployments. Please \| use it with caution.	POST /api/v1/directory/domain-size (Deprecated)
List all configured domains	GET /api/v1/directory/domains (Deprecated)
Create a directory domain	POST /api/v1/directory/domains (Deprecated)
Delete a specific domain with given identifier	DELETE /api/v1/directory/domains/<domain-id> (Deprecated)
Get a specific domain with given identifier	GET /api/v1/directory/domains/<domain-id> (Deprecated)
Invoke full sync or delta sync for a specific domain, with additional delay in seconds if needed. Stop sync will try to stop any pending sync if any to return to idle state.	POST /api/v1/directory/domains/<domain-id> (Deprecated)
Update a directory domain Update to any field in the directory domain will trigger a full sync	PUT /api/v1/directory/domains/<domain-id> (Deprecated)
Search for directory groups within a domain based on the substring of a distinguished name. (e.g. CN=User,DC=acme,DC=com) The search filter pattern can optionally support multiple (up to 100 maximum) search pattern separated by '\|' (url encoded %7C). In this case, the search results will be returned as the union of all matching criteria. (e.g. CN=Ann,CN=Users,DC=acme,DC=com\|CN=Bob,CN=Users,DC=acme,DC=com)	GET /api/v1/directory/domains/<domain-id>/groups (Deprecated)
List members of a directory group A member group could be either direct member of the group specified by group_id or nested member of it. Both direct member groups and nested member groups are returned.	GET /api/v1/directory/domains/<domain-id>/groups/<group-id>/member-groups (Deprecated)
List all configured domain LDAP servers	GET /api/v1/directory/domains/<domain-id>/ldap-servers (Deprecated)
Create a LDAP server for directory domain More than one LDAP server can be created and only one LDAP server is used to synchronize directory objects. If more than one LDAP server is configured, NSX will try all the servers until it is able to successfully connect to one.	POST /api/v1/directory/domains/<domain-id>/ldap-servers (Deprecated)
Delete a LDAP server for directory domain	DELETE /api/v1/directory/domains/<domain-id>/ldap-servers/<server-id> (Deprecated)
Get a specific LDAP server for a given directory domain	GET /api/v1/directory/domains/<domain-id>/ldap-servers/<server-id> (Deprecated)
Test a LDAP server connection for directory domain The API tests a LDAP server connection for an already configured domain. If the connection is successful, the response will be HTTP status 200. Otherwise the response will be HTTP status 500 and corresponding error message will be returned.	POST /api/v1/directory/domains/<domain-id>/ldap-servers/<server-id> (Deprecated)
Update a LDAP server for directory domain	PUT /api/v1/directory/domains/<domain-id>/ldap-servers/<server-id> (Deprecated)
Fetch all organization units for a Directory domain.	POST /api/v1/directory/domains/<domain-id>/org-units (Deprecated)
Get domain sync statistics for the given identifier	GET /api/v1/directory/domains/<domain-id>/sync-stats (Deprecated)
Test a directory domain LDAP server connectivity This API tests a LDAP server connectivity before the actual domain or LDAP server is configured. If the connectivity is good, the response will be HTTP status 200. Otherwise the response will be HTTP status 500 and corresponding error message will be returned.	POST /api/v1/directory/ldap-server (Deprecated)
Fetch all organization units for a LDAP server.	POST /api/v1/directory/org-units (Deprecated)
Create a Event Log server for Firewall Identity store More than one Event Log server can be created and only one event log server is used to synchronize directory objects. If more than one Event Log server is configured, NSX will try all the servers until it is able to successfully connect to one.	PATCH /policy/api/v1/infra/firewall-identity-stores/<firewall-identity-store-id>/event-log-servers/<event-log-server-id>
Create a Event Log server for Firewall Identity store More than one Event Log server can be created and only one event log server is used to synchronize directory objects. If more than one Event Log server is configured, NSX will try all the servers until it is able to successfully connect to one.	PATCH /policy/api/v1/infra/identity-firewall-stores/<identity-firewall-store-id>/event-log-servers/<event-log-server-id>

System Administration > Configuration > Directory Service

Associated URIs:

Scan the size of a directory domain

List all configured domains

Create a directory domain

Delete a specific domain with given identifier

Get a specific domain with given identifier

Invoke full sync or delta sync for a specific domain, with additional delay in seconds if needed. Stop sync will try to stop any pending sync if any to return to idle state.

Update a directory domain

List members of a directory group

List all configured domain LDAP servers

Create a LDAP server for directory domain

Delete a LDAP server for directory domain

Get a specific LDAP server for a given directory domain

Test a LDAP server connection for directory domain

Update a LDAP server for directory domain

Fetch all organization units for a Directory domain.

Get domain sync statistics for the given identifier

Test a directory domain LDAP server connectivity

Fetch all organization units for a LDAP server.

Create a Event Log server for Firewall Identity store

Create a Event Log server for Firewall Identity store