Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
0
Helpful
2
Replies

Active Directory and Cisco Secure Access Integration

Go to solution
hadi123
Level 1
Level 1

‎12-19-2024 05:36 PM

Is there a way to integrate Active Directory (Child Domain) to Cisco Secure Access without any involving any Enterprise Account?
Our setup with Cisco Secure Access and Active Directory integration using domain and AD connector, when installing AD connector where ad is installed it requires user credentials for the ad connector to have a successful connection but the credentials used for ad connector is not a member of "Enterprise Read-Only Domain Controllers". I think that's why it's causing the error because the user used is not a member of "Enterprise Read-Only Domain Controllers". But when I try to add the user to that member, the status is connected.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ccieexpert
VIP
VIP

‎12-20-2024 10:27 AM

Hello

the requirements are documented here. you need to have read and replicating directory change permissions.. there is no way around it to get the user to ip mapping information.

https://docs.sse.cisco.com/sse-user-guide/docs/prerequisites-for-ad-connectors#:~:text=You%20must%20configure%20a%20server,.

Assign Read and Replicating Directory Changes permissions.
Alternatively, you can make the AD Connector account a member of the built-in Enterprise Read-only Domain Controllers group, which will automatically assign these permissions.


The AD Connector does an initial synchronization of the AD structure to Secure Access. After this, it detects changes to the AD structure and communicates these changes only. The detection of changes requires the Replicating Directory Changes permission. The AD Connector cannot function without this permission.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
ccieexpert
VIP
VIP

‎12-20-2024 10:27 AM

Hello

the requirements are documented here. you need to have read and replicating directory change permissions.. there is no way around it to get the user to ip mapping information.

https://docs.sse.cisco.com/sse-user-guide/docs/prerequisites-for-ad-connectors#:~:text=You%20must%20configure%20a%20server,.

Assign Read and Replicating Directory Changes permissions.
Alternatively, you can make the AD Connector account a member of the built-in Enterprise Read-only Domain Controllers group, which will automatically assign these permissions.


The AD Connector does an initial synchronization of the AD structure to Secure Access. After this, it detects changes to the AD structure and communicates these changes only. The detection of changes requires the Replicating Directory Changes permission. The AD Connector cannot function without this permission.

0 Helpful

Go to solution
hadi123
Level 1
Level 1
In response to ccieexpert

‎12-21-2024 06:18 AM

Noted and thank you

0 Helpful
Customers Also Viewed These Support Documents